Babylon

[Kosticka26]

Prosím Vás ještě o radu ... SEARCH.BABYLON té potvory se nemohu zbavit Zkoušel jsem odinstalovat, pak i přes killbox, ale nic. Přitom používám jako prohlížeč Chrome... v doplňcích to viditelné není - tudíž to nejde ani vyhledat.

Budu rád za jakoukoliv pomoc.

[Rudy]

Dejte log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=105895 .

[Kosticka26]

Logfile of random's system information tool 1.09 (written by random/random)
Run by 1 at 2012-08-08 22:09:02
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 10 GB (21%) free of 50 GB
Total RAM: 3070 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:09:05, on 8.8.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\1\Desktop\RSIT.exe
C:\Program Files\trend micro\1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: SlimStar 250.lnk = C:\Program Files\SlimStar 250\MagicKey.exe
O8 - Extra context menu item: &Download All by FlashGet - D:\Program Files\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - D:\Program Files\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Stáhnout s FlashGetem - D:\Program Files\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Stáhnout vše s FlashGetem - D:\Program Files\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\MP3 Skype Recorder\Skype4COM.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Aladdin SQL Server - Unknown owner - C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe

--
End of file - 6081 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-07-06 329480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2011-05-13 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-07-06 59144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-01-13 6711840]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-06-27 1996200]
"avgnt"=D:\Avira\AntiVir Desktop\avgnt.exe [2012-07-18 348664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SlimStar 250.lnk - C:\Program Files\SlimStar 250\MagicKey.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BsScanner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDriveTypeAutoRun"=28

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.IV41"=IR41_32.AX
"VIDC.FMVC"=fmcodec.dll
"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-08-08 22:03:18 ----D---- C:\rsit
2012-08-08 21:18:01 ----D---- C:\!KillBox
2012-08-08 10:55:26 ----D---- C:\Users\1\AppData\Roaming\Avira
2012-08-08 10:49:31 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2012-08-08 10:49:28 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2012-08-08 10:49:28 ----A---- C:\Windows\system32\drivers\avipbb.sys
2012-08-08 10:49:28 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2012-08-08 10:48:43 ----D---- C:\ProgramData\Avira
2012-08-08 09:24:58 ----D---- C:\Program Files\trend micro
2012-08-07 21:28:24 ----D---- C:\Program Files\Enigma Software Group
2012-08-07 21:27:56 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2012-08-07 18:28:37 ----A---- C:\user.js
2012-08-02 09:43:08 ----D---- C:\Users\1\AppData\Roaming\daypo
2012-07-15 10:23:39 ----RHD---- C:\Users\1\AppData\Roaming\SecuROM
2012-07-14 16:03:30 ----A---- C:\Windows\system32\win32k.sys
2012-07-14 16:00:06 ----A---- C:\Windows\system32\mshtmled.dll
2012-07-14 16:00:06 ----A---- C:\Windows\system32\iertutil.dll
2012-07-14 16:00:05 ----A---- C:\Windows\system32\wininet.dll
2012-07-14 16:00:05 ----A---- C:\Windows\system32\url.dll
2012-07-14 16:00:05 ----A---- C:\Windows\system32\jscript9.dll
2012-07-14 16:00:05 ----A---- C:\Windows\system32\jscript.dll
2012-07-14 16:00:05 ----A---- C:\Windows\system32\ieUnatt.exe
2012-07-14 16:00:05 ----A---- C:\Windows\system32\ieui.dll
2012-07-14 16:00:04 ----A---- C:\Windows\system32\urlmon.dll
2012-07-14 16:00:04 ----A---- C:\Windows\system32\jsproxy.dll
2012-07-14 16:00:03 ----A---- C:\Windows\system32\mshtml.dll
2012-07-14 16:00:02 ----A---- C:\Windows\system32\ieframe.dll
2012-07-14 13:54:17 ----A---- C:\Windows\system32\shell32.dll
2012-07-14 13:54:14 ----A---- C:\Windows\system32\msxml6.dll
2012-07-14 13:54:14 ----A---- C:\Windows\system32\msxml3.dll
2012-07-14 13:54:13 ----A---- C:\Windows\system32\schannel.dll
2012-07-14 13:54:13 ----A---- C:\Windows\system32\ncrypt.dll
2012-07-14 13:54:13 ----A---- C:\Windows\system32\drivers\ksecdd.sys

======List of files/folders modified in the last 1 month======

2012-08-08 22:03:22 ----D---- C:\Windows\Temp
2012-08-08 21:44:28 ----D---- C:\Windows\System32
2012-08-08 21:44:28 ----D---- C:\Windows\inf
2012-08-08 21:44:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-08-08 21:22:10 ----RD---- C:\Program Files
2012-08-08 20:56:10 ----D---- C:\Users\1\AppData\Roaming\Media Player Classic
2012-08-08 20:56:10 ----D---- C:\Users\1\AppData\Roaming\AIMP3
2012-08-08 20:52:55 ----D---- C:\Windows\Prefetch
2012-08-08 20:52:53 ----D---- C:\Windows
2012-08-08 14:33:28 ----HD---- C:\ProgramData
2012-08-08 14:33:28 ----D---- C:\Windows\Tasks
2012-08-08 14:32:04 ----D---- C:\Windows\system32\drivers\etc
2012-08-08 14:32:01 ----SHD---- C:\System Volume Information
2012-08-08 14:02:00 ----SHD---- C:\Windows\Installer
2012-08-08 13:59:31 ----D---- C:\Windows\system32\catroot2
2012-08-08 10:49:57 ----D---- C:\Windows\system32\catroot
2012-08-08 10:49:31 ----D---- C:\Windows\system32\drivers
2012-08-08 10:47:03 ----SHD---- C:\Config.Msi
2012-08-08 09:13:48 ----D---- C:\ProgramData\MFAData
2012-08-08 09:12:24 ----AD---- C:\ProgramData\TEMP
2012-08-08 09:11:44 ----D---- C:\Program Files\Common Files
2012-08-08 09:11:36 ----D---- C:\Program Files\Windows Sidebar
2012-08-07 21:28:32 ----D---- C:\Windows\system32\Tasks
2012-08-07 21:23:35 ----D---- C:\Users\1\AppData\Roaming\Skype
2012-08-07 20:40:37 ----D---- C:\Users\1\AppData\Roaming\vlc
2012-08-07 10:44:30 ----D---- C:\Users\1\AppData\Roaming\Dropbox
2012-08-04 01:22:59 ----D---- C:\Users\1\AppData\Roaming\uTorrent
2012-08-04 00:44:26 ----D---- C:\Windows\Logs
2012-08-04 00:44:18 ----D---- C:\Windows\Debug
2012-08-04 00:27:58 ----D---- C:\Users\1\AppData\Roaming\Opera
2012-08-03 14:13:51 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-08-02 11:07:53 ----SD---- C:\ProgramData\Microsoft
2012-07-21 16:47:26 ----D---- C:\ProgramData\Skype
2012-07-20 12:27:56 ----D---- C:\Program Files\DsNET Corp
2012-07-15 10:21:40 ----A---- C:\Windows\system32\CmdLineExt.dll
2012-07-15 10:18:54 ----D---- C:\Windows\winsxs
2012-07-15 10:18:10 ----RSD---- C:\Windows\assembly
2012-07-15 09:57:18 ----HD---- C:\Program Files\InstallShield Installation Information
2012-07-15 09:00:32 ----D---- C:\Windows\system32\migration
2012-07-15 09:00:30 ----D---- C:\Program Files\Internet Explorer
2012-07-14 16:03:24 ----D---- C:\ProgramData\Microsoft Help
2012-07-14 16:03:01 ----A---- C:\Windows\win.ini
2012-07-14 16:00:38 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-19 691696]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2012-07-18 137928]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2012-07-18 36000]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2012-07-18 83392]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-12-02 4179968]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-01-13 2304928]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-12-10 135680]
R3 UsbFltr;WayTech USB Filter Driver; C:\Windows\System32\Drivers\UsbFltr.sys [2006-04-21 8429]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 a2n12dqm;a2n12dqm; C:\Windows\system32\drivers\a2n12dqm.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-12-19 16608]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2011-05-18 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2011-05-18 25512]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-02 1302492]
S3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\KBFILTER.SYS [2006-04-21 12963]
S3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2012-03-26 32768]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Aladdin SQL Server;Aladdin SQL Server; C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe [2012-08-05 140224]
R2 AntiVirService;Avira Realtime Protection; D:\Avira\AntiVir Desktop\avguard.exe [2012-07-18 110032]
R2 AntiVirSchedulerService;Avira Scheduler; D:\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 1385896]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-12-24 66872]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
S2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-12-01 720896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

[Rudy]

Tady není vidět. Ještě poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Kosticka26]

ComboFix 12-08-08.03 - 1 09.08.2012 8:49.1.4 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.3070.1844 [GMT 2:00]
Spuštěný z: c:\users\1\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\1\AppData\Local\assembly\tmp
c:\users\Public\sdelevURL.tmp
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-09 do 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-08 20:03 . 2012-08-08 20:03 -------- d-----w- C:\rsit
2012-08-08 19:18 . 2012-08-08 19:26 -------- d-----w- C:\!KillBox
2012-08-08 08:55 . 2012-08-08 08:55 -------- d-----w- c:\users\1\AppData\Roaming\Avira
2012-08-08 08:49 . 2012-07-18 16:05 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-08 08:49 . 2012-07-18 16:05 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-08 08:49 . 2012-07-18 16:05 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-08 08:48 . 2012-08-08 08:48 -------- d-----w- c:\programdata\Avira
2012-08-08 07:24 . 2012-08-08 20:09 -------- d-----w- c:\program files\trend micro
2012-08-08 07:21 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B15742C7-7790-48FC-A8BF-319605E09B36}\mpengine.dll
2012-08-07 19:28 . 2012-08-07 19:28 -------- d-----w- c:\program files\Enigma Software Group
2012-08-07 19:27 . 2012-08-07 19:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-08-07 16:28 . 2012-08-07 16:28 304 ----a-w- C:\user.js
2012-08-02 07:43 . 2012-08-02 07:43 -------- d-----w- c:\users\1\AppData\Roaming\daypo
2012-07-15 08:23 . 2012-07-15 08:23 -------- d--h--r- c:\users\1\AppData\Roaming\SecuROM
2012-07-15 08:22 . 2012-07-15 09:09 -------- d-----w- c:\users\1\AppData\Local\Rockstar Games
2012-07-14 14:03 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-14 11:54 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-14 11:54 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-14 11:54 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-14 11:54 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-14 11:54 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-14 11:54 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 12:13 . 2012-05-07 12:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 12:13 . 2011-05-23 06:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-15 08:21 . 2012-02-16 21:46 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-07-06 16:34 . 2012-07-06 16:34 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-06 16:34 . 2010-05-10 06:39 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-27 02:14 . 2012-06-27 02:14 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-06-02 22:19 . 2012-06-21 06:30 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 06:30 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 06:30 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 06:30 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 06:30 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 06:30 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 06:30 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 06:29 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 06:29 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-14 11:54 278528 ----a-w- c:\windows\system32\schannel.dll
2012-05-31 10:25 . 2009-10-03 07:04 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6711840]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"avgnt"="d:\avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SlimStar 250.lnk - c:\program files\SlimStar 250\MagicKey.exe [2010-2-13 172032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
IE: &Download All by FlashGet - d:\program files\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - d:\program files\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout s FlashGetem - d:\program files\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout vše s FlashGetem - d:\program files\FlashGet universal\ComDlls\Bhoall.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Save YouTube Video as MP3
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-BsScanner
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-GamePlayLabs Plugin - c:\users\1\AppData\Local\GamePlayLabs Plugin\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-09 08:55
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{25515A79-C1C7-4B97-97F8-31A711694487}"=hex:51,66,7a,6c,4c,1d,38,12,17,59,42,
21,f5,8f,f9,0e,e8,ee,72,e7,14,37,00,93
"{687578B9-7132-4A7A-80E4-30EE31099E03}"=hex:51,66,7a,6c,4c,1d,38,12,d7,7b,66,
6c,00,3f,14,0f,ff,f2,73,ae,34,57,da,17
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{26A7CA19-7D58-411D-B2DA-F1B0324CBFFC}"=hex:51,66,7a,6c,4c,1d,38,12,77,c9,b4,
22,6a,33,73,04,cd,cc,b2,f0,37,12,fb,e8
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:2f,28,0e,91,3c,26,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,18,d1,cf,d9,ea,c5,4c,9b,4d,4e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,18,d1,cf,d9,ea,c5,4c,9b,4d,4e,\
.
[HKEY_USERS\S-1-5-21-2462328225-3109948575-47500355-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A8D0E82-5F27-23FE-1BEF-F1B91A2F27CE}*]
"namecdealdeahppekfcleghhkleo"=hex:69,61,6b,63,64,65,67,62,6e,6f,68,67,67,61,
6c,70,6c,64,00,00
"oaoepbpkjhdglonmccgnceogkbidlb"=hex:69,61,6b,63,64,65,67,62,6e,6f,68,67,67,61,
6c,70,6c,64,00,00
.
[HKEY_USERS\S-1-5-21-2462328225-3109948575-47500355-1000\Software\SecuROM\License information*]
"datasecu"=hex:90,1e,a6,0a,68,b8,28,76,16,35,08,9e,b8,e4,9b,bc,68,b7,a0,b9,8b,
2e,e3,26,bb,e1,70,b3,7e,82,58,a3,d6,6e,ab,d5,75,c7,71,68,02,41,b6,1e,d5,8d,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
Celkový čas: 2012-08-09 08:56:29
ComboFix-quarantined-files.txt 2012-08-09 06:56
.
Před spuštěním: Volných bajtů: 10 321 391 616
Po spuštění: Volných bajtů: 10 305 372 160
.
- - End Of File - - 3DF445633281F25EE832AA9E9905A712

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

Regnull::
[HKEY_USERS\S-1-5-21-2462328225-3109948575-47500355-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A8D0E82-5F27-23FE-1BEF-F1B91A2F27CE}*]
[HKEY_USERS\S-1-5-21-2462328225-3109948575-47500355-1000\Software\SecuROM\License information*]

Reboot::

Uložte na plochu jako CFScript-txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Kosticka26]

Provedeno ... pro jistotu výpis logu z COMBO fix:

========

ComboFix 12-08-08.03 - 1 09.08.2012 19:18:11.2.4 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.3070.2086 [GMT 2:00]
Spuštěný z: c:\users\1\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\1\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-09 do 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 17:23 . 2012-08-09 17:25 -------- d-----w- c:\users\1\AppData\Local\temp
2012-08-09 17:23 . 2012-08-09 17:23 -------- d-----w- c:\users\postgre\AppData\Local\temp
2012-08-08 20:03 . 2012-08-08 20:03 -------- d-----w- C:\rsit
2012-08-08 19:18 . 2012-08-08 19:26 -------- d-----w- C:\!KillBox
2012-08-08 08:55 . 2012-08-08 08:55 -------- d-----w- c:\users\1\AppData\Roaming\Avira
2012-08-08 08:49 . 2012-07-18 16:05 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-08 08:49 . 2012-07-18 16:05 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-08 08:49 . 2012-07-18 16:05 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-08 08:48 . 2012-08-08 08:48 -------- d-----w- c:\programdata\Avira
2012-08-08 07:24 . 2012-08-08 20:09 -------- d-----w- c:\program files\trend micro
2012-08-08 07:21 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B15742C7-7790-48FC-A8BF-319605E09B36}\mpengine.dll
2012-08-07 19:28 . 2012-08-07 19:28 -------- d-----w- c:\program files\Enigma Software Group
2012-08-07 19:27 . 2012-08-07 19:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-08-07 16:28 . 2012-08-07 16:28 304 ----a-w- C:\user.js
2012-08-02 07:43 . 2012-08-02 07:43 -------- d-----w- c:\users\1\AppData\Roaming\daypo
2012-07-15 08:23 . 2012-07-15 08:23 -------- d--h--r- c:\users\1\AppData\Roaming\SecuROM
2012-07-15 08:22 . 2012-07-15 09:09 -------- d-----w- c:\users\1\AppData\Local\Rockstar Games
2012-07-14 14:03 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-14 11:54 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-14 11:54 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-14 11:54 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-14 11:54 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-14 11:54 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-14 11:54 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 12:13 . 2012-05-07 12:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 12:13 . 2011-05-23 06:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-15 08:21 . 2012-02-16 21:46 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-07-06 16:34 . 2012-07-06 16:34 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-06 16:34 . 2010-05-10 06:39 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-27 02:14 . 2012-06-27 02:14 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-06-02 22:19 . 2012-06-21 06:30 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 06:30 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 06:30 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 06:30 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 06:30 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 06:30 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 06:30 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 06:29 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 06:29 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-14 11:54 278528 ----a-w- c:\windows\system32\schannel.dll
2012-05-31 10:25 . 2009-10-03 07:04 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6711840]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"avgnt"="d:\avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SlimStar 250.lnk - c:\program files\SlimStar 250\MagicKey.exe [2010-2-13 172032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
IE: &Download All by FlashGet - d:\program files\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - d:\program files\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout s FlashGetem - d:\program files\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout vše s FlashGetem - d:\program files\FlashGet universal\ComDlls\Bhoall.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Save YouTube Video as MP3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-09 19:26
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2772)
c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
d:\avira\AntiVir Desktop\sched.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
d:\avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
d:\avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-08-09 19:29:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-09 17:29
ComboFix2.txt 2012-08-09 06:56
.
Před spuštěním: Volných bajtů: 12 352 380 928
Po spuštění: Volných bajtů: 12 310 458 368
.
- - End Of File - - 1E46F0A10AA712A75F01E47BF87050FC

[Rudy]

Log již vypadá čistý. Nastala nějaká změna?

[Kosticka26]

Když jsem zkoušel otevřít prohlížeč, tak mrcha tam byl. Po ručním restartu již vypadá, že není. Kdyby něco, napíšu. Moc děkuji.- Vy jste počítačoví bohové )

[Rudy]

Kolidně napište, kdyby byl problém. Nemáte zač!

[Kosticka26]

Dnes po několikerém zapnutí webu se mi opět objevil BABYLON (( Takže tam pořád je ...

Neskutečná havěť

[Kosticka26]

Málem jsem zapomněl na print-screen co se mi objevilo už včera (po první instalaci Aviry) a projetí antivirem:

virus_.png (16.02 KiB) Zobrazeno 1086 x

[Rudy]

Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

[Kosticka26]

Hotovo, ale nic to nenašlo a tím ani není k dispozici log

[Rudy]

Zkuste smazat cache prohlížeče.