Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

viry worms

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Aneta87
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 05 bře 2010 08:48

Re: viry worms

#16 Příspěvek od Aneta87 »

dala jsem vyčistit a vyjela mi tabulka : Opravdu chcete odstranit vsechny krome posledniho bodu obnoveni? - pak je nabidka : odstranit nebo storno. dala jsem odstranit, ale nic to neukazalo, tak nevim, jestli je to hotovy nebo ne
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: viry worms

#17 Příspěvek od stell »

ano v pohode,
spust combofix.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
Aneta87
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 05 bře 2010 08:48

Re: viry worms

#18 Příspěvek od Aneta87 »

ComboFix 10-04-09.06 - Marta 10.04.2010 16:58:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3036.1889 [GMT 2:00]
Spuštěný z: c:\users\Marta\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Marta\AppData\Roaming\icq
c:\users\Marta\AppData\Roaming\icq \Application.mdb
c:\users\Marta\AppData\Roaming\icq \icq.dat
c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-10 do 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-10 12:49 . 2010-04-10 12:49 -------- d-----w- c:\users\Marta\AppData\Roaming\Malwarebytes
2010-04-10 12:49 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-10 12:49 . 2010-04-10 12:49 -------- d-----w- c:\programdata\Malwarebytes
2010-04-10 12:49 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-10 12:49 . 2010-04-10 13:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-10 12:36 . 2010-04-10 12:36 891878 ----a-w- C:\UsbFix_Upload_Me_Marta-BOOK.zip
2010-04-10 12:27 . 2010-04-10 12:45 -------- d-----w- C:\UsbFix
2010-04-10 12:16 . 2010-04-10 12:17 -------- d-----w- c:\program files\trend micro
2010-04-10 12:16 . 2010-04-10 12:17 -------- d-----w- C:\rsit
2010-04-10 08:59 . 2010-04-10 08:59 -------- d-----w- c:\users\Marta\AppData\Roaming\IObit
2010-04-10 08:59 . 2010-04-10 08:59 -------- d-----w- c:\program files\IObit
2010-04-09 22:35 . 2010-04-09 22:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-03-29 14:58 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-19 15:42 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-19 15:42 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-19 15:42 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-13 08:46 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-13 08:46 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 15:04 . 2009-07-24 13:33 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-04-10 15:04 . 2009-09-06 16:21 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-04-10 14:59 . 2008-04-17 10:34 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-04-10 14:59 . 2008-04-17 10:34 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-04-10 12:14 . 2009-10-01 20:28 -------- d-----w- c:\program files\ICQ6.5
2010-04-09 21:36 . 2009-10-01 20:29 -------- d-----w- c:\users\Marta\AppData\Roaming\ICQ
2010-03-19 20:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-13 09:03 . 2009-09-06 13:54 99952 ----a-w- c:\users\Marta\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-01 09:02 . 2010-03-01 09:02 -------- d--h--r- c:\users\Marta\AppData\Roaming\SecuROM
2010-03-01 09:02 . 2010-03-01 09:02 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-01 08:50 . 2010-03-01 08:50 -------- d-----w- c:\program files\Electronic Arts
2010-02-27 19:54 . 2010-02-27 19:28 -------- d-----w- c:\program files\Your Uninstaller
2010-02-27 19:53 . 2010-01-09 10:06 -------- d-----w- c:\program files\Yahoo!
2010-02-27 19:49 . 2009-12-27 09:27 -------- d-----w- c:\programdata\avg9
2010-02-27 19:41 . 2010-02-27 19:41 -------- d-----w- c:\program files\Alwil Software
2010-02-27 19:28 . 2010-02-27 19:28 -------- d-----w- c:\users\Marta\AppData\Roaming\URSoft
2010-02-24 09:16 . 2009-10-02 16:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 17:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 17:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 17:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 17:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-04 21:13 . 2010-02-04 21:13 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4470.tmp.exe
2010-01-25 12:00 . 2010-02-27 19:45 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-27 19:45 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-27 19:45 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-27 19:45 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-27 19:45 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-27 19:45 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-27 19:45 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-27 19:45 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-27 19:45 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 20:11 . 2009-07-24 13:59 36864 ----a-w- c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2010-01-23 09:26 . 2010-02-27 19:46 2048 ----a-w- c:\windows\system32\tzres.dll
2008-12-23 20:36 . 2008-12-23 20:36 106496 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-05-22 15:35 . 2008-05-22 15:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 16:34 . 2007-06-12 16:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
2009-07-24 13:57 . 2009-07-24 13:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

Kód: Vybrat vše

<pre>
c:\program files\Canon\MyPrinter\bjmyprt .exe
c:\program files\Canon\SolutionMenu\cnslmain .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\ICQ6.5\icq .exe
</pre>
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 08:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52 104936 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8b,7e,82,ed,aa,42,ca,01

R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-03-13 140800]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_i386.sys [2009-01-14 230952]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-03-20 984064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-04-10 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-04-10 12:54]

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 22:46]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 17:04
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


C:\ADSM_PData_0150

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,e9,f3,fd,87,6b,e5,44,90,7a,a1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,e9,f3,fd,87,6b,e5,44,90,7a,a1,\

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.032"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ANI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ani"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.arw"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bay"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bmp"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bw"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CR2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cr2"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CRW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.crw"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cs1"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUR\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cur"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcr"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcx"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dib"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djv"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DJVU\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djvu"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dng"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.emf"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.EPS\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.eps"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.erf"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fff"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FPX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fpx"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.gif"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.hdr"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICL\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icl"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icn"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ico"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iff"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ilbm"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.int"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.inta"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iw4"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2c"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2k"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jfif"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jif"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JP2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jp2"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpc"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpe"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpeg"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpg"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpk"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpx"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.lbm"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mos"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mrw"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.nef"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.orf"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbm"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcd"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pct"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcx"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pef"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PGM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pgm"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pic"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pict"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pix"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.png"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ppm"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psd"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psp"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspimage"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raf"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAS\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ras"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raw"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgb"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgba"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rle"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rsb"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SGI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sgi"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sr2"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.srf"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TGA\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.thm"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tif"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tiff"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttc"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttf"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbm"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WBMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbmp"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wmf"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xbm"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xif"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xpm"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2312)
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\ASUS\SmartLogon\smartlogon.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\rpcnet.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Celkový čas: 2010-04-10 17:09:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-10 15:09

Před spuštěním: Volných bajtů: 126 290 571 264
Po spuštění: Volných bajtů: 125 943 738 368

- - End Of File - - 5875EB0BB3320F572AD5EBAB6537A155
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: viry worms

#19 Příspěvek od stell »

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
RenV::
c:\program files\Canon\MyPrinter\bjmyprt .exe
c:\program files\Canon\SolutionMenu\cnslmain .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\ICQ6.5\icq .exe
Folder::
c:\program files\Norton Internet Security
c:\program files\IObit\Advanced SystemCare 3
Driver::
Norton Internet Security
File::
c:\windows\Tasks\AWC Startup.job
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"=-
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ANI\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CR2\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CRW\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUR\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DCX\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DJVU\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.EPS\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FPX\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICL\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFF\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\]
Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
Aneta87
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 05 bře 2010 08:48

Re: viry worms

#20 Příspěvek od Aneta87 »

ComboFix 10-04-09.06 - Marta 10.04.2010 17:46:47.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3036.1980 [GMT 2:00]
Spuštěný z: c:\users\Marta\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Marta\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\Tasks\AWC Startup.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\IObit\Advanced SystemCare 3
c:\program files\IObit\Advanced SystemCare 3\AutoCare.exe
c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe
c:\program files\IObit\Advanced SystemCare 3\AWC.exe
c:\program files\IObit\Advanced SystemCare 3\AWCInit.exe
c:\program files\IObit\Advanced SystemCare 3\AwcSchedule.dll
c:\program files\IObit\Advanced SystemCare 3\ContextMenu.exe
c:\program files\IObit\Advanced SystemCare 3\CookiesBK.pln
c:\program files\IObit\Advanced SystemCare 3\CoolTrayIcon_D6plus.bpl
c:\program files\IObit\Advanced SystemCare 3\Def.dbd
c:\program files\IObit\Advanced SystemCare 3\ESR.exe
c:\program files\IObit\Advanced SystemCare 3\EULA.rtf
c:\program files\IObit\Advanced SystemCare 3\FFSweep.dll
c:\program files\IObit\Advanced SystemCare 3\FileSweep.dll
c:\program files\IObit\Advanced SystemCare 3\Help.html
c:\program files\IObit\Advanced SystemCare 3\IEFavBK.pln
c:\program files\IObit\Advanced SystemCare 3\Images\care.png
c:\program files\IObit\Advanced SystemCare 3\Images\ds.png
c:\program files\IObit\Advanced SystemCare 3\Images\home.png
c:\program files\IObit\Advanced SystemCare 3\Images\mw.png
c:\program files\IObit\Advanced SystemCare 3\Images\tips.jpg
c:\program files\IObit\Advanced SystemCare 3\Images\tips2.jpg
c:\program files\IObit\Advanced SystemCare 3\Images\ut.png
c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe
c:\program files\IObit\Advanced SystemCare 3\Language\Albanian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Brasil.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Czech.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Dansk.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Dutch.lng
c:\program files\IObit\Advanced SystemCare 3\Language\English.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Finnish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\French.lng
c:\program files\IObit\Advanced SystemCare 3\Language\German.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Hebrew.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Hungarian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\ChineseSimp.lng
c:\program files\IObit\Advanced SystemCare 3\Language\ChineseTrad.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Italiano.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Japanese.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Korean.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Persian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Polish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Romanian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Russian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Spanish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Srpski.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Svenska.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Swedish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Turkish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Ukrainian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Valencian.lng
c:\program files\IObit\Advanced SystemCare 3\License.dat
c:\program files\IObit\Advanced SystemCare 3\News\bnews.html
c:\program files\IObit\Advanced SystemCare 3\News\Css\bstyle.css
c:\program files\IObit\Advanced SystemCare 3\News\Css\wstyle.css
c:\program files\IObit\Advanced SystemCare 3\News\wnews.html
c:\program files\IObit\Advanced SystemCare 3\NtfsData.dll
c:\program files\IObit\Advanced SystemCare 3\RegeditBK.pln
c:\program files\IObit\Advanced SystemCare 3\Registration.exe
c:\program files\IObit\Advanced SystemCare 3\Routine.dll
c:\program files\IObit\Advanced SystemCare 3\rtl70.bpl
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_01.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_01_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_02.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_02_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_03.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_03_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_04.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_04_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_down.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_left.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_right.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_up.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Bg_Content.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\BG_Main.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_en_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_en_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_en_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Close1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Close2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Content_bg_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Content_bg_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Content_bg_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Flag.ico
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Check.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Checked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Layout.ini
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Min1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Min2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\scan.avi
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Shadow.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Bottom.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Selected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Selected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Selected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_UnSelected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_UnSelected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_UnSelected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Title.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\UnCheck.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Unchecked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Upgrade1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Upgrade2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_01.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_01_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_02.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_02_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_03.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_03_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_04.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_04_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_down.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_left.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_right.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_up.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Bg_Content.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\BG_Main.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_en_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_en_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_en_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Close1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Close2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Content_bg_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Content_bg_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Content_bg_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Flag.ico
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Check.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Checked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Layout.ini
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Min1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Min2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\scan.avi
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Shadow.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Bottom.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_BottomLine.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Selected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Selected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Selected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_UnSelected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_UnSelected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_UnSelected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Title.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\UnCheck.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Unchecked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Upgrade1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Upgrade2.png
c:\program files\IObit\Advanced SystemCare 3\sqlite3.dll
c:\program files\IObit\Advanced SystemCare 3\STFix.dll
c:\program files\IObit\Advanced SystemCare 3\Sup_DiskCleaner.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_DiskChk.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_GameBooster.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_InternetBooster.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_IS360.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_ISD.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_RegistryDefrag.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_ShortcutsFixer.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_DriverBackUp.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_PIeHelp.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_SystemBackup.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_SystemFileScan.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_AutoShutDown.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_ClonedFilesFinder.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_ContextManager.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_DiskExplorer.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_RestoreCenter.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_SoftUninstaller.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_StartUpManager.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_SysInfo.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_WinManager.exe
c:\program files\IObit\Advanced SystemCare 3\TurboBoost.exe
c:\program files\IObit\Advanced SystemCare 3\unins000.dat
c:\program files\IObit\Advanced SystemCare 3\unins000.exe
c:\program files\IObit\Advanced SystemCare 3\unins000.msg
c:\program files\IObit\Advanced SystemCare 3\Update History.txt
c:\program files\IObit\Advanced SystemCare 3\Update\awc3check.upt
c:\program files\IObit\Advanced SystemCare 3\vcl70.bpl
c:\program files\IObit\Advanced SystemCare 3\vclx70.bpl
c:\program files\IObit\Advanced SystemCare 3\winSkinD7R.bpl
c:\program files\IObit\Advanced SystemCare 3\Wizard.exe
c:\windows\Tasks\AWC Startup.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Norton Internet Security


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-10 do 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-10 15:53 . 2010-04-10 15:53 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-04-10 15:52 . 2010-04-10 15:53 -------- d-----w- c:\users\Marta\AppData\Local\temp
2010-04-10 15:52 . 2010-04-10 15:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-10 12:49 . 2010-04-10 12:49 -------- d-----w- c:\users\Marta\AppData\Roaming\Malwarebytes
2010-04-10 12:49 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-10 12:49 . 2010-04-10 12:49 -------- d-----w- c:\programdata\Malwarebytes
2010-04-10 12:49 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-10 12:49 . 2010-04-10 13:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-10 12:36 . 2010-04-10 12:36 891878 ----a-w- C:\UsbFix_Upload_Me_Marta-BOOK.zip
2010-04-10 12:27 . 2010-04-10 12:45 -------- d-----w- C:\UsbFix
2010-04-10 12:16 . 2010-04-10 12:17 -------- d-----w- c:\program files\trend micro
2010-04-10 12:16 . 2010-04-10 12:17 -------- d-----w- C:\rsit
2010-04-10 08:59 . 2010-04-10 15:51 -------- d-----w- c:\program files\IObit
2010-04-10 08:59 . 2010-04-10 08:59 -------- d-----w- c:\users\Marta\AppData\Roaming\IObit
2010-04-09 22:35 . 2010-04-09 22:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-03-29 14:58 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-19 15:42 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-19 15:42 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-19 15:42 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-13 08:46 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-13 08:46 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 15:53 . 2009-07-24 13:33 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-04-10 15:53 . 2009-09-06 16:21 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-04-10 15:46 . 2009-10-01 20:28 -------- d-----w- c:\program files\ICQ6.5
2010-04-10 14:59 . 2008-04-17 10:34 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-04-10 14:59 . 2008-04-17 10:34 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-04-09 21:36 . 2009-10-01 20:29 -------- d-----w- c:\users\Marta\AppData\Roaming\ICQ
2010-03-19 20:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-13 09:03 . 2009-09-06 13:54 99952 ----a-w- c:\users\Marta\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-01 09:02 . 2010-03-01 09:02 -------- d--h--r- c:\users\Marta\AppData\Roaming\SecuROM
2010-03-01 09:02 . 2010-03-01 09:02 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-01 08:50 . 2010-03-01 08:50 -------- d-----w- c:\program files\Electronic Arts
2010-02-27 19:54 . 2010-02-27 19:28 -------- d-----w- c:\program files\Your Uninstaller
2010-02-27 19:53 . 2010-01-09 10:06 -------- d-----w- c:\program files\Yahoo!
2010-02-27 19:49 . 2009-12-27 09:27 -------- d-----w- c:\programdata\avg9
2010-02-27 19:41 . 2010-02-27 19:41 -------- d-----w- c:\program files\Alwil Software
2010-02-27 19:28 . 2010-02-27 19:28 -------- d-----w- c:\users\Marta\AppData\Roaming\URSoft
2010-02-24 09:16 . 2009-10-02 16:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 17:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 17:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 17:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 17:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-04 21:13 . 2010-02-04 21:13 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4470.tmp.exe
2010-01-25 12:00 . 2010-02-27 19:45 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-27 19:45 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-27 19:45 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-27 19:45 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-27 19:45 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-27 19:45 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-27 19:45 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-27 19:45 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-27 19:45 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 20:11 . 2009-07-24 13:59 36864 ----a-w- c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2010-01-23 09:26 . 2010-02-27 19:46 2048 ----a-w- c:\windows\system32\tzres.dll
2008-12-23 20:36 . 2008-12-23 20:36 106496 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-05-22 15:35 . 2008-05-22 15:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 16:34 . 2007-06-12 16:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
2009-07-24 13:57 . 2009-07-24 13:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 08:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52 104936 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-24 14:03 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8b,7e,82,ed,aa,42,ca,01

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-03-13 140800]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_i386.sys [2009-01-14 230952]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-03-20 984064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 22:46]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Advanced SystemCare 3_is1 - c:\program files\IObit\Advanced SystemCare 3\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 17:53
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.gif"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jfif"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jif"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JP2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jp2"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpc"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpe"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpeg"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpg"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpk"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpx"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.lbm"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mos"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mrw"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.nef"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.orf"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbm"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcd"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pct"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcx"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pef"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PGM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pgm"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pic"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pict"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pix"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.png"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ppm"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psd"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psp"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspimage"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raf"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAS\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ras"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raw"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgb"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgba"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rle"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rsb"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SGI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sgi"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sr2"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.srf"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TGA\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.thm"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tif"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tiff"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttc"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttf"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbm"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WBMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbmp"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wmf"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xbm"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xif"

[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xpm"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(1324)
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\system32\conime.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rpcnet.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Celkový čas: 2010-04-10 17:58:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-10 15:58
ComboFix2.txt 2010-04-10 15:09

Před spuštěním: Volných bajtů: 125 965 516 800
Po spuštění: Volných bajtů: 125 946 097 664

- - End Of File - - F7793B028C2D8C9CA9D1E2A5729A4515
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: viry worms

#21 Příspěvek od stell »

otestujte na VIRUSTOTALu
c:\windows\system32\acovcnt.exe
c:\programdata\Google\Google Toolbar\Update\gtb4470.tmp.exe
(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
Aneta87
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 05 bře 2010 08:48

Re: viry worms

#22 Příspěvek od Aneta87 »

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.04.10 -
AhnLab-V3 5.0.0.2 2010.04.10 -
AntiVir 7.10.6.55 2010.04.09 -
Antiy-AVL 2.0.3.7 2010.04.09 -
Authentium 5.2.0.5 2010.04.10 -
Avast 4.8.1351.0 2010.04.10 -
Avast5 5.0.332.0 2010.04.10 -
AVG 9.0.0.787 2010.04.10 -
BitDefender 7.2 2010.04.10 -
CAT-QuickHeal 10.00 2010.04.10 -
ClamAV 0.96.0.3-git 2010.04.10 -
Comodo 4557 2010.04.10 -
DrWeb 5.0.2.03300 2010.04.10 -
eSafe 7.0.17.0 2010.04.08 -
eTrust-Vet 35.2.7418 2010.04.09 -
F-Prot 4.5.1.85 2010.04.10 -
F-Secure 9.0.15370.0 2010.04.10 -
Fortinet 4.0.14.0 2010.04.10 -
GData 19 2010.04.10 -
Ikarus T3.1.1.80.0 2010.04.10 -
Jiangmin 13.0.900 2010.04.10 -
Kaspersky 7.0.0.125 2010.04.10 -
McAfee-GW-Edition 6.8.5 2010.04.09 -
Microsoft 1.5605 2010.04.10 -
NOD32 5015 2010.04.10 -
Norman 6.04.11 2010.04.10 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.10 -
PCTools 7.0.3.5 2010.04.10 -
Prevx 3.0 2010.04.10 -
Rising 22.42.04.03 2010.04.09 -
Sophos 4.52.0 2010.04.10 -
Sunbelt 6160 2010.04.10 -
Symantec 20091.2.0.41 2010.04.10 -
TheHacker 6.5.2.0.259 2010.04.10 -
TrendMicro 9.120.0.1004 2010.04.10 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.10.2270 2010.04.10 -
VirusBuster 5.0.27.0 2010.04.10 -
Rozšiřující informace
File size: 45056 bytes
MD5...: 6bcaf46e2b7fa9ace92b4d39f3037c5c
SHA1..: 6d5a81e3cf59832d73f28d6e87f51d073c3e4095
SHA256: aaf659e3d38ad04848a9c3ed6250b30dc13acc8ac9f527a11f0c14e6ec8735b2
ssdeep: 384:eswH94Z+gT87cSDxeHlxpCjkDADNZop8ZYNniy91AI1ZQSrS9E5l1wX:OHE5
g7p8xQrN8niLI1ZQSeu5lG

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1613
timedatestamp.....: 0x425539fb (Thu Apr 07 13:47:39 2005)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4ee6 0x5000 6.60 f7aa46b67e4004a80db01ad39b5c4bd7
.rdata 0x6000 0xb32 0x1000 4.20 f3ceef6b97b6aad02714644497ad4da9
.data 0x7000 0x413c 0x3000 0.56 af4abe2835a3f5bf87330b627a696dbf
.rsrc 0xc000 0xc0 0x1000 0.14 c85d6206afcdfed0fe16bdc48441d945

( 5 imports )
> DDRAW.dll: DirectDrawCreateEx
> KERNEL32.dll: CreateEventA, SetEvent, CloseHandle, GetModuleFileNameA, SetHandleCount, GetStdHandle, GetEnvironmentStringsW, SetStdHandle, LoadLibraryA, GetProcAddress, HeapReAlloc, VirtualAlloc, GetOEMCP, GetACP, FlushFileBuffers, LCMapStringW, LCMapStringA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, HeapDestroy, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetCPInfo, HeapFree, RtlUnwind, GetFileType, GetEnvironmentVariableA, GetVersionExA, MultiByteToWideChar, HeapCreate, VirtualFree, GetStringTypeA, WriteFile, SetFilePointer, GetLastError, GetStringTypeW, HeapAlloc
> USER32.dll: TranslateMessage, DispatchMessageA, CreateWindowExA, TranslateAcceleratorA, GetMessageA, LoadStringA, RegisterClassExA, DefWindowProcA, PostQuitMessage, LoadCursorA, LoadIconA
> ADVAPI32.dll: RegCloseKey, RegSetValueExA, RegDeleteValueA, RegCreateKeyA
> ole32.dll: CoInitializeEx, CoUninitialize

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: viry worms

#23 Příspěvek od stell »

otestuj aj druhy subor.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
Aneta87
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 05 bře 2010 08:48

Re: viry worms

#24 Příspěvek od Aneta87 »

jj testuju
Nahoru
Aneta87
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 05 bře 2010 08:48

Re: viry worms

#25 Příspěvek od Aneta87 »

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.04.10 -
AhnLab-V3 5.0.0.2 2010.04.10 -
AntiVir 7.10.6.55 2010.04.09 -
Antiy-AVL 2.0.3.7 2010.04.09 -
Authentium 5.2.0.5 2010.04.10 -
Avast 4.8.1351.0 2010.04.10 -
Avast5 5.0.332.0 2010.04.10 -
AVG 9.0.0.787 2010.04.10 -
BitDefender 7.2 2010.04.10 -
CAT-QuickHeal 10.00 2010.04.10 -
ClamAV 0.96.0.3-git 2010.04.10 -
Comodo 4557 2010.04.10 -
DrWeb 5.0.2.03300 2010.04.10 -
eSafe 7.0.17.0 2010.04.08 -
eTrust-Vet 35.2.7418 2010.04.09 -
F-Prot 4.5.1.85 2010.04.10 -
F-Secure 9.0.15370.0 2010.04.10 -
Fortinet 4.0.14.0 2010.04.10 -
GData 19 2010.04.10 -
Ikarus T3.1.1.80.0 2010.04.10 -
Jiangmin 13.0.900 2010.04.10 -
Kaspersky 7.0.0.125 2010.04.10 -
McAfee-GW-Edition 6.8.5 2010.04.09 -
Microsoft 1.5605 2010.04.10 -
NOD32 5015 2010.04.10 -
Norman 6.04.11 2010.04.10 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.10 -
PCTools 7.0.3.5 2010.04.10 -
Prevx 3.0 2010.04.10 -
Rising 22.42.04.03 2010.04.09 -
Sophos 4.52.0 2010.04.10 -
Sunbelt 6161 2010.04.10 -
Symantec 20091.2.0.41 2010.04.10 -
TheHacker 6.5.2.0.259 2010.04.10 -
TrendMicro 9.120.0.1004 2010.04.10 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.10.2270 2010.04.10 -
VirusBuster 5.0.27.0 2010.04.10 -
Rozšiřující informace
File size: 509552 bytes
MD5...: 9d7c72d189cbe55d24f5312f17d8b56f
SHA1..: 9860b65d945f37281f56797c5a51e2dc7ca41415
SHA256: 3f96b9e3547e073d2fd2c9bbbe3829beaa315913e70ae12adacf9bc59734bc0a
ssdeep: 12288:+C2u4KpsGi0IVWHmR1nWOrZUURi9RqFercI7WIYzOTf:L23GXHYRUURi9R
qFQcIKIYzOj

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x24609
timedatestamp.....: 0x4b5903c7 (Fri Jan 22 01:47:51 2010)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4533d 0x45400 6.63 fc7d14537eecdaacc4126fb56405314b
.rdata 0x47000 0xddb0 0xde00 4.90 0ff523b59a9e20a042c3a4709b2e922f
.data 0x55000 0xbce8 0x2000 4.21 23734342710680ef760cd3cd52e48754
.rsrc 0x61000 0x20cd8 0x20e00 5.88 08b854fe3cd7d001ffd691367243ca7d
.reloc 0x82000 0x4b8a 0x4c00 4.98 cc6585828e6a888c5e95f69c9b0c24df

( 15 imports )
> VERSION.dll: GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
> KERNEL32.dll: InterlockedCompareExchange, TerminateProcess, GetSystemTimeAsFileTime, Process32NextW, GetProcessTimes, Process32FirstW, CreateToolhelp32Snapshot, SystemTimeToFileTime, GetSystemTime, GetUserDefaultUILanguage, SetThreadLocale, FindClose, FindNextFileW, FindFirstFileW, GetTempPathW, EnumResourceLanguagesW, EnumResourceNamesW, CompareFileTime, GetVersionExA, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, IsProcessorFeaturePresent, VirtualFree, VirtualAlloc, GetACP, GetLocaleInfoA, GetThreadLocale, SetEnvironmentVariableA, CreateFileA, SetEndOfFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, SetFilePointer, GetStringTypeW, GetStringTypeA, FlushFileBuffers, GetConsoleMode, GetConsoleCP, GetTimeZoneInformation, LCMapStringA, QueryPerformanceCounter, GetStartupInfoA, VerifyVersionInfoW, SetHandleCount, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, ExitProcess, CompareStringW, CompareStringA, IsValidCodePage, GetOEMCP, GetCPInfo, HeapCreate, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetModuleFileNameA, GetStdHandle, RtlUnwind, VirtualQuery, GetSystemInfo, GetStartupInfoW, CreateThread, LocalAlloc, ProcessIdToSessionId, GetTickCount, OpenFileMappingW, GetFileSizeEx, ReadFile, LCMapStringW, FormatMessageW, LocalFree, GlobalFree, CopyFileW, CreateMutexW, OpenEventW, ReleaseMutex, WriteFile, DeleteFileW, MoveFileExW, GetTempFileNameW, MapViewOfFileEx, GetFileAttributesExW, GetVersionExW, WideCharToMultiByte, GetProcessId, GetCurrentProcessId, ResetEvent, SetEvent, CreateEventW, OpenProcess, WaitForMultipleObjects, SetThreadPriority, ResumeThread, CreateFileW, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, GetCommandLineW, CreateProcessW, WaitForSingleObject, GetExitCodeProcess, CloseHandle, MultiByteToWideChar, FreeLibrary, LoadLibraryExW, lstrcmpiW, lstrlenW, GetCurrentThreadId, Sleep, OutputDebugStringA, GetModuleFileNameW, SetLastError, GetLastError, InterlockedDecrement, InterlockedIncrement, GetCurrentProcess, FlushInstructionCache, FindResourceExW, FindResourceW, ExitThread, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, LoadResource, LockResource, SizeofResource, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, RaiseException, DuplicateHandle, LoadLibraryA, GetModuleHandleA, LoadLibraryW, GetModuleHandleW, GetProcAddress, GetFileAttributesW, GetVersion, InterlockedExchange, VirtualProtect, VerSetConditionMask, GetFileType
> USER32.dll: SetWindowRgn, EndPaint, SetWindowLongW, DialogBoxParamW, CharNextW, DestroyWindow, GetActiveWindow, EndDialog, SendMessageW, GetWindowLongW, SetTimer, SetDlgItemTextW, GetDlgItem, SetWindowPos, MapWindowPoints, GetClientRect, SystemParametersInfoW, GetWindowRect, GetWindow, GetParent, GetSystemMetrics, EnableWindow, GetClassNameW, IsWindow, LoadCursorW, RegisterClassExW, GetClassInfoExW, CreateWindowExW, DefWindowProcW, CallWindowProcW, BringWindowToTop, MessageBoxW, PostMessageW, EnumChildWindows, FindWindowExW, GetWindowThreadProcessId, IsWindowVisible, UnregisterClassA, MessageBoxIndirectW, LoadImageW, BeginPaint, RegisterClassW, IsWindowEnabled
> ADVAPI32.dll: GetSidIdentifierAuthority, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegOpenKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, CryptDestroyHash, CryptDestroyKey, RegEnumValueW, RegQueryValueExW, GetSecurityDescriptorControl, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorOwner, MakeSelfRelativeSD, GetSecurityDescriptorLength, GetSidSubAuthority, CryptVerifySignatureW, CryptCreateHash, CryptHashData, CryptAcquireContextW, RegNotifyChangeKeyValue, ConvertSidToStringSidW, AllocateAndInitializeSid, FreeSid, EqualSid, RegFlushKey, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, ConvertStringSecurityDescriptorToSecurityDescriptorW, CopySid, GetLengthSid, InitializeSecurityDescriptor, MakeAbsoluteSD, GetAclInformation, OpenProcessToken, GetTokenInformation, GetSidLengthRequired, InitializeAcl, InitializeSid, AddAce, GetAce, IsValidSid, GetSidSubAuthorityCount, RegDeleteKeyW
> ole32.dll: CoUninitialize, CoInitialize, CoInitializeEx, CLSIDFromProgID, CoCreateGuid, OleRun, CoTaskMemRealloc, StringFromGUID2, CoCreateInstance, CoTaskMemFree, CoTaskMemAlloc
> SHELL32.dll: -, SHGetFolderPathW, ShellExecuteExW
> OLEAUT32.dll: -, -, -, -
> SHLWAPI.dll: SHCreateStreamOnFileW, PathIsDirectoryW, SHSetValueW, SHGetValueW, StrCatBuffA, PathCombineW, SHDeleteValueW, PathCanonicalizeW, PathFileExistsW, PathAppendW
> GDI32.dll: CreateRectRgn
> urlmon.dll: CreateAsyncBindCtx, RegisterBindStatusCallback, CreateURLMonikerEx
> USERENV.dll: UnloadUserProfile
> CRYPT32.dll: CryptImportPublicKeyInfo, CertGetCertificateChain, CertVerifyCertificateChainPolicy, CertGetNameStringW, CertFreeCertificateChain, CertCreateContext, CryptQueryObject, CertEnumCertificatesInStore, CertDuplicateCertificateContext, CertNameToStrW, CertFreeCertificateContext, CryptProtectData, CryptUnprotectData
> WININET.dll: InternetCloseHandle, InternetReadFile, HttpQueryInfoW, InternetOpenUrlW, InternetOpenW
> WINTRUST.dll: WinVerifyTrust
> msi.dll: -, -, -

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: Google Inc.
copyright....: Copyright (c) 2000-2008
product......: Google Toolbar for Internet Explorer
description..: Google Toolbar Installer
original name: GoogleToolbarInstaller.exe
internal name: GoogleToolbarInstaller
file version.: 6, 4, 1321, 1732
comments.....: n/a
signers......: Google Inc
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 4:18 AM 1/22/2010
verified.....: -
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: viry worms

#26 Příspěvek od stell »

Ok,sprav este raz script pre combofiX

Kód: Vybrat vše

KILLALL::
RegLock::
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JP2\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PBM\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCD\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCX\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PGM\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PPM\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSD\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSP\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAS\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAW\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SGI\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TGA\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WBMP\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XBM\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
[HKEY_USERS\S-1-5-21-1252829387-550349962-2538934461-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XPM\UserChoice]
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
Aneta87
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 05 bře 2010 08:48

Re: viry worms

#27 Příspěvek od Aneta87 »

ComboFix 10-04-09.06 - Marta 10.04.2010 19:02:56.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3036.1985 [GMT 2:00]
Spuštěný z: c:\users\Marta\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Marta\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-10 do 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-10 17:07 . 2010-04-10 17:09 -------- d-----w- c:\users\Marta\AppData\Local\temp
2010-04-10 17:07 . 2010-04-10 17:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-10 17:07 . 2010-04-10 17:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-10 12:49 . 2010-04-10 12:49 -------- d-----w- c:\users\Marta\AppData\Roaming\Malwarebytes
2010-04-10 12:49 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-10 12:49 . 2010-04-10 12:49 -------- d-----w- c:\programdata\Malwarebytes
2010-04-10 12:49 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-10 12:49 . 2010-04-10 13:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-10 12:36 . 2010-04-10 12:36 891878 ----a-w- C:\UsbFix_Upload_Me_Marta-BOOK.zip
2010-04-10 12:27 . 2010-04-10 12:45 -------- d-----w- C:\UsbFix
2010-04-10 12:16 . 2010-04-10 12:17 -------- d-----w- c:\program files\trend micro
2010-04-10 12:16 . 2010-04-10 12:17 -------- d-----w- C:\rsit
2010-04-10 08:59 . 2010-04-10 15:51 -------- d-----w- c:\program files\IObit
2010-04-10 08:59 . 2010-04-10 08:59 -------- d-----w- c:\users\Marta\AppData\Roaming\IObit
2010-04-09 22:35 . 2010-04-09 22:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-03-29 14:58 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-19 15:42 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-19 15:42 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-19 15:42 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-13 08:46 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-13 08:46 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 17:09 . 2009-07-24 13:33 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-04-10 17:09 . 2009-09-06 16:21 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-04-10 15:46 . 2009-10-01 20:28 -------- d-----w- c:\program files\ICQ6.5
2010-04-10 14:59 . 2008-04-17 10:34 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-04-10 14:59 . 2008-04-17 10:34 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-04-09 21:36 . 2009-10-01 20:29 -------- d-----w- c:\users\Marta\AppData\Roaming\ICQ
2010-03-19 20:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-13 09:03 . 2009-09-06 13:54 99952 ----a-w- c:\users\Marta\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-01 09:02 . 2010-03-01 09:02 -------- d--h--r- c:\users\Marta\AppData\Roaming\SecuROM
2010-03-01 09:02 . 2010-03-01 09:02 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-01 08:50 . 2010-03-01 08:50 -------- d-----w- c:\program files\Electronic Arts
2010-02-27 19:54 . 2010-02-27 19:28 -------- d-----w- c:\program files\Your Uninstaller
2010-02-27 19:53 . 2010-01-09 10:06 -------- d-----w- c:\program files\Yahoo!
2010-02-27 19:49 . 2009-12-27 09:27 -------- d-----w- c:\programdata\avg9
2010-02-27 19:41 . 2010-02-27 19:41 -------- d-----w- c:\program files\Alwil Software
2010-02-27 19:28 . 2010-02-27 19:28 -------- d-----w- c:\users\Marta\AppData\Roaming\URSoft
2010-02-24 09:16 . 2009-10-02 16:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 17:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 17:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 17:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 17:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-04 21:13 . 2010-02-04 21:13 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4470.tmp.exe
2010-01-25 12:00 . 2010-02-27 19:45 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-27 19:45 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-27 19:45 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-27 19:45 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-27 19:45 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-27 19:45 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-27 19:45 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-27 19:45 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-27 19:45 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 20:11 . 2009-07-24 13:59 36864 ----a-w- c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2010-01-23 09:26 . 2010-02-27 19:46 2048 ----a-w- c:\windows\system32\tzres.dll
2008-12-23 20:36 . 2008-12-23 20:36 106496 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-05-22 15:35 . 2008-05-22 15:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 16:34 . 2007-06-12 16:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
2009-07-24 13:57 . 2009-07-24 13:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 08:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52 104936 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-24 14:03 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8b,7e,82,ed,aa,42,ca,01

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-03-13 140800]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_i386.sys [2009-01-14 230952]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-03-20 984064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 22:46]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 19:09
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(1844)
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\ASUS\SmartLogon\smartlogon.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\ASUS Live Update\ALU.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\windows\system32\conime.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\rpcnet.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Celkový čas: 2010-04-10 19:14:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-10 17:14
ComboFix2.txt 2010-04-10 15:58
ComboFix3.txt 2010-04-10 15:09

Před spuštěním: Volných bajtů: 125 967 331 328
Po spuštění: Volných bajtů: 125 838 094 336

- - End Of File - - 09DBE863DAC54F555FD8A202D652E73C
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: viry worms

#28 Příspěvek od stell »

ok,,opis stav pocitaca.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
Aneta87
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 05 bře 2010 08:48

Re: viry worms

#29 Příspěvek od Aneta87 »

ted uplne nechapu..:) jak opsat stav pocitace?
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: viry worms

#30 Příspěvek od stell »

Další problém je s řízením uživatelských účtů- nevím, jestli to souvisí s viry.. Každopádně když dám zapnout řízení účtů, tak se to potvrdí ok a po chvíli se to samo přepne do režimu vypnuto a pořád vyjíždí tabulka na povolení nebo stornování přístupu k programu - nejčastěji wmpscfgs.exe

díky za pomoc. aneta
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“