Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Skype virus - červ

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119520
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Skype virus - červ

#16 Příspěvek od Rudy »

Když dáte celou cestu k souboru, pokusím se ho odstřelit.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
adko222
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 14 říj 2012 09:54

Re: Skype virus - červ

#17 Příspěvek od adko222 »

C:/windows/System32/drivers/ad76d9bc7d7adbf.sys to je miesto kde mi hlasi ze tam je ten trojak
Nahoru
adko222
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 14 říj 2012 09:54

Re: Skype virus - červ

#18 Příspěvek od adko222 »

Dobry den spravil som vo windows repair system restore a to z 15.10.2012 (neskorsie sa mi nedalo)
a uz ma eset vsetky ochrany zapnute.Len nejde mi stahnut AVp tool vlasne mi nenacita ani stranku kaspersky na ziadnom prehliadaci a to nejde ani domovska stranka esetu...
Je tam virus kt blokuje stranky na kt su antivirusove programy ?
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119520
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Skype virus - červ

#19 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Collect:
C:/windows/System32/drivers/ad76d9bc7d7adbf.sys

Driver:
ad76d9bc7d7adbf

Reboot::
a spusťte jím opět ComboFix.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
adko222
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 14 říj 2012 09:54

Re: Skype virus - červ

#20 Příspěvek od adko222 »

Vyhodeny log , dakujem uz mi ide nacitat aj eset,kaspersky....


ComboFix 12-10-04.02 - Administrator . 10. 2012 10:39:25.2.2 - x86
Microsoft Windows 7 ARC Gamer Edition 6.1.7600.0.1252.1.1033.18.3519.2512 [GMT 1:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Roaming\15B9.exe
c:\users\Administrator\AppData\Roaming\1FAE.exe
c:\users\Administrator\AppData\Roaming\236C.exe
c:\users\Administrator\AppData\Roaming\24EE.exe
c:\users\Administrator\AppData\Roaming\2B23.exe
c:\users\Administrator\AppData\Roaming\3A1E.exe
c:\users\Administrator\AppData\Roaming\5058.exe
c:\users\Administrator\AppData\Roaming\56B2.exe
c:\users\Administrator\AppData\Roaming\7A19.exe
c:\users\Administrator\AppData\Roaming\A325.exe
c:\users\Administrator\AppData\Roaming\A94C.exe
c:\users\Administrator\AppData\Roaming\A9CB.exe
c:\users\Administrator\AppData\Roaming\B0E4.exe
c:\users\Administrator\AppData\Roaming\B86F.exe
c:\users\Administrator\AppData\Roaming\BB93.exe
c:\users\Administrator\AppData\Roaming\DDEC.exe
c:\users\Administrator\AppData\Roaming\E2E8.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-28 )))))))))))))))))))))))))))))))
.
.
2012-10-28 09:45 . 2012-10-28 09:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-28 09:45 . 2012-10-28 09:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-28 09:33 . 2012-10-28 09:33 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AD824BE-4E3A-447C-9BB7-0413B3032608}\offreg.dll
2012-10-26 14:14 . 2012-10-26 14:14 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-19 13:38 . 2012-10-27 21:39 -------- d-----w- c:\users\Administrator\AppData\Roaming\.techniclauncher
2012-10-17 14:15 . 2012-10-17 14:15 -------- d-----w- c:\users\Administrator\.borland
2012-10-17 14:13 . 2012-10-17 14:13 -------- d-----w- c:\program files\Common Files\Borland Shared
2012-10-17 14:13 . 2012-10-17 14:13 -------- d-----w- c:\program files\Borland
2012-10-17 14:11 . 2012-10-27 21:39 -------- d-----w- c:\users\Administrator\AppData\Roaming\TeamViewer
2012-10-17 14:02 . 2012-10-27 21:39 -------- d-----w- c:\program files\Skype
2012-10-10 17:48 . 2012-10-10 17:48 1241088 ----a-w- c:\users\Administrator\AppData\Roaming\Efgegi.exe
2012-10-09 14:25 . 2012-10-09 14:25 -------- d-----w- C:\rsit
2012-10-09 14:25 . 2012-10-09 14:25 -------- d-----w- c:\program files\trend micro
2012-10-07 15:25 . 2012-10-07 15:25 -------- d-----w- c:\programdata\Solidshield
2012-10-07 15:17 . 2012-10-07 15:17 -------- d-----w- c:\program files\Bohemia Interactive
2012-10-06 18:45 . 2012-09-18 22:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AD824BE-4E3A-447C-9BB7-0413B3032608}\mpengine.dll
2012-10-06 18:45 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-10-06 18:26 . 2012-10-28 09:46 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-02 16:40 . 2012-10-02 16:40 -------- d-----w- c:\program files\LG Electronics
2012-10-02 16:40 . 2009-05-12 06:46 212992 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGSetCDROMAutoRun.exe
2012-10-02 16:40 . 2008-12-17 02:14 32768 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\LGPsLvDlChk.dll
2012-10-02 16:40 . 2009-04-06 04:58 1461760 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGUSBModemDrivers_WHQL_ML_Ver_4.9.4_All_NP.msi
2012-10-02 16:40 . 2008-04-01 09:15 20480 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\SendScsiCmd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 13:32 . 2012-02-11 06:58 139328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-10-15 13:32 . 2012-04-05 12:36 281520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-10-15 13:32 . 2012-02-13 16:58 281520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-10-15 13:32 . 2012-02-11 06:58 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-09-27 14:47 . 2012-09-27 14:38 1276192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-09-27 12:25 . 2012-09-27 12:25 13824 ----a-w- c:\windows\system32\drivers\USBDrv.sys
2012-08-15 07:30 . 2012-02-29 17:26 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-05-04 . 41D5CD162477BCE0D585D4B2424DD5EB . 2951168 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
[7] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-04-18 1383936]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story_CZ\PrePatch.exe" [2012-03-04 327680]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
R4 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R4 KMService;KMService;c:\windows\system32\srvany.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 17:16]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 17:16]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 02:46]
.
2012-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 02:46]
.
2012-09-13 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe [2012-07-08 09:45]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 80.87.208.29 80.87.208.166
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gqa8r2or.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Efgegi"="c:\\Users\\Administrator\\AppData\\Roaming\\Efgegi.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,47,58,b9,f1,33,dc,44,b6,d5,5b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,47,58,b9,f1,33,dc,44,b6,d5,5b,\
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_avi_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WINWORD.EXE"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Word.Document.12"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mkv_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PowerPoint.Show.12"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.properties\UserChoice]
@Denied: (2) (Administrator)
"Progid"="properties_auto_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_qt_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="TIFImage.Document"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_vob_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OpenOffice.org.Xls"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\SecuROM\License information*]
"datasecu"=hex:62,ad,d7,c1,22,56,c0,e4,7e,00,43,68,d6,ef,38,ea,58,45,f4,4a,b3,
be,07,8f,05,b3,c6,86,f6,be,72,be,83,f5,1b,91,74,c6,8f,30,e8,bb,d9,6a,e6,85,\
"rkeysecu"=hex:37,56,83,d6,ff,0d,77,ec,21,b3,9b,7d,bb,45,09,08
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2732)
c:\program files\Microangelo On Display\MODIcon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\DAEMON Tools Pro\DTShellHlp.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-10-28 10:49:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-28 09:49
ComboFix2.txt 2012-10-19 18:29
ComboFix3.txt 2012-10-16 16:23
ComboFix4.txt 2012-10-15 17:03
ComboFix5.txt 2012-10-28 09:37
.
Pre-Run: 31 808 602 112 bytes free
Post-Run: 31 737 991 168 bytes free
.
- - End Of File - - 6BBA339097BDCF3DA059CD0C3D47B280
Nahoru
adko222
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 14 říj 2012 09:54

Re: Skype virus - červ

#21 Příspěvek od adko222 »

no jo stale je tam ten cerv :(
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119520
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Skype virus - červ

#22 Příspěvek od Rudy »

1. Ještě jednou spusťte CF tímto skriptem:
KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500UA.job

Firefox::
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gqa8r2or.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=

RegLock::
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Regnull::
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\SecuROM\License information*]

Reboot::
2. Ten soubor, co uvádíte výše, tam máte stále?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
adko222
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 14 říj 2012 09:54

Re: Skype virus - červ

#23 Příspěvek od adko222 »

Vyhodeny log,ten cerv co som pisal bol stale no teraz sa neprejavuje ak sa prejavy tak poviem

ComboFix 12-10-04.02 - Administrator . 10. 2012 12:55:09.3.2 - x86
Microsoft Windows 7 ARC Gamer Edition 6.1.7600.0.1252.1.1033.18.3519.2434 [GMT 1:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500UA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-28 )))))))))))))))))))))))))))))))
.
.
2012-10-28 12:08 . 2012-10-28 12:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-28 12:08 . 2012-10-28 12:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-28 12:08 . 2012-10-28 12:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-28 09:33 . 2012-10-28 09:33 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AD824BE-4E3A-447C-9BB7-0413B3032608}\offreg.dll
2012-10-26 14:14 . 2012-10-26 14:14 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-19 13:38 . 2012-10-27 21:39 -------- d-----w- c:\users\Administrator\AppData\Roaming\.techniclauncher
2012-10-17 14:15 . 2012-10-17 14:15 -------- d-----w- c:\users\Administrator\.borland
2012-10-17 14:13 . 2012-10-17 14:13 -------- d-----w- c:\program files\Common Files\Borland Shared
2012-10-17 14:13 . 2012-10-17 14:13 -------- d-----w- c:\program files\Borland
2012-10-17 14:11 . 2012-10-27 21:39 -------- d-----w- c:\users\Administrator\AppData\Roaming\TeamViewer
2012-10-17 14:02 . 2012-10-27 21:39 -------- d-----w- c:\program files\Skype
2012-10-09 14:25 . 2012-10-09 14:25 -------- d-----w- C:\rsit
2012-10-09 14:25 . 2012-10-09 14:25 -------- d-----w- c:\program files\trend micro
2012-10-07 15:25 . 2012-10-07 15:25 -------- d-----w- c:\programdata\Solidshield
2012-10-07 15:17 . 2012-10-07 15:17 -------- d-----w- c:\program files\Bohemia Interactive
2012-10-06 18:45 . 2012-09-18 22:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AD824BE-4E3A-447C-9BB7-0413B3032608}\mpengine.dll
2012-10-06 18:45 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-10-02 16:40 . 2012-10-02 16:40 -------- d-----w- c:\program files\LG Electronics
2012-10-02 16:40 . 2009-05-12 06:46 212992 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGSetCDROMAutoRun.exe
2012-10-02 16:40 . 2008-12-17 02:14 32768 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\LGPsLvDlChk.dll
2012-10-02 16:40 . 2009-04-06 04:58 1461760 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGUSBModemDrivers_WHQL_ML_Ver_4.9.4_All_NP.msi
2012-10-02 16:40 . 2008-04-01 09:15 20480 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\SendScsiCmd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-28 11:11 . 2012-02-11 06:58 139328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-10-28 11:11 . 2012-04-05 12:36 281520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-10-28 11:11 . 2012-02-13 16:58 281520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-10-28 11:10 . 2012-02-11 06:58 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-09-27 14:47 . 2012-09-27 14:38 1276192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-09-27 12:25 . 2012-09-27 12:25 13824 ----a-w- c:\windows\system32\drivers\USBDrv.sys
2012-08-15 07:30 . 2012-02-29 17:26 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-05-04 . 41D5CD162477BCE0D585D4B2424DD5EB . 2951168 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
[7] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-04-18 1383936]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story_CZ\PrePatch.exe" [2012-03-04 327680]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
R4 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R4 KMService;KMService;c:\windows\system32\srvany.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-13 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe [2012-07-08 09:45]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 80.87.208.29 80.87.208.166
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gqa8r2or.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Efgegi - c:\users\Administrator\AppData\Roaming\Efgegi.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_avi_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WINWORD.EXE"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Word.Document.12"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mkv_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PowerPoint.Show.12"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.properties\UserChoice]
@Denied: (2) (Administrator)
"Progid"="properties_auto_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_qt_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="TIFImage.Document"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_vob_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OpenOffice.org.Xls"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\conhost.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\DAEMON Tools Pro\DTShellHlp.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-10-28 13:12:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-28 12:12
ComboFix2.txt 2012-10-28 09:49
ComboFix3.txt 2012-10-19 18:29
ComboFix4.txt 2012-10-16 16:23
ComboFix5.txt 2012-10-28 11:54
.
Pre-Run: 31 540 813 824 bytes free
Post-Run: 31 246 929 920 bytes free
.
- - End Of File - - C39C67ACCCD7914AFC9AC92FB7FC41EE
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119520
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Skype virus - červ

#24 Příspěvek od Rudy »

Log již vypadá OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
adko222
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 14 říj 2012 09:54

Re: Skype virus - červ

#25 Příspěvek od adko222 »

ano uz mi nevypisuje eset virus asi to bude hotove, dakujem za vasu ochotu mi pomoct
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119520
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Skype virus - červ

#26 Příspěvek od Rudy »

Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“