Dostal se nam do pocitace Facebook vir a smazalo se AVG, nejde znova nainstalovat. Jak mam postupovat?
Dekuji za odpoved.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Facebook vir
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: Facebook vir
Dobrý den 
Příště vkládejte RSIT ( http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 )
Stáhněte program RogueKiller
Příště vkládejte RSIT ( http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 )
Stáhněte program RogueKiller
- Spuste program
- Stiskněte klávesu 2 a enter
- Objeví se vám log a ten sem vložte
- Stějně tak opakujte s volbou 3 a 4 a vložte logy
Napiš mi: chodnik74@gmail.com nebo 
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| 
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. 
Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni 
Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
-
Kanec12345
- Návštěvník
- Příspěvky: 3
- Registrován: 30 říj 2011 12:45
Re: Facebook vir
RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Uživatel [Admin rights]
Mode: Remove -- Date : 10/30/2011 12:56:01
Bad processes: 4
[SERVICE] srvbtcclient -- C:\WINDOWS\update.5.0\svchost.exe srv -> STOPPED
[SERVICE] srviecheck -- C:\WINDOWS\update.2\svchost.exe srv -> STOPPED
[SERVICE] srvsysdriver32 -- C:\WINDOWS\sysdriver32.exe srv -> STOPPED
[SERVICE] wxpdrivers -- C:\WINDOWS\update.1\svchost.exe srv -> STOPPED
Registry Entries: 21
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico0 (C:\WINDOWS\update.tray-12-0\svchost.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico1 (C:\WINDOWS\update.tray-14-0\svchost.exe) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\WINDOWS\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\WINDOWS\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\WINDOWS\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\WINDOWS\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\WINDOWS\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\WINDOWS\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVBTCCLIENT () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVIECHECK () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVSYSDRIVER32 () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_WXPDRIVERS () -> DELETED
[SUSP PATH] iMeshNAG.job : C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\iMesh_setup.exe -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()
Particular Files / Folders:
Driver: [LOADED]
SSDT[241] : NtSetSystemPowerState @ 0x806700E7 -> HOOKED (Vax347b.sys @ 0xF744C4F0)
SSDT[177] : NtQueryValueKey @ 0x80572F19 -> HOOKED (Vax347b.sys @ 0xF744CCA6)
SSDT[160] : NtQueryKey @ 0x8057EC02 -> HOOKED (Vax347b.sys @ 0xF744151E)
SSDT[119] : NtOpenKey @ 0x80572BDF -> HOOKED (Vax347b.sys @ 0xF744CBD4)
SSDT[73] : NtEnumerateValueKey @ 0x80590232 -> HOOKED (Vax347b.sys @ 0xF744CD50)
SSDT[71] : NtEnumerateKey @ 0x8057F002 -> HOOKED (Vax347b.sys @ 0xF74414FE)
SSDT[45] : NtCreatePagingFile @ 0x805CB7B5 -> HOOKED (Vax347b.sys @ 0xF7440C70)
SSDT[41] : NtCreateKey @ 0x80578AB4 -> HOOKED (Vax347b.sys @ 0xF744CC10)
SSDT[25] : NtClose @ 0x8056F8D7 -> HOOKED (Vax347b.sys @ 0xF744CC58)
HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Uživatel [Admin rights]
Mode: HOSTSFix -- Date : 10/30/2011 12:57:18
Bad processes: 0
Driver: [LOADED]
HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Uživatel [Admin rights]
Mode: HOSTSFix -- Date : 10/30/2011 12:58:09
Bad processes: 0
Driver: [LOADED]
HOSTS File:
127.0.0.1 localhost
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Uživatel [Admin rights]
Mode: Remove -- Date : 10/30/2011 12:56:01
Bad processes: 4
[SERVICE] srvbtcclient -- C:\WINDOWS\update.5.0\svchost.exe srv -> STOPPED
[SERVICE] srviecheck -- C:\WINDOWS\update.2\svchost.exe srv -> STOPPED
[SERVICE] srvsysdriver32 -- C:\WINDOWS\sysdriver32.exe srv -> STOPPED
[SERVICE] wxpdrivers -- C:\WINDOWS\update.1\svchost.exe srv -> STOPPED
Registry Entries: 21
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico0 (C:\WINDOWS\update.tray-12-0\svchost.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico1 (C:\WINDOWS\update.tray-14-0\svchost.exe) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\WINDOWS\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\WINDOWS\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\WINDOWS\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\WINDOWS\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\WINDOWS\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\WINDOWS\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVBTCCLIENT () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVIECHECK () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVSYSDRIVER32 () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_WXPDRIVERS () -> DELETED
[SUSP PATH] iMeshNAG.job : C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\iMesh_setup.exe -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()
Particular Files / Folders:
Driver: [LOADED]
SSDT[241] : NtSetSystemPowerState @ 0x806700E7 -> HOOKED (Vax347b.sys @ 0xF744C4F0)
SSDT[177] : NtQueryValueKey @ 0x80572F19 -> HOOKED (Vax347b.sys @ 0xF744CCA6)
SSDT[160] : NtQueryKey @ 0x8057EC02 -> HOOKED (Vax347b.sys @ 0xF744151E)
SSDT[119] : NtOpenKey @ 0x80572BDF -> HOOKED (Vax347b.sys @ 0xF744CBD4)
SSDT[73] : NtEnumerateValueKey @ 0x80590232 -> HOOKED (Vax347b.sys @ 0xF744CD50)
SSDT[71] : NtEnumerateKey @ 0x8057F002 -> HOOKED (Vax347b.sys @ 0xF74414FE)
SSDT[45] : NtCreatePagingFile @ 0x805CB7B5 -> HOOKED (Vax347b.sys @ 0xF7440C70)
SSDT[41] : NtCreateKey @ 0x80578AB4 -> HOOKED (Vax347b.sys @ 0xF744CC10)
SSDT[25] : NtClose @ 0x8056F8D7 -> HOOKED (Vax347b.sys @ 0xF744CC58)
HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Uživatel [Admin rights]
Mode: HOSTSFix -- Date : 10/30/2011 12:57:18
Bad processes: 0
Driver: [LOADED]
HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Uživatel [Admin rights]
Mode: HOSTSFix -- Date : 10/30/2011 12:58:09
Bad processes: 0
Driver: [LOADED]
HOSTS File:
127.0.0.1 localhost
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: Facebook vir
Super.. pokračujeme...
Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!
Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!
- Stáhneme si Combofix
- Program uložíme nejlépe na Plochu
- Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
- Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
- Spustíme Combofix.exe s administrátorským oprávněním
U Windows XP se přihlásíme pod účtem správce
Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,) - Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
- Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
- Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
- Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
- Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
- (Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )
Napiš mi: chodnik74@gmail.com nebo
>RSIT<>MBAM<>VirusTotal
Doporučuji: |
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
-
Kanec12345
- Návštěvník
- Příspěvky: 3
- Registrován: 30 říj 2011 12:45
Re: Facebook vir
ComboFix 11-10-30.02 - Uživatel 30.10.2011 13:11:02.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2755 [GMT 1:00]
Spuštěný z: d:\tomas\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\UIVATE~1\LOCALS~1\Temp\8680409.exe
C:\test.txt
c:\windows\btc_client_iplist.txt
c:\windows\ehome\medctrro.exe
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\iun6002.exe
c:\windows\loader2.exe_ok
c:\windows\msmqinst.log
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\d3d9caps.dat
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\wiaservim.log
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 11:51 . 2011-10-30 12:02 -------- d-----w- C:\rsit
2011-10-30 11:51 . 2011-10-30 11:51 -------- d-----w- c:\program files\trend micro
2011-10-30 11:42 . 2011-10-30 11:58 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-30 11:34 . 2011-10-30 11:34 -------- d--h--w- c:\windows\update.tray-14-0
2011-10-30 11:34 . 2011-10-30 11:34 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-10-30 11:32 . 2011-10-30 11:34 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-30 11:22 . 2011-10-30 11:22 -------- d-----w- c:\windows\ufa
2011-10-30 10:19 . 2011-10-30 10:19 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\AVG Secure Search
2011-10-30 09:54 . 2011-10-30 11:22 246272 ----a-w- c:\windows\unrar.exe
2011-10-30 09:52 . 2011-10-30 11:36 -------- d-----w- c:\windows\av_ico
2011-10-30 09:50 . 2011-10-30 09:50 -------- d--h--w- c:\windows\update.tray-12-0
2011-10-30 09:50 . 2011-10-30 09:50 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-10-27 08:20 . 2011-10-27 08:20 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\Chromium
2011-10-27 08:10 . 2011-10-27 08:10 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\searchquband
2011-10-27 07:40 . 2011-10-27 07:40 -------- d-----w- c:\program files\Microsoft.NET
2011-10-22 14:49 . 2011-10-22 14:49 -------- d-----w- c:\program files\Dostihy 3000 Deluxe
2011-10-02 20:14 . 2011-10-02 20:14 -------- d-----w- c:\program files\SystemRequirementsLab
2011-10-02 20:14 . 2011-10-02 20:14 -------- d-----w- c:\documents and settings\Uživatel\SystemRequirementsLab
2011-09-30 13:23 . 2011-09-30 13:23 -------- d-----w- c:\documents and settings\Uivatel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2007-10-09 11:03 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-18 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-08-18 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-13 05:30 . 2011-01-19 02:32 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12 . 2004-08-18 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-08 14:57 . 2011-09-08 14:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 14:10 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-23 19:10 . 2008-12-24 18:23 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-23 19:10 . 2009-02-21 07:11 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-23 19:10 . 2008-12-24 18:22 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-17 21:25 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:25 . 2004-08-18 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:25 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:25 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 13:49 . 2004-08-18 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2004-08-18 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-08-17 10:31 . 2008-12-24 18:22 189496 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-08-12 11:51 . 2008-12-01 23:10 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-08-08 05:08 . 2011-03-01 12:25 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 17:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2011-01-16 742944]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-05-04 14:05 311296 ----a-r- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
2011-09-27 17:10 1700752 ----a-w- c:\progra~1\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2008-07-22 11:34 2772992 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-12-24 20:09 306088 ----a-w- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-05-07 07:39 16862208 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2008-12-02 12:07 2957824 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-09-10 19:14 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-02 10:43 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 03:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-17 15:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico0]
2011-10-30 09:39 1109504 ---h--w- c:\windows\update.tray-12-0\svchost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"d:\\Hry\\Assassins Creed\\AssassinsCreed_Dx9.exe"=
"d:\\Hry\\Assassins Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Hry\\Assassins Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Hry\\FlatOut2\\flatout2.exe"=
"d:\\Hry\\Call of Duty 5\\CoDWaW_LANFixed.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Chess\\Fritz\\ChessProgram8.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Hry\\Stronghold 2\\Stronghold2.exe"=
"d:\\Hry\\Call of Duty 4\\iw3mp.exe"=
"d:\\Hry\\Crysis\\Bin32\\Crysis.exe"=
"d:\\Hry\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"d:\\Hry\\Left 4 Dead\\hl2.exe"=
"d:\\Hry\\Left 4 Dead\\left4dead.exe"=
"d:\\Hry\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Hry\\Trackmania\\TmForever.exe"=
"d:\\Hry\\The Lord of the Rings-Conquest\\Conquest.exe"=
"d:\\Hry\\Call of Duty 5\\CoDWaW.exe"=
"d:\\Hry\\Call of Duty 5\\CoDWaWmp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"d:\\Hry\\Assassins Creed 2\\AssassinsCreedIIGame.exe"=
"d:\\Hry\\Assassins Creed 2\\AssassinsCreedII.exe"=
"d:\\Hry\\Assassins Creed 2\\UPlayBrowser.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"d:\\Hry\\Battle of the middle earth II\\game.dat"=
"c:\\Iso\\THAW\\Game\\THAW.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4mp.dat"=
"c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4sp.exe"=
"d:\\Hry\\Prince of Persia Zapomenuté písky\\Prince of Persia.exe"=
"d:\\Hry\\Prince of Persia Zapomenuté písky\\GameSettings.exe"=
"d:\\Hry\\Prince of Persia Zapomenuté písky\\gu.exe"=
"d:\\Hry\\Prince of Persia Zapomenuté písky\\UPlayBrowser.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\Hry\\Assassins Creed Brotherhood\\ACBMP.exe"=
"d:\\Hry\\Assassins Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"d:\\Hry\\Assassins Creed Brotherhood\\UPlayBrowser.exe"=
"d:\\Hry\\Crysis 2\\bin32\\Crysis2.exe"=
"d:\\Hry\\Gta 4\\Grand Theft Auto IV\\GTAIV.exe"=
"d:\\Hry\\Gta 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"d:\\Hry\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Hry\\Guitar Hero World Tour\\GHWT.exe"=
"d:\\Hry\\Opration flash point red river\\RedRiver.exe"=
"d:\\Hry\\Opration flash point red river\\RedRiverLauncher.exe"=
"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"d:\\Hry\\FIFA 12\\Game\\fifa.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\stronghold3\\bin\\win32_release\\Stronghold3.exe"=
"c:\\WINDOWS\\update.tray-12-0\\svchost.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.2.2011 7:13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19.1.2011 3:32 32592]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [24.12.2008 19:10 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [24.12.2008 19:10 5248]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 5:41 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.2.2011 6:54 295248]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2.12.2008 13:07 138752]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.12.2008 18:22 247096]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [15.7.2007 3:37 27992]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30.3.2011 16:17 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.2.2011 6:53 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.2.2011 6:53 16720]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [30.10.2011 12:42 111872]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG2012\AVGIDSAgent.exe" --> c:\program files\AVG\AVG2012\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG2012\avgwdsvc.exe" --> c:\program files\AVG\AVG2012\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate1c9d700853e326c;Služba Google Update (gupdate1c9d700853e326c);c:\program files\Google\Update\GoogleUpdate.exe [17.5.2009 16:02 133104]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 cpuz130;cpuz130; [x]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [21.1.2010 20:41 13224]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [17.5.2009 16:02 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - TRUESIGHT
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 13:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-10-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-17 15:41]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:02]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:02]
.
2011-10-30 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-02-01 17:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://home.sweetim.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 10.0.0.138
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
Toolbar-10 - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
MSConfigStartUp-6434735 - c:\windows\TEMP\6434735.exe
MSConfigStartUp-6709206 - c:\windows\TEMP\6709206.exe
MSConfigStartUp-8680409 - c:\docume~1\UIVATE~1\LOCALS~1\Temp\8680409.exe
MSConfigStartUp-9690240 - c:\windows\TEMP\9690240.exe
MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-sysdriver32 - c:\windows\sysdriver32.exe
MSConfigStartUp-sysdriver32_ - c:\windows\sysdriver32_.exe
MSConfigStartUp-wxpdrv - c:\windows\services32.exe
AddRemove-AVG - c:\program files\AVG\AVG10\avgmfapx.exe
AddRemove-Rosso Rabbit in Trouble DEMO - d:\hry\Rosso Rabbit in Trouble DEMO\Uninstall\UNWISE.EXE
AddRemove-Santa Claus in trouble ...again! - Demo - d:\hry\Santa Claus in trouble ...again! - Demo\Uninstall\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-30 13:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-1957994488-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:11,3d,9a,08,81,c1,bd,a6,5b,ff,b4,60,0d,b8,55,47,fb,e0,f3,d5,1b,
75,bc,8c,a1,ee,07,07,ff,87,a3,13,ad,aa,7c,ab,46,ae,9a,85,22,47,f7,82,81,5f,\
"rkeysecu"=hex:27,0f,5f,4a,26,2c,fa,db,85,0f,8a,c1,56,58,be,3c
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\4&de4d8cf&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):88,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,03,00,00,00,00,01,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,03,00,00,
00,01,01,11,00,60,00,00,00,00,00,00,00,01,00,00,00,01,01,11,00,64,00,00,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2011-10-30 13:18:20
ComboFix-quarantined-files.txt 2011-10-30 12:18
.
Před spuštěním: Volných bajtů: 94 108 979 200
Po spuštění: Volných bajtů: 99 649 089 536
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 895BF9E3B4EADA08D4C9A276D38843D6
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2755 [GMT 1:00]
Spuštěný z: d:\tomas\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\UIVATE~1\LOCALS~1\Temp\8680409.exe
C:\test.txt
c:\windows\btc_client_iplist.txt
c:\windows\ehome\medctrro.exe
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\iun6002.exe
c:\windows\loader2.exe_ok
c:\windows\msmqinst.log
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\d3d9caps.dat
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\wiaservim.log
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 11:51 . 2011-10-30 12:02 -------- d-----w- C:\rsit
2011-10-30 11:51 . 2011-10-30 11:51 -------- d-----w- c:\program files\trend micro
2011-10-30 11:42 . 2011-10-30 11:58 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-30 11:34 . 2011-10-30 11:34 -------- d--h--w- c:\windows\update.tray-14-0
2011-10-30 11:34 . 2011-10-30 11:34 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-10-30 11:32 . 2011-10-30 11:34 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-30 11:22 . 2011-10-30 11:22 -------- d-----w- c:\windows\ufa
2011-10-30 10:19 . 2011-10-30 10:19 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\AVG Secure Search
2011-10-30 09:54 . 2011-10-30 11:22 246272 ----a-w- c:\windows\unrar.exe
2011-10-30 09:52 . 2011-10-30 11:36 -------- d-----w- c:\windows\av_ico
2011-10-30 09:50 . 2011-10-30 09:50 -------- d--h--w- c:\windows\update.tray-12-0
2011-10-30 09:50 . 2011-10-30 09:50 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-10-27 08:20 . 2011-10-27 08:20 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\Chromium
2011-10-27 08:10 . 2011-10-27 08:10 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\searchquband
2011-10-27 07:40 . 2011-10-27 07:40 -------- d-----w- c:\program files\Microsoft.NET
2011-10-22 14:49 . 2011-10-22 14:49 -------- d-----w- c:\program files\Dostihy 3000 Deluxe
2011-10-02 20:14 . 2011-10-02 20:14 -------- d-----w- c:\program files\SystemRequirementsLab
2011-10-02 20:14 . 2011-10-02 20:14 -------- d-----w- c:\documents and settings\Uživatel\SystemRequirementsLab
2011-09-30 13:23 . 2011-09-30 13:23 -------- d-----w- c:\documents and settings\Uivatel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2007-10-09 11:03 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-18 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-08-18 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-13 05:30 . 2011-01-19 02:32 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12 . 2004-08-18 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-08 14:57 . 2011-09-08 14:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 14:10 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-23 19:10 . 2008-12-24 18:23 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-23 19:10 . 2009-02-21 07:11 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-23 19:10 . 2008-12-24 18:22 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-17 21:25 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:25 . 2004-08-18 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:25 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:25 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 13:49 . 2004-08-18 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2004-08-18 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-08-17 10:31 . 2008-12-24 18:22 189496 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-08-12 11:51 . 2008-12-01 23:10 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-08-08 05:08 . 2011-03-01 12:25 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 17:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2011-01-16 742944]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-05-04 14:05 311296 ----a-r- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
2011-09-27 17:10 1700752 ----a-w- c:\progra~1\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2008-07-22 11:34 2772992 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-12-24 20:09 306088 ----a-w- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-05-07 07:39 16862208 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2008-12-02 12:07 2957824 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-09-10 19:14 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-02 10:43 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 03:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-17 15:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico0]
2011-10-30 09:39 1109504 ---h--w- c:\windows\update.tray-12-0\svchost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"d:\\Hry\\Assassins Creed\\AssassinsCreed_Dx9.exe"=
"d:\\Hry\\Assassins Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Hry\\Assassins Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Hry\\FlatOut2\\flatout2.exe"=
"d:\\Hry\\Call of Duty 5\\CoDWaW_LANFixed.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Chess\\Fritz\\ChessProgram8.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Hry\\Stronghold 2\\Stronghold2.exe"=
"d:\\Hry\\Call of Duty 4\\iw3mp.exe"=
"d:\\Hry\\Crysis\\Bin32\\Crysis.exe"=
"d:\\Hry\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"d:\\Hry\\Left 4 Dead\\hl2.exe"=
"d:\\Hry\\Left 4 Dead\\left4dead.exe"=
"d:\\Hry\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Hry\\Trackmania\\TmForever.exe"=
"d:\\Hry\\The Lord of the Rings-Conquest\\Conquest.exe"=
"d:\\Hry\\Call of Duty 5\\CoDWaW.exe"=
"d:\\Hry\\Call of Duty 5\\CoDWaWmp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"d:\\Hry\\Assassins Creed 2\\AssassinsCreedIIGame.exe"=
"d:\\Hry\\Assassins Creed 2\\AssassinsCreedII.exe"=
"d:\\Hry\\Assassins Creed 2\\UPlayBrowser.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"d:\\Hry\\Battle of the middle earth II\\game.dat"=
"c:\\Iso\\THAW\\Game\\THAW.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4mp.dat"=
"c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4sp.exe"=
"d:\\Hry\\Prince of Persia Zapomenuté písky\\Prince of Persia.exe"=
"d:\\Hry\\Prince of Persia Zapomenuté písky\\GameSettings.exe"=
"d:\\Hry\\Prince of Persia Zapomenuté písky\\gu.exe"=
"d:\\Hry\\Prince of Persia Zapomenuté písky\\UPlayBrowser.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\Hry\\Assassins Creed Brotherhood\\ACBMP.exe"=
"d:\\Hry\\Assassins Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"d:\\Hry\\Assassins Creed Brotherhood\\UPlayBrowser.exe"=
"d:\\Hry\\Crysis 2\\bin32\\Crysis2.exe"=
"d:\\Hry\\Gta 4\\Grand Theft Auto IV\\GTAIV.exe"=
"d:\\Hry\\Gta 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"d:\\Hry\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Hry\\Guitar Hero World Tour\\GHWT.exe"=
"d:\\Hry\\Opration flash point red river\\RedRiver.exe"=
"d:\\Hry\\Opration flash point red river\\RedRiverLauncher.exe"=
"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"d:\\Hry\\FIFA 12\\Game\\fifa.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\stronghold3\\bin\\win32_release\\Stronghold3.exe"=
"c:\\WINDOWS\\update.tray-12-0\\svchost.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.2.2011 7:13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19.1.2011 3:32 32592]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [24.12.2008 19:10 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [24.12.2008 19:10 5248]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 5:41 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.2.2011 6:54 295248]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2.12.2008 13:07 138752]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.12.2008 18:22 247096]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [15.7.2007 3:37 27992]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30.3.2011 16:17 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.2.2011 6:53 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.2.2011 6:53 16720]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [30.10.2011 12:42 111872]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG2012\AVGIDSAgent.exe" --> c:\program files\AVG\AVG2012\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG2012\avgwdsvc.exe" --> c:\program files\AVG\AVG2012\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate1c9d700853e326c;Služba Google Update (gupdate1c9d700853e326c);c:\program files\Google\Update\GoogleUpdate.exe [17.5.2009 16:02 133104]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 cpuz130;cpuz130; [x]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [21.1.2010 20:41 13224]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [17.5.2009 16:02 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - TRUESIGHT
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 13:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-10-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-17 15:41]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:02]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:02]
.
2011-10-30 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-02-01 17:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://home.sweetim.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 10.0.0.138
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
Toolbar-10 - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
MSConfigStartUp-6434735 - c:\windows\TEMP\6434735.exe
MSConfigStartUp-6709206 - c:\windows\TEMP\6709206.exe
MSConfigStartUp-8680409 - c:\docume~1\UIVATE~1\LOCALS~1\Temp\8680409.exe
MSConfigStartUp-9690240 - c:\windows\TEMP\9690240.exe
MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-sysdriver32 - c:\windows\sysdriver32.exe
MSConfigStartUp-sysdriver32_ - c:\windows\sysdriver32_.exe
MSConfigStartUp-wxpdrv - c:\windows\services32.exe
AddRemove-AVG - c:\program files\AVG\AVG10\avgmfapx.exe
AddRemove-Rosso Rabbit in Trouble DEMO - d:\hry\Rosso Rabbit in Trouble DEMO\Uninstall\UNWISE.EXE
AddRemove-Santa Claus in trouble ...again! - Demo - d:\hry\Santa Claus in trouble ...again! - Demo\Uninstall\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-30 13:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-1957994488-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:11,3d,9a,08,81,c1,bd,a6,5b,ff,b4,60,0d,b8,55,47,fb,e0,f3,d5,1b,
75,bc,8c,a1,ee,07,07,ff,87,a3,13,ad,aa,7c,ab,46,ae,9a,85,22,47,f7,82,81,5f,\
"rkeysecu"=hex:27,0f,5f,4a,26,2c,fa,db,85,0f,8a,c1,56,58,be,3c
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\4&de4d8cf&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):88,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,03,00,00,00,00,01,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,03,00,00,
00,01,01,11,00,60,00,00,00,00,00,00,00,01,00,00,00,01,01,11,00,64,00,00,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2011-10-30 13:18:20
ComboFix-quarantined-files.txt 2011-10-30 12:18
.
Před spuštěním: Volných bajtů: 94 108 979 200
Po spuštění: Volných bajtů: 99 649 089 536
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 895BF9E3B4EADA08D4C9A276D38843D6
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: Facebook vir
Odinstalujte všechny toolbary, zejména ICQ a Ask toolbar 
Nejprve odinstalujte zbytky od AVG utilitou http://download.avg.com/filedir/util/av ... 2_1796.exePokračujte dočištěním...
Otevřeme si Poznámkový blok 
- (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
- Vložíme do něj následující script:
Kód: Vybrat vše
KillAll:: RegLock:: [HKEY_USERS\S-1-5-21-1960408961-1957994488-839522115-1003\Software\SecuROM\License information*] [HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\4&de4d8cf&0\LogConf] DDS:: uStart Page = hxxp://www.searchqu.com/406 mStart Page = hxxp://home.sweetim.com Trusted Zone: mojebanka.cz\* File:: c:\windows\Tasks\Scheduled Update for Ask Toolbar.job c:\windows\Tasks\GoogleUpdateTaskMachineUA.job c:\windows\Tasks\GoogleUpdateTaskMachineCore.job c:\windows\Tasks\Google Software Updater.job c:\windows\Tasks\AppleSoftwareUpdate.job c:\windows\unrar.exe Driver:: gupdatem gupdate1c9d700853e326c ICQ Service Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\update.tray-12-0\\svchost.exe"=- [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico0] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000000 "DisableThumbnailCache"=dword:00000000 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"=dword:00000001 Folder:: c:\windows\av_ico c:\windows\update.tray-12-0 c:\windows\update.tray-12-0-lnk c:\windows\ufa c:\windows\update.tray-14-0 c:\windows\update.tray-14-0-lnk Reboot:: - Soubor uložíme na Plochu jako CFScript.txt
- Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
- Poté Combofix provede všechny operace a udělá nový log,který sem vložte
Může se stát,že po aplikaci scriptu nenaběhne Windows běžným způsobem.V tomto případě restartujte počítač a při startu mačkejte F8 a zvolte možnost Poslední známá funkční konfiguraceNapiš mi: chodnik74@gmail.com nebo
>RSIT<>MBAM<>VirusTotal
Doporučuji: |
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Přispějete na provoz fóra?