MDM.exe neni vo system32

Zpráva

GAMELASTER · #1 Příspěvek od **GAMELASTER** » 09 úno 2012 16:27

Ahojte, mam taky problem, mam Win 7 64bit Ultimate a zapina sa mi nejaky mdm.exe pri spusteny pc.... je skryty a je v C:\windows... Pocul som ze je to virus.... Staci, ze som to vymazal???? Alebo ako mam stim pokracovat?
V Autoruns som ho nasiel v Everything a ma tento nazov: Microsoft Firevall Engine. Ano Firevall. Hned to my bolo cudne, tak som ho nasiel a zmazal. Dakujem vopred..

#2 Příspěvek od **Rudy** » 09 úno 2012 18:10

Zdravím!
Poprosím o log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

GAMELASTER · #3 Příspěvek od **GAMELASTER** » 09 úno 2012 20:04

ComboFix 12-02-09.04 - Gamelaster . 02. 2012 19:32:57.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.1789.879 [GMT 1:00]
Running from: c:\users\Gamelaster\Downloads\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Your Product\lua5.1.dll
c:\users\GAMELA~1\AppData\Local\Temp\TeamViewer\Version7\tv_x64.dll
c:\users\Gamelaster\AppData\Local\Temp\TeamViewer\Version7\tv_x64.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-09 18:52 . 2012-02-09 18:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-09 12:54 . 2012-02-09 12:54 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{67D8C685-8C60-4278-9A21-A3103FF00C89}\offreg.dll
2012-02-08 18:53 . 2012-02-09 18:50 -------- d-----w- c:\program files (x86)\Your Product
2012-02-08 15:29 . 2012-02-08 15:34 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-02-07 14:44 . 2012-02-07 14:44 -------- d-----w- c:\users\Gamelaster\AppData\Roaming\TortoiseSVN
2012-02-07 13:06 . 2012-02-09 12:51 -------- d-----w- c:\users\Gamelaster\AppData\Local\TSVNCache
2012-02-07 13:06 . 2012-02-07 13:06 -------- d-----w- c:\users\Gamelaster\AppData\Roaming\Subversion
2012-02-06 18:54 . 2012-02-06 18:54 -------- d-----w- c:\program files (x86)\Common Files\TortoiseOverlays
2012-02-06 18:54 . 2012-02-06 18:54 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2012-02-04 16:37 . 2012-02-04 16:41 -------- d-----w- c:\users\Gamelaster\debilina
2012-02-02 16:40 . 2012-02-02 16:40 -------- d-----w- c:\program files (x86)\Common Files\Thraex Software
2012-02-01 16:56 . 2012-02-01 16:56 -------- d-----w- c:\program files (x86)\QipGuard
2012-02-01 16:56 . 2012-02-01 16:56 -------- d-----w- c:\users\Gamelaster\AppData\Roaming\QipGuard
2012-02-01 16:56 . 2012-01-12 11:35 142288 ----a-w- c:\users\Gamelaster\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
2012-02-01 16:55 . 2012-02-01 16:56 -------- d-----w- c:\program files (x86)\QIP 2012
2012-02-01 16:46 . 2012-02-06 16:02 -------- d-----w- c:\users\Gamelaster\AppData\Roaming\QIP
2012-01-31 05:43 . 2012-01-31 05:43 -------- d-----w- C:\vcs5BGEffects
2012-01-31 05:40 . 2012-01-31 05:54 -------- d-----w- c:\program files (x86)\AV Vcs 6.0 DIAMOND
2012-01-29 18:52 . 2012-02-05 14:32 -------- d-----w- c:\program files (x86)\MTA San Andreas 1.3
2012-01-28 11:18 . 2012-01-28 11:18 -------- d-----w- c:\users\Gamelaster\AppData\Roaming\Screaming Bee
2012-01-28 11:15 . 2012-01-28 11:15 -------- d-----w- c:\program files (x86)\Screaming Bee
2012-01-27 16:10 . 2012-01-27 16:10 -------- d-----w- c:\users\Gamelaster\AppData\Roaming\HideIPPrivacy
2012-01-27 16:10 . 2012-01-27 16:10 -------- d-----w- c:\programdata\HideIPPrivacy
2012-01-24 18:43 . 2012-01-24 18:43 -------- d-----w- c:\users\Gamelaster\AppData\Roaming\SmartHideIP
2012-01-24 18:43 . 2012-01-24 18:43 -------- d-----w- c:\programdata\SmartHideIP
2012-01-24 14:07 . 2012-01-24 14:08 -------- d-----w- C:\Python27
2012-01-18 20:13 . 2012-01-18 20:13 -------- d-----w- c:\programdata\Blumentals
2012-01-18 20:12 . 2012-01-18 20:12 -------- d-----w- c:\program files (x86)\Rapid PHP 2011
2012-01-18 20:12 . 2012-01-18 20:12 -------- d-----w- c:\users\Gamelaster\AppData\Roaming\Blumentals
2012-01-15 18:34 . 2012-01-15 18:34 -------- d-----w- c:\program files\7-Zip
2012-01-13 21:17 . 2012-01-13 21:18 -------- d-----w- c:\users\Gamelaster\AppData\Local\Facebook
2012-01-13 15:56 . 2012-01-13 15:58 -------- d-----w- c:\program files\trend micro
2012-01-13 15:56 . 2012-01-13 15:58 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 13:28 . 2011-10-28 20:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-09 19:36 . 2011-10-30 08:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-07 16:04 . 2012-01-07 15:13 2478272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-11-14 18:32 . 2011-11-14 18:32 627600 ----a-w- c:\windows\system32\deployJava1.dll
2003-03-21 12:45 . 2011-12-20 16:42 250544 ----a-w- c:\program files (x86)\Common Files\keyhelp.ocx
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-10-28 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-10-28 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2011-12-23 997888]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Facebook Update"="c:\users\Gamelaster\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-01-13 137536]
"QIP Internet Guardian"="c:\users\Gamelaster\AppData\Roaming\QipGuard\QipGuard.exe" [2012-01-12 191440]
"Infium"="c:\program files (x86)\QIP 2012\qip.exe" [2012-01-12 7320528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;d:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2012-01-12 191440]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2901543845-1208738069-1701217237-1000Core.job
- c:\users\Gamelaster\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-13 21:17]
.
2012-02-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2901543845-1208738069-1701217237-1000UA.job
- c:\users\Gamelaster\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-13 21:17]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2901543845-1208738069-1701217237-1000Core.job
- c:\users\Gamelaster\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 08:23]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2901543845-1208738069-1701217237-1000UA.job
- c:\users\Gamelaster\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 08:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Microsoft Firevall Engine - c:\windows\mdm.exe
Wow6432Node-HKLM-Run-Microsoft Firevall Engine - c:\windows\mdm.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-09 20:02:09
ComboFix-quarantined-files.txt 2012-02-09 19:02
.
Pre-Run: 8 411 553 792 bytes free
Post-Run: 8 536 887 296 bytes free
.
- - End Of File - - ECE39D2D2D533B6FE718B2489740D302

GAMELASTER · #4 Příspěvek od **GAMELASTER** » 09 úno 2012 20:31

A jeste, eset mi psal ze se neda spojit z jadrem a po restartu ted vubec ni nic nevipise. Resp. Ja GUI vobec nevidim.. Vidim iba napis eset a nic vice.. Pise problem s komunikacii s jadrem..

#5 Příspěvek od **Rudy** » 09 úno 2012 20:52

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\users\Gamelaster\AppData\Local\Facebook\Update

Collect::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2901543845-1208738069-1701217237-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2901543845-1208738069-1701217237-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2901543845-1208738069-1701217237-1000UA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-

Reglock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

GAMELASTER · #6 Příspěvek od **GAMELASTER** » 09 úno 2012 21:25

Ok, idem to urobit. A neni to nahodou siraci sa vir? A odvtedy ako my blbne PC, tak ho mam zapnuty. SSH2 a SFTP je on. JE to linux Debian 6.0.. Aj ten teraz nejako blbne. Apache2 vobec nejde, to iste SFTP a SSH2.... A inac, je to kvoli facebooku ci co???? A este, moj web(gamelaster.eu) zobrazuje uplne cele modre... A daktore weby vobec nejdu... Nejde ostranovat daktore registre.... A eset je uplne vyradeni...

GAMELASTER · #7 Příspěvek od **GAMELASTER** » 09 úno 2012 22:07

ComboFix 12-02-09.04 - Gamelaster . 02. 2012 21:30:03.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.1789.513 [GMT 1:00]
Running from: c:\users\Gamelaster\Desktop\ComboFix.exe
Command switches used :: c:\users\Gamelaster\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\QIP 2012\Core\MousePhone.dll
c:\program files (x86)\Your Product\Uninstall
c:\program files (x86)\Your Product\Uninstall\IRIMG1.JPG
c:\program files (x86)\Your Product\Uninstall\IRIMG2.JPG
c:\program files (x86)\Your Product\Uninstall\uninstall.dat
c:\program files (x86)\Your Product\Uninstall\uninstall.xml
c:\users\Gamelaster\AppData\Local\Facebook\Update
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdateHelper.msi
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdate.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ar.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bg.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bn.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ca.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_cs.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_da.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_de.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_el.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en-GB.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es-419.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_et.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fa.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fi.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fil.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fr.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_gu.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hi.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hr.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hu.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_id.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_is.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_it.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_iw.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ja.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_kn.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ko.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lt.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lv.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ml.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_mr.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ms.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_nl.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_no.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_or.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pl.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-BR.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-PT.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ro.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ru.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sk.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sl.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sr.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sv.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ta.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_te.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_th.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_tr.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_uk.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ur.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_vi.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-CN.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-TW.dll
c:\users\Gamelaster\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-09 20:48 . 2012-02-09 20:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-09 19:28 . 2009-03-18 15:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2012-02-09 19:28 . 2012-02-09 19:28 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-02-08 18:53 . 2012-02-09 20:47 -------- d-----w- c:\program files (x86)\Your Product
2012-02-08 15:29 . 2012-02-08 15:34 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-02-07 14:44 . 2012-02-07 14:44 -------- d-----w- c:\users\Gamelaster\AppData\Roaming\TortoiseSVN
2012-02-07 13:06 . 2012-02-09 19:26 -------- d-----w- c:\users\Gamelaster\AppData\Local\TSVNCache
2012-02-07 13:06 . 2012-02-07 13:06 -------- d-----w- c:\users\Gamelaster\AppData\Roaming\Subversion
2012-02-06 18:54 . 2012-02-06 18:54 -------- d-----w- c:\program files (x86)\Common Files\TortoiseOverlays
2012-02-06 18:54 . 2012-02-06 18:54 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2012-02-04 16:37 . 2012-02-04 16:41 -------- d-----w- c:\users\Gamelaster\debilina
2012-02-02 16:40 . 2012-02-02 16:40 -------- d-----w- c:\program files (x86)\Common Files\Thraex Software
2012-02-01 16:56 . 2012-02-01 16:56 -------- d-----w- c:\program files (x86)\QipGuard
2012-02-01 16:56 . 2012-02-01 16:56 -------- d-----w- c:\users\Gamelaster\AppData\Roaming\QipGuard
2012-02-01 16:56 . 2012-01-12 11:35 142288 ----a-w- c:\users\Gamelaster\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
2012-02-01 16:55 . 2012-02-01 16:56 -------- d-----w- c:\program files (x86)\QIP 2012
2012-02-01 16:46 . 2012-02-06 16:02 -------- d-----w- c:\users\Gamelaster\AppData\Roaming\QIP
2012-01-31 05:43 . 2012-01-31 05:43 -------- d-----w- C:\vcs5BGEffects
2012-01-31 05:40 . 2012-01-31 05:54 -------- d-----w- c:\program files (x86)\AV Vcs 6.0 DIAMOND
2012-01-29 18:52 . 2012-02-05 14:32 -------- d-----w- c:\program files (x86)\MTA San Andreas 1.3
2012-01-28 11:18 . 2012-01-28 11:18 -------- d-----w- c:\users\Gamelaster\AppData\Roaming\Screaming Bee
2012-01-28 11:15 . 2012-01-28 11:15 -------- d-----w- c:\program files (x86)\Screaming Bee
2012-01-27 16:10 . 2012-01-27 16:10 -------- d-----w- c:\users\Gamelaster\AppData\Roaming\HideIPPrivacy
2012-01-27 16:10 . 2012-01-27 16:10 -------- d-----w- c:\programdata\HideIPPrivacy
2012-01-24 18:43 . 2012-01-24 18:43 -------- d-----w- c:\users\Gamelaster\AppData\Roaming\SmartHideIP
2012-01-24 18:43 . 2012-01-24 18:43 -------- d-----w- c:\programdata\SmartHideIP
2012-01-24 14:07 . 2012-01-24 14:08 -------- d-----w- C:\Python27
2012-01-18 20:13 . 2012-01-18 20:13 -------- d-----w- c:\programdata\Blumentals
2012-01-18 20:12 . 2012-01-18 20:12 -------- d-----w- c:\program files (x86)\Rapid PHP 2011
2012-01-18 20:12 . 2012-01-18 20:12 -------- d-----w- c:\users\Gamelaster\AppData\Roaming\Blumentals
2012-01-15 18:34 . 2012-01-15 18:34 -------- d-----w- c:\program files\7-Zip
2012-01-13 21:17 . 2012-01-13 21:18 -------- d-----w- c:\users\Gamelaster\AppData\Local\Facebook
2012-01-13 15:56 . 2012-01-13 15:58 -------- d-----w- c:\program files\trend micro
2012-01-13 15:56 . 2012-01-13 15:58 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 13:28 . 2011-10-28 20:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-09 19:36 . 2011-10-30 08:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-07 16:04 . 2012-01-07 15:13 2478272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-11-14 18:32 . 2011-11-14 18:32 627600 ----a-w- c:\windows\system32\deployJava1.dll
2003-03-21 12:45 . 2011-12-20 16:42 250544 ----a-w- c:\program files (x86)\Common Files\keyhelp.ocx
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-10-28 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-10-28 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-02-09_18.54.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-02-09 19:29 41158 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-09 19:29 42694 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:30 . 2012-02-09 19:39 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-01-28 11:16 86016 c:\windows\system32\DriverStore\infpub.dat
- 2011-10-28 19:56 . 2012-02-09 18:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-28 19:56 . 2012-02-09 20:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-28 19:56 . 2012-02-09 18:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-28 19:56 . 2012-02-09 20:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-03 06:30 . 2012-02-09 20:49 12967 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-11-03 06:30 . 2012-02-09 06:20 12967 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2011-10-28 19:36 . 2012-02-09 19:29 8962 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2901543845-1208738069-1701217237-1000_UserData.bin
- 2011-10-28 19:36 . 2012-02-09 12:53 8962 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2901543845-1208738069-1701217237-1000_UserData.bin
+ 2012-02-09 20:50 . 2012-02-09 20:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-09 12:51 . 2012-02-09 12:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-09 20:50 . 2012-02-09 20:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-09 12:51 . 2012-02-09 12:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:30 . 2012-01-28 11:16 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-02-09 19:39 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-01-28 11:16 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-02-09 19:39 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2012-02-09 06:20 398508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-09 20:49 398508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-10 21:10 . 2012-02-09 20:49 1061400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-01-10 21:10 . 2012-02-09 06:20 1061400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-09 19:26 . 2012-02-09 19:26 3849216 c:\windows\Installer\2126a.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2011-12-23 997888]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"QIP Internet Guardian"="c:\users\Gamelaster\AppData\Roaming\QipGuard\QipGuard.exe" [2012-01-12 191440]
"Infium"="c:\program files (x86)\QIP 2012\qip.exe" [2012-01-12 7320528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;d:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 2343816]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2012-01-12 191440]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2901543845-1208738069-1701217237-1000Core.job
- c:\users\Gamelaster\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 08:23]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2901543845-1208738069-1701217237-1000UA.job
- c:\users\Gamelaster\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 08:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2012-02-09 22:00:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-09 21:00
ComboFix2.txt 2012-02-09 19:02
.
Pre-Run: 8 669 442 048 bytes free
Post-Run: 9 089 085 440 bytes free
.
- - End Of File - - 41168DF5CFE2B4F875BEFCF86BC4B2B8
Upload was successful

Ok, takze problem vobec neprestava. ESET stale nejde, dal som ho odinstalovat no cudom tam je. A stale to nejde... Moj web je cely modry a u chrome mi neukazuje znak + na pridanie tabulky.....

#8 Příspěvek od **Rudy** » 09 úno 2012 22:15

Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

GAMELASTER · #9 Příspěvek od **GAMELASTER** » 09 úno 2012 22:19

Wufff, kolko to asi dela? tam bolo napsane 23 hodin, to hadam ne.. Ci?? Jinak, zitra dodam ten log, ted uz ne..

#10 Příspěvek od **Rudy** » 09 úno 2012 22:30

To závisí na velikosti disku a rychlosti systému. V každém případě to nechte běžet přes noc.

GAMELASTER · #11 Příspěvek od **GAMELASTER** » 11 úno 2012 14:45

Status: Detected (events: 9)
11. 2. 2012 8:33:50 Detected Trojan program Trojan.Win32.Agent2.dbxq C:\Documents and Settings\Gamelaster\Desktop\Marek\Zabavky\SA-MP\fighter_fx72_by_virus.rar//Fighter_FX72_by_ViRuS/FighterFX.exe High
11. 2. 2012 8:52:03 Detected malware HackTool.MSIL.Loic.av C:\Documents and Settings\Gamelaster\Downloads\DDoS.rar//DDoS/Loic/debug/LOIC.exe Medium
11. 2. 2012 8:52:04 Detected malware Flooder.MSIL.Agent.e C:\Documents and Settings\Gamelaster\Downloads\DDoS.rar//DDoS/Loic/LOIC.exe Medium
11. 2. 2012 12:33:45 Detected malware HackTool.MSIL.Loic.av C:\Users\Gamelaster\Downloads\DDoS.rar//DDoS/Loic/debug/LOIC.exe Medium
11. 2. 2012 12:33:47 Detected malware Flooder.MSIL.Agent.e C:\Users\Gamelaster\Downloads\DDoS.rar//DDoS/Loic/LOIC.exe Medium
11. 2. 2012 14:27:04 Detected Trojan program Trojan.Win32.Agent2.dbxq C:\zaloha\Gamelaster\Desktop\Marek\Zabavky\SA-MP\fighter_fx72_by_virus.rar//Fighter_FX72_by_ViRuS/FighterFX.exe High
11. 2. 2012 14:34:37 Detected Trojan program Trojan.Win32.Genome.njkq C:\zaloha\Gamelaster\Desktop\Marek\Zabavky\SA-MP\w4rhookv7_by_virus.rar//w4rhookv7_by_ViRuS/w4r hook v7.dll High
11. 2. 2012 14:34:38 Detected Trojan program Trojan.Win32.Agent2.dbxq C:\zaloha\Gamelaster\Desktop\Marek\Zabavky\SA-MP\w4rhookv7_by_virus.rar//w4rhookv7_by_ViRuS/w4r hook v7.exe High
11. 2. 2012 14:39:02 Detected Trojan program Trojan.Win32.Agent2.dbxq D:\CS\cdhack4.33.4b\cdhack.exe High
Status: Absent (events: 2)
11. 2. 2012 10:36:38 Not found Trojan program Trojan.Win32.Genome.njkq C:\Documents and Settings\Gamelaster\Desktop\Marek\Zabavky\SA-MP\w4rhookv7_by_virus.rar//w4rhookv7_by_ViRuS/w4r hook v7.dll High
11. 2. 2012 10:36:38 Not found Trojan program Trojan.Win32.Agent2.dbxq C:\Documents and Settings\Gamelaster\Desktop\Marek\Zabavky\SA-MP\w4rhookv7_by_virus.rar//w4rhookv7_by_ViRuS/w4r hook v7.exe High
Status: Deleted (events: 6)
11. 2. 2012 8:54:01 Deleted Trojan program Trojan.Win32.Buzus.kxjj C:\Documents and Settings\Gamelaster\Downloads\Facebook.com-IMG432879 (1).exe High
11. 2. 2012 8:54:02 Deleted Trojan program Trojan.Win32.Buzus.kxjj C:\Documents and Settings\Gamelaster\Downloads\Facebook.com-IMG432879.exe High
11. 2. 2012 9:03:02 Deleted Trojan program Trojan-Downloader.Win32.Banload.bmei C:\Documents and Settings\Gamelaster\Downloads\PacSteamT-09-11-2011.exe High
11. 2. 2012 9:03:02 Deleted Trojan program Trojan-Downloader.Win32.Banload.bmei C:\Documents and Settings\Gamelaster\Downloads\PacSteamT-09-11-2011.exe//ForumINFO\PacForum.exe High
11. 2. 2012 10:34:56 Deleted malware HackTool.MSIL.Loic.av C:\Documents and Settings\Gamelaster\Downloads\DDoS\DDoS\Loic\debug\LOIC.exe Medium
11. 2. 2012 10:34:59 Deleted malware Flooder.MSIL.Agent.e C:\Documents and Settings\Gamelaster\Downloads\DDoS\DDoS\Loic\LOIC.exe Medium

Ehm, PacSteam: Je to vir ale ten to udelat nemohl, uz ho pouzivam dlouho. To iste LOIC, HOIC, CDhack a Fighter X.. Takze zostava ten FaceBook...

//EDIT: Kdyz mi zacalo scanovat D: tak sem to vypl, na D: virus 100% neni...

GAMELASTER · #12 Příspěvek od **GAMELASTER** » 11 úno 2012 18:09

jinak, ESET stale nejede a chrome blbne..

#13 Příspěvek od **Rudy** » 11 úno 2012 18:59

Zkuste obě aplikace reinstalovat.

GAMELASTER · #14 Příspěvek od **GAMELASTER** » 11 úno 2012 19:20

ESET nejede odinstalovat a jdu skusit Chrome...

#15 Příspěvek od **Rudy** » 11 úno 2012 19:28

Na odinstalaci Esetu použijte utilitu: http://www.enterpolicka.cz/28-hloubkova ... duktu-eset .

VIRY.CZ

MDM.exe neni vo system32

MDM.exe neni vo system32

Re: MDM.exe neni vo system32

Re: MDM.exe neni vo system32

Re: MDM.exe neni vo system32

Re: MDM.exe neni vo system32

Re: MDM.exe neni vo system32

Re: MDM.exe neni vo system32

Re: MDM.exe neni vo system32

Re: MDM.exe neni vo system32

Re: MDM.exe neni vo system32

Re: MDM.exe neni vo system32

Re: MDM.exe neni vo system32

Re: MDM.exe neni vo system32

Re: MDM.exe neni vo system32

Re: MDM.exe neni vo system32