Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

CoinMiner

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Carpenter
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 29 led 2005 16:52
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Carpenter

CoinMiner

#1 Příspěvek od Carpenter »

Dobrý den,
Kamarád mě požádal abych se mu podíval na notebook, prý se mu seká. Našel jsem v systému vir CoinMiner. Samozřejmě se pokoušel vir odstranit doinstalováním druhého antiviru. Bohužel pokusy odinstalovat jeden znich končí chybou. Vůbec nevím jak dál.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Kristyna at 2011-11-17 21:44:28
Microsoft Windows 7 Home Premium
System drive C: has 55 GB (53%) free of 102 GB
Total RAM: 4022 MB (69% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
winlogon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe"
C:\Windows\update.7.1\svchostdriver.exe srv
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\update.5.0\svchost.exe srv
C:\Windows\update.2\svchost.exe srv
"C:\Windows\update.5.0\svchost.exe" stand
C:\Windows\sysdriver32.exe srv
C:\Windows\system32\svchost.exe -k imgsvc
taskeng.exe {46ACF232-14EA-4FC4-892F-BC47760F1797}
C:\Windows\update.1\svchost.exe srv
"C:\Windows\system32\Dwm.exe"
"taskhost.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\FSP\FspUip.exe"
"C:\Program Files (x86)\PowerStrip\PStrip.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Hotkey OSD Driver\HotKeyOSD.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Windows\update.tray-12-0\svchost.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\update.2\svchost.exe" stand
"C:\Windows\SysWOW64\reg.exe" add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot /v AlternateShell /t REG_SZ /d services32.exe /f
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-83eb2fd4-ba4a-4ecd-ba84-f0eb2df338e0 -SystemEventPortName:HostProcess-dd6beb73-c8bb-4bfa-a575-0fb1c6be2a27 -IoCancelEventPortName:HostProcess-e7b7707f-dc42-4c94-b108-7fb809d816ca -NonStateChangingEventPortName:HostProcess-a3e7f7b9-da9d-422d-a13b-ce9a33a0559c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:36d500f7-82ff-412e-bd09-705de40d8b84
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\update.2\svchost.exe" spamer
"C:\Windows\update.2\svchost.exe" spamer
"C:\Windows\update.2\svchost.exe" spamer
"C:\Windows\update.2\svchost.exe" spamer
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Windows\update.tray-3-0-lnk\svchost.exe" tray 3-0 1
"C:\Program Files (x86)\totalcmd\TOTALCMD.EXE"
"C:\Windows\update.tray-7-0-lnk\svchost.exe" tray 7-0 1
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\update.7.1\svchostdriver.exe" stand
"C:\Program Files\Windows Defender\MSASCui.exe" /ShowThreats
"D:\Program Files (x86)\RSITx64.exe"
C:\Windows\phoenix\phoenix.exe -k poclbm VECTORS BFI_INT AGGRESSION=5 -u http://127.0.0.1:45564 PLATFORM=2 DEVICE=0
\??\C:\Windows\system32\conhost.exe "139057511198698544-2019286100-1391722957768694542-1857012827-144998592-161180865
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Kristyna\AppData\Roaming\Mozilla\Firefox\Profiles\wugo66c8.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://slirsredirect.search.aol.com/red ... 011&query="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@thrixxx.com/WebLaunch]
"Description"=thriXXX WebLaunch 1.0
"Path"=C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
npdnu.dll
npdnu.xpt
npdnupdater2.dll
npdnupdater2.xpt
nppdf32.dll
npWebLaunch.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Kristyna\AppData\Roaming\Mozilla\Firefox\Profiles\wugo66c8.default\extensions\
DTToolbar@toolbarnet.com
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

C:\Users\Kristyna\AppData\Roaming\Mozilla\Firefox\Profiles\wugo66c8.default\searchplugins\
aol-web-search.xml
daemon-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~2\Crawler\Toolbar\ctbr.dll [2010-09-16 1241552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-09-03 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_P.dll [2009-03-10 2079256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2009-04-23 1529800]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_P.dll [2009-03-10 2079256]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll [2010-09-16 1241552]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-09-29 8123936]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-12-02 16414824]
"fspuip"=C:\Program Files\FSP\fspuip.exe [2009-12-14 3768832]
"SideBar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\l1rezerv.exe]
C:\Windows\l1rezerv.exe [2011-08-27 232960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysdriver32.exe]
C:\Windows\sysdriver32.exe [2011-11-02 257024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysdriver32_.exe]
C:\Windows\sysdriver32_.exe [2011-11-02 257024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\systemup]
C:\Windows\systemup.exe [2011-08-28 130560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico0]
C:\Windows\update.tray-7-0\svchost.exe [2011-08-20 1182208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico1]
C:\Windows\update.tray-3-0\svchost.exe [2011-08-20 1182208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-03-31 1125152]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HotKeyOSD"=C:\Program Files (x86)\Hotkey OSD Driver\HotKeyOSD.exe [2010-01-18 232528]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2009-11-20 284696]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"NokiaMusic FastStart"=C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe [2010-03-04 2192672]
"wxpdrv"=C:\Windows\services32.exe [2011-08-20 1182208]
"tray_ico"= []
"tray_ico2"=C:\Windows\update.tray-12-0\svchost.exe [2011-08-20 1182208]
"tray_ico3"= []
"tray_ico4"= []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"2663092.exe"=C:\Windows\Temp\2663092.exe [2011-10-30 1942528]
"6872324.exe"=C:\Windows\Temp\6872324.exe [2011-11-02 257024]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-11-02 257024]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-11-02 257024]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Tenda W311U.lnk - C:\Program Files (x86)\Tenda\W311U\UI.exe

C:\Users\Kristyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
PowerStrip.lnk - C:\Program Files (x86)\PowerStrip\PStrip.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-11-17 21:44:30 ----D---- C:\Program Files\trend micro
2011-11-17 21:44:28 ----D---- C:\rsit
2011-11-17 21:09:03 ----D---- C:\Users\Kristyna\AppData\Roaming\GHISLER
2011-11-17 21:09:03 ----D---- C:\Program Files (x86)\totalcmd
2011-11-17 21:09:03 ----A---- C:\Windows\UC.PIF
2011-11-17 21:09:03 ----A---- C:\Windows\RAR.PIF
2011-11-17 21:09:03 ----A---- C:\Windows\PKZIP.PIF
2011-11-17 21:09:03 ----A---- C:\Windows\PKUNZIP.PIF
2011-11-17 21:09:03 ----A---- C:\Windows\NOCLOSE.PIF
2011-11-17 21:09:03 ----A---- C:\Windows\LHA.PIF
2011-11-17 21:09:03 ----A---- C:\Windows\ARJ.PIF
2011-11-16 20:30:43 ----A---- C:\Windows\ntbtlog.txt
2011-11-13 19:31:06 ----D---- C:\Program Files (x86)\Microsoft Games
2011-11-09 16:41:24 ----A---- C:\Windows\system32\drivers\AegisP.sys
2011-11-09 16:41:23 ----A---- C:\Windows\system32\RaCoInstx.dll
2011-11-09 16:41:22 ----A---- C:\Windows\system32\RaCoInst.dat
2011-11-09 16:41:22 ----A---- C:\Windows\system32\drivers\netr28ux.sys

======List of files/folders modified in the last 1 month======

2011-11-17 21:44:46 ----D---- C:\Windows\Temp
2011-11-17 21:44:30 ----RD---- C:\Program Files
2011-11-17 21:33:55 ----D---- C:\Windows\ufa
2011-11-17 21:30:44 ----A---- C:\Windows\unrar.exe
2011-11-17 21:29:44 ----A---- C:\Windows\iecheck_iplist.txt
2011-11-17 21:28:07 ----A---- C:\Windows\iplist.txt
2011-11-17 21:28:03 ----A---- C:\Windows\btc_client_iplist.txt
2011-11-17 21:26:15 ----A---- C:\Users\Kristyna\AppData\Roaming\PStrip.ini
2011-11-17 21:26:15 ----A---- C:\Users\Kristyna\AppData\Roaming\PStrip.bak
2011-11-17 21:15:35 ----SHD---- C:\System Volume Information
2011-11-17 21:12:24 ----D---- C:\Windows\System32
2011-11-17 21:12:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-11-17 21:12:23 ----D---- C:\Windows\inf
2011-11-17 21:09:03 ----D---- C:\Windows
2011-11-17 21:09:03 ----D---- C:\Program Files (x86)
2011-11-14 01:19:33 ----D---- C:\Windows\system32\NDF
2011-11-13 19:00:02 ----D---- C:\Windows\Prefetch
2011-11-12 18:03:07 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-11-12 18:02:52 ----D---- C:\Windows\SysWOW64
2011-11-10 18:44:08 ----D---- C:\Windows\system32\drivers\etc
2011-11-10 18:36:46 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-11-09 16:43:17 ----HD---- C:\ProgramData
2011-11-09 16:43:13 ----SHD---- C:\Windows\Installer
2011-11-09 16:42:26 ----D---- C:\Windows\system32\drivers
2011-11-09 16:42:25 ----D---- C:\Windows\system32\catroot
2011-11-09 16:42:24 ----D---- C:\Windows\system32\DriverStore
2011-11-06 21:05:32 ----D---- C:\Users\Kristyna\AppData\Roaming\Skype
2011-11-06 19:27:29 ----D---- C:\ProgramData\Skype Extras
2011-11-06 16:04:30 ----D---- C:\Users\Kristyna\AppData\Roaming\skypePM
2011-11-05 09:08:00 ----D---- C:\Windows\system32\catroot2
2011-11-02 11:39:36 ----A---- C:\Windows\sysdriver32_.exe
2011-11-02 11:39:36 ----A---- C:\Windows\sysdriver32.exe
2011-10-29 11:36:38 ----D---- C:\Users\Kristyna\AppData\Roaming\Media Player Classic
2011-10-23 16:49:32 ----D---- C:\ProgramData\PMB Files
2011-10-22 20:23:42 ----D---- C:\Users\Kristyna\AppData\Roaming\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2011-07-11 37456]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-11-20 537112]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-08-20 526392]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2011-07-11 282704]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2011-08-08 46672]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2011-07-11 375376]
R1 PStrip64;PStrip64; C:\Windows\system32\drivers\pstrip64.sys [2006-09-30 13008]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AMON;AMON; C:\Windows\system32\drivers\amon.sys [2011-02-26 146704]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 120400]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 29776]
R3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64; C:\Windows\system32\DRIVERS\fspad_wlh64.sys [2009-12-14 53248]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-09-29 2005024]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-10-21 66048]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2009-08-21 84512]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2011-02-19 82816]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 abqrlcah;abqrlcah; C:\Windows\system32\drivers\abqrlcah.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552448]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-01-20 328232]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-02-15 102440]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-01-13 135720]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-13 21544]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28ux.sys [2008-08-21 797184]
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2009-12-30 25088]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-01-21 18944]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2009-12-30 8704]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2009-12-30 8704]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-03-31 920352]
R2 Capture Device Service;Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 ddservice;ddservice; C:\Windows\update.7.1\svchostdriver.exe [2011-08-20 382464]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-12-02 392296]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-11-17 347648]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-10-30 1942528]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-11-02 257024]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-08-20 1182208]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe []
S2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-27 136176]
S2 NOD32krn;NOD32 Kernel Service; C:\Program Files (x86)\Eset\nod32krn.exe []
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe []
S2 vToolbarUpdater;vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-27 136176]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe [2010-02-26 652800]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-03-28 1255736]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119510
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: CoinMiner

#2 Příspěvek od Rudy »

Zdravím!
Máte klasický FB virus. Udělejte nejprve kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Carpenter
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 29 led 2005 16:52
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Carpenter

Re: CoinMiner

#3 Příspěvek od Carpenter »

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verze databáze: 8184

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.11.2011 22:40:10
mbam-log-2011-11-17 (22-40-02).txt

Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 318980
Uplynulý čas: 29 minut, 7 sekund

Infikované procesy v paměti: 15
Infikované moduly v paměti: 0
Infikované klíče v registru: 10
Infikované hodnoty v registru: 9
Infikované datové položky v registru: 4
Infikované složky: 2
Infikované soubory: 122

Infikované procesy v paměti:
c:\Windows\update.7.1\svchostdriver.exe (Spyware.Agent) -> 1576 -> No action taken.
c:\Windows\update.7.1\svchostdriver.exe (Spyware.Agent) -> 4220 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1816 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1896 -> No action taken.
c:\Windows\update.2\svchost.exe (Trojan.Dropper.H) -> 1880 -> No action taken.
c:\Windows\update.2\svchost.exe (Trojan.Dropper.H) -> 3324 -> No action taken.
c:\Windows\update.2\svchost.exe (Trojan.Dropper.H) -> 3036 -> No action taken.
c:\Windows\update.2\svchost.exe (Trojan.Dropper.H) -> 5008 -> No action taken.
c:\Windows\update.2\svchost.exe (Trojan.Dropper.H) -> 2380 -> No action taken.
c:\Windows\update.2\svchost.exe (Trojan.Dropper.H) -> 3760 -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> 1960 -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 2148 -> No action taken.
c:\Windows\update.tray-12-0\svchost.exe (Trojan.Dropper) -> 2032 -> No action taken.
c:\Windows\update.tray-3-0-lnk\svchost.exe (Trojan.Dropper) -> 1524 -> No action taken.
c:\Windows\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> 4856 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddservice (Spyware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Trojan.Dropper.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico2 (Trojan.Dropper) -> Value: tray_ico2 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2663092.exe (Trojan.Dropper.H) -> Value: 2663092.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6872324.exe (Trojan.Agent) -> Value: 6872324.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddservice\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SAFEBOOT\AlternateShell (Hijack.Altshell) -> Bad: (services32.exe) Good: (cmd.exe) -> No action taken.

Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.
c:\program files (x86)\Save (Adware.WhenU) -> No action taken.

Infikované soubory:
c:\Windows\update.7.1\svchostdriver.exe (Spyware.Agent) -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\Windows\update.2\svchost.exe (Trojan.Dropper.H) -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-12-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-3-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\services32.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\2663092.exe (Trojan.Dropper.H) -> No action taken.
c:\Windows\Temp\6872324.exe (Trojan.Agent) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\Users\Kristyna\AppData\Local\Nokia\nokia ovi player\20110612.log (Extension.Mismatch) -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent.H) -> No action taken.
c:\Windows\Temp\23513_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\237030.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Temp\27577_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\61096_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\839761.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\85333_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\8679548.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Temp\91161_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-12-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-3-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\1053968.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\2032588.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\2289415.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3163983.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3259763.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4395131.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5128569.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5844100.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\6225220.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\6675844.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\6756254.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\7299286.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8338810.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9158184.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9619450.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9806840.exe (Trojan.Agent) -> No action taken.
c:\program files (x86)\2DintMMX.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\3DfpFPU.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\autoconstruct.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\CapMgrRC.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\Dir12.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\DVDMFRc.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\facedetection.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\h264enc_r.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\herwizard.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\herwizpgedit.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\imageanalysis.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\INETWH32.DLL (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\keyframemodulerc.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\libmmd.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\mfburnservice.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\mfdiscenumerator.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\mfmenurender.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\mfrelinkservice.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\mfsequenceservice.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\mfsimulationservice.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\mhtitleassist.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\modifymarktimerc.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\mspeeffectfunc.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\musicanalysis.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\panning_effect.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\skindetection.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\swfrender.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\u32usp.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\uautoeditwrap.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\ubaseobject.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\udvduser40lite.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\udvduserex40lite.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\UFCCOLOR.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\ufcGetVF.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\ufcvecomm.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\ulauncher.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\ulDARMgr.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\ulprntp.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\ULSCRUB.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\umfComm2.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\umfcommdlg.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\umfcommon.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\umfnormaledittask.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\umfpagemgr.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\umfresource.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\umftaskmgr.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\umfwidget.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\uOverlay.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\Upfmgr.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\uplcpuinf.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\upldiskinf.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\upliabog.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\upliabom.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\upliabox.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\upliabox2.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\uvipl.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\uviplA6.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\uviplM6.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\uviplP6.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\uviplPX.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\uviplW7.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\VfxIMGRC.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\vfxrc.dll (Spyware.OnlineGames) -> No action taken.
c:\program files (x86)\videoanalysis.dll (Spyware.OnlineGames) -> No action taken.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
c:\program files (x86)\Save\automatické ukládání .savc (Adware.WhenU) -> No action taken.
c:\program files (x86)\Save\začít misi .savc (Adware.WhenU) -> No action taken.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119510
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: CoinMiner

#4 Příspěvek od Rudy »

No potěš koště! Kromě CF viru, je toho tam ještě až, až. Smažte vše, co MBAM nalezl, restartujte PC a na dočištění dete log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Carpenter
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 29 led 2005 16:52
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Carpenter

Re: CoinMiner

#5 Příspěvek od Carpenter »

ComboFix 11-11-17.03 - Kristyna 17.11.2011 22:59:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4022.3084 [GMT 1:00]
Spuštěný z: d:\program files (x86)\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kristyna\AppData\Roaming\inst.exe
c:\users\Kristyna\videos\DTLite4413-0173.exe
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\UA000079.DLL
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.7.1
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-17 do 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2011-11-17 22:04 . 2011-11-17 22:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-17 21:59 . 2011-11-17 21:59 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59428959-D006-4EEB-BD87-6A2D0E78E40D}\offreg.dll
2011-11-17 21:08 . 2011-11-17 21:08 -------- d-----w- c:\users\Kristyna\AppData\Roaming\Malwarebytes
2011-11-17 21:08 . 2011-11-17 21:08 -------- d-----w- c:\programdata\Malwarebytes
2011-11-17 21:08 . 2011-11-17 21:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-17 21:08 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 20:44 . 2011-11-17 20:44 -------- d-----w- c:\program files\trend micro
2011-11-17 20:44 . 2011-11-17 20:45 -------- d-----w- C:\rsit
2011-11-17 20:11 . 2011-11-17 20:11 -------- d-----w- c:\users\Kristyna\AppData\Local\GHISLER
2011-11-17 20:09 . 2011-11-17 20:11 -------- d-----w- c:\program files (x86)\totalcmd
2011-11-17 20:09 . 2011-11-17 20:09 -------- d-----w- c:\users\Kristyna\AppData\Roaming\GHISLER
2011-11-17 20:09 . 2009-07-16 06:50 545 ----a-w- c:\windows\UC.PIF
2011-11-17 20:09 . 2009-07-16 06:50 545 ----a-w- c:\windows\RAR.PIF
2011-11-17 20:09 . 2009-07-16 06:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-11-17 20:09 . 2009-07-16 06:50 545 ----a-w- c:\windows\LHA.PIF
2011-11-17 20:09 . 2009-07-16 06:50 545 ----a-w- c:\windows\ARJ.PIF
2011-11-13 18:31 . 2011-11-13 18:31 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-11-09 15:41 . 2011-11-09 15:41 30208 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-11-09 15:41 . 2008-08-21 10:44 305664 ----a-w- c:\windows\system32\RaCoInstx.dll
2011-11-09 15:41 . 2008-08-21 10:57 797184 ----a-w- c:\windows\system32\drivers\netr28ux.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 20:30 . 2011-08-20 15:29 246272 ----a-w- c:\windows\unrar.exe
2011-09-14 18:18 . 2011-09-14 18:18 0 ----a-w- c:\windows\system32\tlx7B18.tmp
2011-09-14 18:06 . 2011-09-14 18:06 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-09-13 00:26 . 2011-10-14 16:48 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59428959-D006-4EEB-BD87-6A2D0E78E40D}\mpengine.dll
2011-09-03 21:02 . 2011-09-03 21:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-01 11:29 . 2011-09-18 14:24 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-09-01 11:19 . 2011-09-18 14:24 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-09-01 11:19 . 2011-09-18 14:24 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-09-01 11:19 . 2011-09-18 14:24 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-09-01 11:18 . 2011-09-18 14:24 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2007-03-16 09:46 . 2007-03-15 13:17 1254896 ------w- c:\program files (x86)\vstudio.exe
2007-03-16 09:40 . 2007-03-15 13:17 1404928 ------w- c:\program files (x86)\vstudio.lod
2007-03-16 09:40 . 2007-03-15 13:17 3084288 ------w- c:\program files (x86)\vstudio.dat
2007-03-16 09:40 . 2007-03-15 13:17 1024 ------w- c:\program files (x86)\vstudio.bin
2007-03-09 19:27 . 2007-03-09 19:27 321008 ------w- c:\program files (x86)\uvMPEG2.dll
2007-03-08 17:54 . 2007-03-08 17:54 1496560 ------w- c:\program files (x86)\HerDocdll.dll
2007-03-08 17:54 . 2007-03-08 17:54 128496 ------w- c:\program files (x86)\uvDV.dll
2007-03-08 07:00 . 2007-03-08 07:00 31728 ------w- c:\program files (x86)\PanZoomEngine.dll
2007-03-06 16:01 . 2007-03-06 16:01 562672 ------w- c:\program files (x86)\afdwMenuTool.dll
2007-03-05 15:49 . 2007-03-05 15:49 230896 ------w- c:\program files (x86)\DV2DVDWizardPage2.dll
2007-03-05 15:48 . 2007-03-05 15:48 87536 ------w- c:\program files (x86)\DV2DVDAPlanBurningModule.dll
2007-03-03 12:28 . 2007-03-03 12:28 497136 ------w- c:\program files (x86)\u32Prod.dll
2007-03-03 12:23 . 2007-03-03 12:23 136688 ------w- c:\program files (x86)\wWebComp.dll
2007-03-03 12:23 . 2007-03-03 12:23 337392 ------w- c:\program files (x86)\VioRC.dll
2007-03-03 12:23 . 2007-03-03 12:23 173552 ------w- c:\program files (x86)\VfxATRC.dll
2007-03-03 12:22 . 2007-03-03 12:22 304624 ------w- c:\program files (x86)\vftrc.dll
2007-03-03 12:22 . 2007-03-03 12:22 423408 ------w- c:\program files (x86)\vftatrc.dll
2007-03-03 12:22 . 2007-03-03 12:22 103920 ------w- c:\program files (x86)\Vft32rc.dll
2007-03-03 12:22 . 2007-03-03 12:22 525808 ------w- c:\program files (x86)\veui32rc.dll
2007-03-03 12:22 . 2007-03-03 12:22 50672 ------w- c:\program files (x86)\uwUpdate.dll
2007-03-03 12:22 . 2007-03-03 12:22 17392 ------w- c:\program files (x86)\uvVIOCapShareModuleRC.dll
2007-03-03 12:22 . 2007-03-03 12:22 280048 ------w- c:\program files (x86)\UvUserRC.dll
2007-03-03 12:22 . 2007-03-03 12:22 13296 ------w- c:\program files (x86)\uVioWrapRC.dll
2007-03-03 12:22 . 2007-03-03 12:22 20464 ------w- c:\program files (x86)\uvCaptureRC.dll
2007-03-03 12:22 . 2007-03-03 12:22 45552 ------w- c:\program files (x86)\uTextToolRc.dll
2007-03-03 12:22 . 2007-03-03 12:22 15856 ------w- c:\program files (x86)\uSmartSndMgrRC.dll
2007-03-03 12:22 . 2007-03-03 12:22 132592 ------w- c:\program files (x86)\upview.dll
2007-03-03 12:22 . 2007-03-03 12:22 17904 ------w- c:\program files (x86)\upfMgrRC.dll
2007-03-03 12:22 . 2007-03-03 12:22 91632 ------w- c:\program files (x86)\umfMediabaseRC.dll
2007-03-03 12:22 . 2007-03-03 12:22 32240 ------w- c:\program files (x86)\ulVideoEditRC.dll
2007-03-03 12:21 . 2007-03-03 12:21 15344 ------w- c:\program files (x86)\ULSCRUBRC.dll
2007-03-03 12:21 . 2007-03-03 12:21 202224 ------w- c:\program files (x86)\ULPRNTPRC.dll
2007-03-03 12:21 . 2007-03-03 12:21 22000 ------w- c:\program files (x86)\ulPrevRC.dll
2007-03-03 12:21 . 2007-03-03 12:21 325104 ------w- c:\program files (x86)\uLauncherRC.dll
2007-03-03 12:21 . 2007-03-03 12:21 108016 ------w- c:\program files (x86)\Ul3dui32.dll
2007-03-03 12:21 . 2007-03-03 12:21 10736 ------w- c:\program files (x86)\uiNetRC.dll
2007-03-03 12:21 . 2007-03-03 12:21 19952 ------w- c:\program files (x86)\uImportDVDUserCtrlRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 32752 ------w- c:\program files (x86)\uImportDVDUIRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 15856 ------w- c:\program files (x86)\uImportDVDPlugInRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 611824 ------w- c:\program files (x86)\ufctxeffrc.dll
2007-03-03 12:20 . 2007-03-03 12:20 19440 ------w- c:\program files (x86)\ufcGetVFRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 15856 ------w- c:\program files (x86)\UFCCOMMRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 17904 ------w- c:\program files (x86)\UFCCOLORRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 132592 ------w- c:\program files (x86)\UFCAUDRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 15856 ------w- c:\program files (x86)\uDVDUserREx40Lite.dll
2007-03-03 12:20 . 2007-03-03 12:20 21488 ------w- c:\program files (x86)\uDVDUserREx.dll
2007-03-03 12:20 . 2007-03-03 12:20 13808 ------w- c:\program files (x86)\uDVDUSerR.dll
2007-03-03 12:20 . 2007-03-03 12:20 17392 ------w- c:\program files (x86)\uDVDCommRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 17904 ------w- c:\program files (x86)\uDVDCaptureRc.dll
2007-03-03 12:20 . 2007-03-03 12:20 16368 ------w- c:\program files (x86)\uDMFGUIRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 25072 ------w- c:\program files (x86)\udlFileRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 15344 ------w- c:\program files (x86)\uBatchCvtRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 18928 ------w- c:\program files (x86)\uAutoEditWrapRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 79344 ------w- c:\program files (x86)\u32xView.dll
2007-03-03 12:20 . 2007-03-03 12:20 16368 ------w- c:\program files (x86)\U32USPRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 24048 ------w- c:\program files (x86)\u32uscRES.dll
2007-03-03 12:20 . 2007-03-03 12:20 18928 ------w- c:\program files (x86)\u32freedbRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 275952 ------w- c:\program files (x86)\u32FeUI_s.dll
2007-03-03 12:19 . 2007-03-03 12:19 67056 ------w- c:\program files (x86)\u32AudCvtRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 570864 ------w- c:\program files (x86)\type_eff.dll
2007-03-03 12:19 . 2007-03-03 12:19 83440 ------w- c:\program files (x86)\TitlePlugRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 132592 ------w- c:\program files (x86)\TgeDllRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 26096 ------w- c:\program files (x86)\save_ani.dll
2007-03-03 12:19 . 2007-03-03 12:19 726512 ------w- c:\program files (x86)\PPPRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 71152 ------w- c:\program files (x86)\PEXSLIDE_Res.dll
2007-03-03 12:19 . 2007-03-03 12:19 15344 ------w- c:\program files (x86)\PEXEXIF_Res.dll
2007-03-03 12:19 . 2007-03-03 12:19 48112 ------w- c:\program files (x86)\MPEG_VioRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 15344 ------w- c:\program files (x86)\IDvPreScanRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 943600 ------w- c:\program files (x86)\HerWizardRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 214512 ------w- c:\program files (x86)\herrc.dll
2007-03-03 12:19 . 2007-03-03 12:19 45040 ------w- c:\program files (x86)\HerDocRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 325104 ------w- c:\program files (x86)\DV2DVDWizardRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 28144 ------w- c:\program files (x86)\DV2DVDWizardPage2RC.dll
2007-03-03 12:19 . 2007-03-03 12:19 22000 ------w- c:\program files (x86)\DV2DVDWizardPage1RC.dll
2007-03-03 12:19 . 2007-03-03 12:19 18928 ------w- c:\program files (x86)\DrawingRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 19952 ------w- c:\program files (x86)\DeviceSyncUIRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 15344 ------w- c:\program files (x86)\DeviceSyncMgrRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 25072 ------w- c:\program files (x86)\CuDAC32.dll
2007-03-03 12:18 . 2007-03-03 12:18 189936 ------w- c:\program files (x86)\CU3PDVR_HDV_RC.dll
2007-03-03 12:18 . 2007-03-03 12:18 10224 ------w- c:\program files (x86)\BatchDLRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 239088 ------w- c:\program files (x86)\AIKRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 148976 ------w- c:\program files (x86)\AftRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 13808 ------w- c:\program files (x86)\Aft32RC.dll
2007-03-03 12:18 . 2007-03-03 12:18 136688 ------w- c:\program files (x86)\afMenuEditToolRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 15344 ------w- c:\program files (x86)\afMenuEditingRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 15856 ------w- c:\program files (x86)\afksMDTIORC.dll
2007-03-03 12:18 . 2007-03-03 12:18 75248 ------w- c:\program files (x86)\afdwMenuToolRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 16880 ------w- c:\program files (x86)\afDVDBurnCommRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 15856 ------w- c:\program files (x86)\afCvtMotionMenuMgrRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 91632 ------w- c:\program files (x86)\afCommRC.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_P.dll" [2009-03-10 2079256]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-03-10 09:47 2079256 ------w- c:\program files (x86)\BS_Player\tbBS_P.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_P.dll" [2009-03-10 2079256]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HotKeyOSD"="c:\program files (x86)\Hotkey OSD Driver\HotKeyOSD.exe" [2010-01-18 232528]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NokiaMusic FastStart"="c:\program files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Kristyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerStrip.lnk - c:\program files (x86)\PowerStrip\PStrip.exe [2011-4-27 742944]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Tenda W311U.lnk - c:\program files (x86)\Tenda\W311U\UI.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1029 /KBD:2 /wow /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"UVS11 Preload"=c:\program files (x86)\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-27 136176]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [x]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-27 136176]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 PStrip64;PStrip64;c:\windows\system32\drivers\pstrip64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;c:\windows\system32\DRIVERS\fspad_wlh64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-27 10:25]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-27 10:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-29 8123936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-02 16414824]
"SideBar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 89.102.129.14:80
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\imon.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Kristyna\AppData\Roaming\Mozilla\Firefox\Profiles\wugo66c8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20110327084704606&tb_oid=27-03-2011&tb_mrud=27-03-2011&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20110327084704606&tb_oid=27-03-2011&tb_mrud=27-03-2011&query=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShA64.dll
HKLM-Run-fspuip - c:\program files (x86)\FSP\fspuip.exe
AddRemove-TuneUp Utilities 2011 - c:\program files (x86)\TuneUp Utilities 2011\TUInstallHelper.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-11-17 23:06:24
ComboFix-quarantined-files.txt 2011-11-17 22:06
.
Před spuštěním: Volných bajtů: 57 058 054 144
Po spuštění: Volných bajtů: 56 577 781 760
.
- - End Of File - - 0134A9DDD79270D16E3507123F2AE6B5
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119510
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: CoinMiner

#6 Příspěvek od Rudy »

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Collect::
c:\windows\unrar.exe

Firefox::
FF - ProfilePath - c:\users\Kristyna\AppData\Roaming\Mozilla\Firefox\Profiles\wugo66c8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20110327084704606&tb_oid=27-03-2011&tb_mrud=27-03-2011&query=
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/red ... 011&query=
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Carpenter
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 29 led 2005 16:52
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Carpenter

Re: CoinMiner

#7 Příspěvek od Carpenter »

Projistotu posílam ještě LOG z ComboFixu:

ComboFix 11-11-18.02 - Kristyna 18.11.2011 21:08:29.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4022.2619 [GMT 1:00]
Spuštěný z: c:\users\Kristyna\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Kristyna\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\unrar.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-18 do 2011-11-18 )))))))))))))))))))))))))))))))
.
.
2011-11-18 20:13 . 2011-11-18 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-17 21:08 . 2011-11-17 21:08 -------- d-----w- c:\users\Kristyna\AppData\Roaming\Malwarebytes
2011-11-17 21:08 . 2011-11-17 21:08 -------- d-----w- c:\programdata\Malwarebytes
2011-11-17 21:08 . 2011-11-17 21:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-17 21:08 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 20:44 . 2011-11-17 20:44 -------- d-----w- c:\program files\trend micro
2011-11-17 20:44 . 2011-11-17 20:45 -------- d-----w- C:\rsit
2011-11-17 20:11 . 2011-11-17 20:11 -------- d-----w- c:\users\Kristyna\AppData\Local\GHISLER
2011-11-17 20:09 . 2011-11-17 20:11 -------- d-----w- c:\program files (x86)\totalcmd
2011-11-17 20:09 . 2011-11-17 20:09 -------- d-----w- c:\users\Kristyna\AppData\Roaming\GHISLER
2011-11-17 20:09 . 2009-07-16 06:50 545 ----a-w- c:\windows\UC.PIF
2011-11-17 20:09 . 2009-07-16 06:50 545 ----a-w- c:\windows\RAR.PIF
2011-11-17 20:09 . 2009-07-16 06:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-11-17 20:09 . 2009-07-16 06:50 545 ----a-w- c:\windows\LHA.PIF
2011-11-17 20:09 . 2009-07-16 06:50 545 ----a-w- c:\windows\ARJ.PIF
2011-11-13 18:31 . 2011-11-13 18:31 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-11-09 15:41 . 2011-11-09 15:41 30208 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-11-09 15:41 . 2008-08-21 10:44 305664 ----a-w- c:\windows\system32\RaCoInstx.dll
2011-11-09 15:41 . 2008-08-21 10:57 797184 ----a-w- c:\windows\system32\drivers\netr28ux.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 04:06 . 2011-09-03 21:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-14 18:18 . 2011-09-14 18:18 0 ----a-w- c:\windows\system32\tlx7B18.tmp
2011-09-14 18:06 . 2011-09-14 18:06 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-09-13 00:26 . 2011-10-14 16:48 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59428959-D006-4EEB-BD87-6A2D0E78E40D}\mpengine.dll
2011-09-01 11:29 . 2011-09-18 14:24 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-09-01 11:19 . 2011-09-18 14:24 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-09-01 11:19 . 2011-09-18 14:24 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-09-01 11:19 . 2011-09-18 14:24 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-09-01 11:18 . 2011-09-18 14:24 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2007-03-16 09:46 . 2007-03-15 13:17 1254896 ------w- c:\program files (x86)\vstudio.exe
2007-03-16 09:40 . 2007-03-15 13:17 1404928 ------w- c:\program files (x86)\vstudio.lod
2007-03-16 09:40 . 2007-03-15 13:17 3084288 ------w- c:\program files (x86)\vstudio.dat
2007-03-16 09:40 . 2007-03-15 13:17 1024 ------w- c:\program files (x86)\vstudio.bin
2007-03-09 19:27 . 2007-03-09 19:27 321008 ------w- c:\program files (x86)\uvMPEG2.dll
2007-03-08 17:54 . 2007-03-08 17:54 1496560 ------w- c:\program files (x86)\HerDocdll.dll
2007-03-08 17:54 . 2007-03-08 17:54 128496 ------w- c:\program files (x86)\uvDV.dll
2007-03-08 07:00 . 2007-03-08 07:00 31728 ------w- c:\program files (x86)\PanZoomEngine.dll
2007-03-06 16:01 . 2007-03-06 16:01 562672 ------w- c:\program files (x86)\afdwMenuTool.dll
2007-03-05 15:49 . 2007-03-05 15:49 230896 ------w- c:\program files (x86)\DV2DVDWizardPage2.dll
2007-03-05 15:48 . 2007-03-05 15:48 87536 ------w- c:\program files (x86)\DV2DVDAPlanBurningModule.dll
2007-03-03 12:28 . 2007-03-03 12:28 497136 ------w- c:\program files (x86)\u32Prod.dll
2007-03-03 12:23 . 2007-03-03 12:23 136688 ------w- c:\program files (x86)\wWebComp.dll
2007-03-03 12:23 . 2007-03-03 12:23 337392 ------w- c:\program files (x86)\VioRC.dll
2007-03-03 12:23 . 2007-03-03 12:23 173552 ------w- c:\program files (x86)\VfxATRC.dll
2007-03-03 12:22 . 2007-03-03 12:22 304624 ------w- c:\program files (x86)\vftrc.dll
2007-03-03 12:22 . 2007-03-03 12:22 423408 ------w- c:\program files (x86)\vftatrc.dll
2007-03-03 12:22 . 2007-03-03 12:22 103920 ------w- c:\program files (x86)\Vft32rc.dll
2007-03-03 12:22 . 2007-03-03 12:22 525808 ------w- c:\program files (x86)\veui32rc.dll
2007-03-03 12:22 . 2007-03-03 12:22 50672 ------w- c:\program files (x86)\uwUpdate.dll
2007-03-03 12:22 . 2007-03-03 12:22 17392 ------w- c:\program files (x86)\uvVIOCapShareModuleRC.dll
2007-03-03 12:22 . 2007-03-03 12:22 280048 ------w- c:\program files (x86)\UvUserRC.dll
2007-03-03 12:22 . 2007-03-03 12:22 13296 ------w- c:\program files (x86)\uVioWrapRC.dll
2007-03-03 12:22 . 2007-03-03 12:22 20464 ------w- c:\program files (x86)\uvCaptureRC.dll
2007-03-03 12:22 . 2007-03-03 12:22 45552 ------w- c:\program files (x86)\uTextToolRc.dll
2007-03-03 12:22 . 2007-03-03 12:22 15856 ------w- c:\program files (x86)\uSmartSndMgrRC.dll
2007-03-03 12:22 . 2007-03-03 12:22 132592 ------w- c:\program files (x86)\upview.dll
2007-03-03 12:22 . 2007-03-03 12:22 17904 ------w- c:\program files (x86)\upfMgrRC.dll
2007-03-03 12:22 . 2007-03-03 12:22 91632 ------w- c:\program files (x86)\umfMediabaseRC.dll
2007-03-03 12:22 . 2007-03-03 12:22 32240 ------w- c:\program files (x86)\ulVideoEditRC.dll
2007-03-03 12:21 . 2007-03-03 12:21 15344 ------w- c:\program files (x86)\ULSCRUBRC.dll
2007-03-03 12:21 . 2007-03-03 12:21 202224 ------w- c:\program files (x86)\ULPRNTPRC.dll
2007-03-03 12:21 . 2007-03-03 12:21 22000 ------w- c:\program files (x86)\ulPrevRC.dll
2007-03-03 12:21 . 2007-03-03 12:21 325104 ------w- c:\program files (x86)\uLauncherRC.dll
2007-03-03 12:21 . 2007-03-03 12:21 108016 ------w- c:\program files (x86)\Ul3dui32.dll
2007-03-03 12:21 . 2007-03-03 12:21 10736 ------w- c:\program files (x86)\uiNetRC.dll
2007-03-03 12:21 . 2007-03-03 12:21 19952 ------w- c:\program files (x86)\uImportDVDUserCtrlRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 32752 ------w- c:\program files (x86)\uImportDVDUIRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 15856 ------w- c:\program files (x86)\uImportDVDPlugInRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 611824 ------w- c:\program files (x86)\ufctxeffrc.dll
2007-03-03 12:20 . 2007-03-03 12:20 19440 ------w- c:\program files (x86)\ufcGetVFRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 15856 ------w- c:\program files (x86)\UFCCOMMRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 17904 ------w- c:\program files (x86)\UFCCOLORRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 132592 ------w- c:\program files (x86)\UFCAUDRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 15856 ------w- c:\program files (x86)\uDVDUserREx40Lite.dll
2007-03-03 12:20 . 2007-03-03 12:20 21488 ------w- c:\program files (x86)\uDVDUserREx.dll
2007-03-03 12:20 . 2007-03-03 12:20 13808 ------w- c:\program files (x86)\uDVDUSerR.dll
2007-03-03 12:20 . 2007-03-03 12:20 17392 ------w- c:\program files (x86)\uDVDCommRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 17904 ------w- c:\program files (x86)\uDVDCaptureRc.dll
2007-03-03 12:20 . 2007-03-03 12:20 16368 ------w- c:\program files (x86)\uDMFGUIRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 25072 ------w- c:\program files (x86)\udlFileRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 15344 ------w- c:\program files (x86)\uBatchCvtRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 18928 ------w- c:\program files (x86)\uAutoEditWrapRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 79344 ------w- c:\program files (x86)\u32xView.dll
2007-03-03 12:20 . 2007-03-03 12:20 16368 ------w- c:\program files (x86)\U32USPRC.dll
2007-03-03 12:20 . 2007-03-03 12:20 24048 ------w- c:\program files (x86)\u32uscRES.dll
2007-03-03 12:20 . 2007-03-03 12:20 18928 ------w- c:\program files (x86)\u32freedbRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 275952 ------w- c:\program files (x86)\u32FeUI_s.dll
2007-03-03 12:19 . 2007-03-03 12:19 67056 ------w- c:\program files (x86)\u32AudCvtRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 570864 ------w- c:\program files (x86)\type_eff.dll
2007-03-03 12:19 . 2007-03-03 12:19 83440 ------w- c:\program files (x86)\TitlePlugRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 132592 ------w- c:\program files (x86)\TgeDllRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 26096 ------w- c:\program files (x86)\save_ani.dll
2007-03-03 12:19 . 2007-03-03 12:19 726512 ------w- c:\program files (x86)\PPPRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 71152 ------w- c:\program files (x86)\PEXSLIDE_Res.dll
2007-03-03 12:19 . 2007-03-03 12:19 15344 ------w- c:\program files (x86)\PEXEXIF_Res.dll
2007-03-03 12:19 . 2007-03-03 12:19 48112 ------w- c:\program files (x86)\MPEG_VioRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 15344 ------w- c:\program files (x86)\IDvPreScanRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 943600 ------w- c:\program files (x86)\HerWizardRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 214512 ------w- c:\program files (x86)\herrc.dll
2007-03-03 12:19 . 2007-03-03 12:19 45040 ------w- c:\program files (x86)\HerDocRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 325104 ------w- c:\program files (x86)\DV2DVDWizardRC.dll
2007-03-03 12:19 . 2007-03-03 12:19 28144 ------w- c:\program files (x86)\DV2DVDWizardPage2RC.dll
2007-03-03 12:19 . 2007-03-03 12:19 22000 ------w- c:\program files (x86)\DV2DVDWizardPage1RC.dll
2007-03-03 12:19 . 2007-03-03 12:19 18928 ------w- c:\program files (x86)\DrawingRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 19952 ------w- c:\program files (x86)\DeviceSyncUIRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 15344 ------w- c:\program files (x86)\DeviceSyncMgrRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 25072 ------w- c:\program files (x86)\CuDAC32.dll
2007-03-03 12:18 . 2007-03-03 12:18 189936 ------w- c:\program files (x86)\CU3PDVR_HDV_RC.dll
2007-03-03 12:18 . 2007-03-03 12:18 10224 ------w- c:\program files (x86)\BatchDLRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 239088 ------w- c:\program files (x86)\AIKRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 148976 ------w- c:\program files (x86)\AftRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 13808 ------w- c:\program files (x86)\Aft32RC.dll
2007-03-03 12:18 . 2007-03-03 12:18 136688 ------w- c:\program files (x86)\afMenuEditToolRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 15344 ------w- c:\program files (x86)\afMenuEditingRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 15856 ------w- c:\program files (x86)\afksMDTIORC.dll
2007-03-03 12:18 . 2007-03-03 12:18 75248 ------w- c:\program files (x86)\afdwMenuToolRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 16880 ------w- c:\program files (x86)\afDVDBurnCommRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 15856 ------w- c:\program files (x86)\afCvtMotionMenuMgrRC.dll
2007-03-03 12:18 . 2007-03-03 12:18 91632 ------w- c:\program files (x86)\afCommRC.dll
2007-03-03 12:13 . 2007-03-03 12:13 67056 ------w- c:\program files (x86)\XProfileAgent.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-17_22.04.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-13 17:48 . 2011-11-18 20:00 55556 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-17 21:58 35442 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-18 20:00 35442 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-19 11:23 . 2011-11-18 20:00 14506 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3887654163-1173750730-3405244591-1000_UserData.bin
- 2011-02-19 11:23 . 2011-11-17 21:58 14506 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3887654163-1173750730-3405244591-1000_UserData.bin
- 2011-02-19 11:29 . 2011-11-17 22:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-19 11:29 . 2011-11-18 20:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-13 18:01 . 2011-11-18 20:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-13 18:01 . 2011-11-17 22:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-18 20:14 . 2011-11-18 20:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-17 21:56 . 2011-11-17 21:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-17 21:56 . 2011-11-17 21:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-18 20:14 . 2011-11-18 20:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-03 21:02 . 2011-09-03 21:02 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-11-18 20:05 . 2011-10-03 04:06 157472 c:\windows\SysWOW64\javaws.exe
- 2011-09-03 21:02 . 2011-09-03 21:02 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-11-18 20:05 . 2011-10-03 04:06 145184 c:\windows\SysWOW64\javaw.exe
- 2011-09-03 21:02 . 2011-09-03 21:02 145184 c:\windows\SysWOW64\java.exe
+ 2011-11-18 20:05 . 2011-10-03 04:06 145184 c:\windows\SysWOW64\java.exe
- 2009-07-14 05:01 . 2011-11-17 21:55 405992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-18 20:13 405992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-03 21:12 . 2011-11-17 21:55 1184752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3887654163-1173750730-3405244591-1000-12288.dat
+ 2011-04-03 21:12 . 2011-11-18 20:13 1184752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3887654163-1173750730-3405244591-1000-12288.dat
+ 2009-07-14 02:34 . 2011-11-18 20:11 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-08-29 19:08 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_P.dll" [2009-03-10 2079256]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-03-10 09:47 2079256 ------w- c:\program files (x86)\BS_Player\tbBS_P.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_P.dll" [2009-03-10 2079256]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HotKeyOSD"="c:\program files (x86)\Hotkey OSD Driver\HotKeyOSD.exe" [2010-01-18 232528]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NokiaMusic FastStart"="c:\program files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Kristyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerStrip.lnk - c:\program files (x86)\PowerStrip\PStrip.exe [2011-4-27 742944]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Tenda W311U.lnk - c:\program files (x86)\Tenda\W311U\UI.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1029 /KBD:2 /wow /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"UVS11 Preload"=c:\program files (x86)\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-27 136176]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [x]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-27 136176]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 PStrip64;PStrip64;c:\windows\system32\drivers\pstrip64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;c:\windows\system32\DRIVERS\fspad_wlh64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-27 10:25]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-27 10:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
c:\program files\AVAST Software\Avast\ashShA64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-29 8123936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-02 16414824]
"fspuip"="c:\program files (x86)\FSP\fspuip.exe" [BU]
"SideBar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 89.102.129.14:80
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Kristyna\AppData\Roaming\Mozilla\Firefox\Profiles\wugo66c8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
.
**************************************************************************
.
Celkový čas: 2011-11-18 21:18:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-18 20:18
ComboFix2.txt 2011-11-17 22:06
.
Před spuštěním: Volných bajtů: 56 587 255 808
Po spuštění: Volných bajtů: 56 209 891 328
.
- - End Of File - - D0F84B2888B5C2DC047D5C2CAEF06900
Nahr nˇ probŘhlo ŁspŘçnŘ
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119510
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: CoinMiner

#8 Příspěvek od Rudy »

Mělo by to být všechno pryč. CF odinstalujte přes Startmenu>přík. řádek (napsat) combofix /uninstall>OK. MBAM můžete odisnzalovat standardně přes programy.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Carpenter
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 29 led 2005 16:52
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Carpenter

Re: CoinMiner

#9 Příspěvek od Carpenter »

Tak nevím. Chvíli to vypadalo dobře. Dal jsem aktualizace systému a ehjle. Nemám službu BITS potřebnou pro stažení aktualizací. Všechny návody selhaly. Vůbec tu službu nemám.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119510
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: CoinMiner

#10 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
REGEDIT 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]
"ImagePath"=hex(2):25,73,79,73,74,65,6D,72,6F,6F,74,25,5C,73,\
79,73,74,65,6D,33,32,5C,73,76,63,68,6F,73,74,2E,65,78,65,20,2D,6B,20,\
6E,65,74,73,76,63,73,00
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv]
"ImagePath"=hex(2):25,73,79,73,74,65,6D,72,6F,6F,74,25,5C,73,\
79,73,74,65,6D,33,32,5C,73,76,63,68,6F,73,74,2E,65,78,65,20,2D,6B,20,\
6E,65,74,73,76,63,73,00
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
Uložte na plochu jako oprava.reg a dvouklikem ho rozbalte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Carpenter
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 29 led 2005 16:52
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Carpenter

Re: CoinMiner

#11 Příspěvek od Carpenter »

Tak bohužel ani toto nepomohlo. Zapsal jsem to do registru restartoval a služba stále není dostupná.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119510
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: CoinMiner

#12 Příspěvek od Rudy »

Tak zkusíme ještě jiný skript. Zkopírujte do poznámkového bloku:
cd /d %SystemRoot%\system32
regsvr32 comcat.dll /s
regsvr32 shdoc401.dll /s
regsvr32 shdoc401.dll /i /s
regsvr32 asctrls.ocx /s
regsvr32 oleaut32.dll /s
regsvr32 shdocvw.dll /I /s
regsvr32 shdocvw.dll /s
regsvr32 browseui.dll /s
regsvr32 browseui.dll /I /s
regsvr32 msrating.dll /s
regsvr32 mlang.dll /s
regsvr32 hlink.dll /s
regsvr32 mshtmled.dll /s
regsvr32 urlmon.dll /s
regsvr32 plugin.ocx /s
regsvr32 sendmail.dll /s
regsvr32 scrobj.dll /s
regsvr32 mmefxe.ocx /s
regsvr32 corpol.dll /s
regsvr32 jscript.dll /s
regsvr32 msxml.dll /s
regsvr32 imgutil.dll /s
regsvr32 thumbvw.dll /s
regsvr32 cryptext.dll /s
regsvr32 rsabase.dll /s
regsvr32 inseng.dll /s
regsvr32 iesetup.dll /i /s
regsvr32 cryptdlg.dll /s
regsvr32 actxprxy.dll /s
regsvr32 dispex.dll /s
regsvr32 occache.dll /s
regsvr32 occache.dll /i /s
regsvr32 iepeers.dll /s
regsvr32 urlmon.dll /i /s
regsvr32 cdfview.dll /s
regsvr32 webcheck.dll /s
regsvr32 mobsync.dll /s
regsvr32 pngfilt.dll /s
regsvr32 licmgr10.dll /s
regsvr32 icmfilter.dll /s
regsvr32 hhctrl.ocx /s
regsvr32 inetcfg.dll /s
regsvr32 tdc.ocx /s
regsvr32 MSR2C.DLL /s
regsvr32 msident.dll /s
regsvr32 msieftp.dll /s
regsvr32 xmsconf.ocx /s
regsvr32 ils.dll /s
regsvr32 msoeacct.dll /s
regsvr32 inetcomm.dll /s
regsvr32 msdxm.ocx /s
regsvr32 dxmasf.dll /s
regsvr32 l3codecx.ax /s
regsvr32 acelpdec.ax /s
regsvr32 mpg4ds32.ax /s
regsvr32 voxmsdec.ax /s
regsvr32 danim.dll /s
regsvr32 Daxctle.ocx /s
regsvr32 lmrt.dll /s
regsvr32 datime.dll /s
regsvr32 dxtrans.dll /s
regsvr32 dxtmsft.dll /s
regsvr32 WEBPOST.DLL /s
regsvr32 WPWIZDLL.DLL /s
regsvr32 POSTWPP.DLL /s
regsvr32 CRSWPP.DLL /s
regsvr32 FTPWPP.DLL /s
regsvr32 FPWPP.DLL /s
regsvr32 WUAPI.DLL /s
regsvr32 WUAUENG.DLL /s
regsvr32 WUAUENG1.DLL /s
regsvr32 ATL.DLL /s
regsvr32 WUCLTUI.DLL /s
regsvr32 WUPS.DLL /s
regsvr32 WUPS2.DLL /s
regsvr32 WUWEB.DLL /s
regsvr32 wshom.ocx /s
regsvr32 wshext.dll /s
regsvr32 vbscript.dll /s
regsvr32 scrrun.dll mstinit.exe /setup /s
regsvr32 msnsspc.dll /SspcCreateSspiReg /s
regsvr32 msapsspc.dll /SspcCreateSspiReg /s
exit
a uložte na plochu jako IEreg.bat . Dvouklikem rozbalte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Carpenter
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 29 led 2005 16:52
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Carpenter

Re: CoinMiner

#13 Příspěvek od Carpenter »

Také nepomohlo. Nevím jestli nepomůže informace že se jedná o Windows7 64bit.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119510
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: CoinMiner

#14 Příspěvek od Rudy »

Carpenter píše:Také nepomohlo. Nevím jestli nepomůže informace že se jedná o Windows7 64bit.
Možné to je. Zkuste se podívat sem: http://support.microsoft.com/kb/971058/ ... selfAlways . Je to řešení přímo od MS.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Carpenter
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 29 led 2005 16:52
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Carpenter

Re: CoinMiner

#15 Příspěvek od Carpenter »

Také nepomohlo. Velice děkuji za snahu. Reinstal W7 nepřichází v úvahu pro nedostatek času. Objetuju proto nefunkční aktualizace systému.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“