Prosím o pomoc, jak se zbavit DR/Autoit.YH.344. Mockrát děkuju.
Windows XP SP 3 (build 2600)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
Log vygenerován: 25.8.2010 22:15:55
================================================================
SmallARK
================================================================
[?]NtCreateKey ->
[?]NtCreateSection -> esgiguard.sys
[?]NtCreateThread ->
[?]NtDeleteKey ->
[?]NtDeleteValueKey ->
[?]NtLoadKey ->
[?]NtOpenProcess ->
[?]NtOpenThread ->
[?]NtReplaceKey ->
[?]NtRestoreKey ->
[?]NtSetValueKey ->
[?]NtTerminateProcess ->
Běžící procesy
================================================================
C:\PROGRAM FILES\AVIRA\ANTIVIR DESKTOP\SCHED.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE
C:\WINDOWS\SYSTEM32\EMAUDSV.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR DESKTOP\AVGNT.EXE
Scanner
================================================================
[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]
[?] sched.exe
Nemá okno
Soubor 7%
[?] avguard.exe
Nemá okno
Soubor 7%
[?] emaudsv.exe
Non Microsoft v System32:
Nemá okno
Soubor 7%
[R] AAWTray.exe
Spouští se po startu HKLM Run [Ad-Watch]
[R] igfxtray.exe
Spouští se po startu HKLM Run [IgfxTray]
[R] hkcmd.exe
Spouští se po startu HKLM Run [HotKeysCmds]
[R] igfxpers.exe
Spouští se po startu HKLM Run [Persistence]
[?] RTHDCPL.exe
Spouští se po startu HKLM Run [RTHDCPL]
[?] avgnt.exe
Spouští se po startu HKLM Run [avgnt]
Soubor 7%
[R] OpWareSE4.exe
Spouští se po startu HKLM Run [OpwareSE4]
[R] BJMYPRT.EXE
Spouští se po startu HKLM Run [CanonMyPrinter]
[S] ctfmon.exe
Spouští se po startu HKCU Run [CTFMON.EXE]
[S] msmsgs.exe
Spouští se po startu HKCU Run [MSMSGS]
[R] GoogleToolbarNotifier.exe
Spouští se po startu HKCU Run [swg]
[R] Skype.exe
Spouští se po startu HKCU Run [Skype]
[R] SSScheduler.exe
Spouští se po startu Po spuštění []
[R] skypePM.exe
EntryPoint v sekci: CODE
|_ Celkový počet sekcí: 8
Po spuštění
================================================================
HKCU Run
|_ [S][MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
|_ [R][Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized
HKLM Run
|_ [?][RTHDCPL] C:\WINDOWS\RTHDCPL.EXE
|_ [?][SkyTel] C:\WINDOWS\SkyTel.EXE
|_ [?][Alcmtr] C:\WINDOWS\ALCMTR.EXE
|_ [?][avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min
|_ [R][SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
|_ [?][QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime
|_ [R][CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
|_ [R][CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
HKLM RunServices
|_ [X][csrcs] C:\WINDOWS\system32\csrcs.exe (Soubor nenalezen)
HKLM Explorer\Run
|_ [X][csrcs] C:\WINDOWS\system32\csrcs.exe (Soubor nenalezen)
HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [?][{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] C:\WINDOWS\INF\msnetmtg.inf ,NetMtg.Install.PerUser.NT
|_ [?][{5945c046-1e7d-11d1-bc44-00c04fd912be}] C:\WINDOWS\INF\msmsgs.inf ,BLC.QuietInstall.PerUser
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS\INF\wmp11.inf ,PerUserStub
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll
HKLM Winlogon
|_ [?][Shell] Explorer.exe csrcs.exe
HKLM Winlogon Notify
|_ [?][igfxcui] C:\WINDOWS\system32\igfxdev.dll
Job
|_ [X][REALUP~2.JOB] C:\Program Files\Real\RealUpgrade\realupgrade.exe (Soubor nenalezen)
|_ [X][REALUP~1.JOB] C:\Program Files\Real\RealUpgrade\realupgrade.exe (Soubor nenalezen)
HKCU IE Toolbar
|_ [X][{1E796980-9CC5-11D1-A83F-00C04FC99D61}] (Soubor nenalezen)
Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] Avira AntiVir Scheduler
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\sched.exe
| |_ Výrobce: Avira GmbH
| |_ Popis: Antivirus Scheduler
| |_ MD5: 9015BC03F62940527EC92D45EE89E46F
|
|_ Jméno: AntiVirSchedulerService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency:
[?] Avira AntiVir Guard
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\avguard.exe
| |_ Výrobce: Avira GmbH
| |_ Popis: Antivirus On-Access Service
| |_ MD5: B8720A787C1223492E6F319465E996CE
|
|_ Jméno: AntiVirService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency:
[?] E-MU Audio Service
|_ Cesta: C:\WINDOWS\system32\emaudsv.exe
| |_ Výrobce: E-MU Systems
| |_ Popis: E-MU Audio Service
| |_ MD5: 2D77C535D32688D5FD6CD05C04E27948
|
|_ Jméno: emaudsv
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency: PlugPlay
Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[X] esgiguard
|_ Cesta: C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: esgiguard
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] ialm
|_ Cesta: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
| |_ Výrobce: Intel Corporation
| |_ Popis: Intel Graphics Miniport Driver
| |_ MD5: C4018896856A1A1F1F3A0A6EE7206551
|
|_ Jméno: ialm
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] iRiver Internet Audio Player IFP-100
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ifpusb.sys
| |_ Výrobce: iRiver, Inc.
| |_ Popis: iRiver Internet Audio Player USB Driver
| |_ MD5: 7ECFD849D2F4B1F01B10B711B1F96BB5
|
|_ Jméno: IFPUSB
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] Service for Realtek HD Audio (WDM)
|_ Cesta: C:\WINDOWS\system32\drivers\RtkHDAud.sys
| |_ Výrobce: Realtek Semiconductor Corp.
| |_ Popis: Realtek(r) High Definition Audio Function Driver
| |_ MD5: EB5608FD4F2961517AC9F5CAC88B023B
|
|_ Jméno: IntcAzAudAddService
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
TCP (2884) Skype.exe 0.0.0.0:80 LISTENING
TCP (848) svchost.exe 0.0.0.0:135 LISTENING
TCP (2884) Skype.exe 0.0.0.0:443 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (2884) Skype.exe 0.0.0.0:18001 LISTENING
TCP (1620) alg.exe 127.0.0.1:1025 LISTENING
TCP (4) Systém 192.168.1.100:139 LISTENING
TCP (2884) Skype.exe 192.168.1.100:1035 <-> 79.116.235.154:34631 ESTABLISHED
TCP (1132) AAWService.exe 192.168.1.100:1233 CLOSE_WAIT
TCP (1132) AAWService.exe 192.168.1.100:1234 CLOSE_WAIT
TCP (0) 192.168.1.100:1895 TIME_WAIT
TCP (0) 192.168.1.100:1896 TIME_WAIT
TCP (0) 192.168.1.100:1898 TIME_WAIT
TCP (0) 192.168.1.100:1899 TIME_WAIT
TCP (0) 192.168.1.100:1901 TIME_WAIT
TCP (0) 192.168.1.100:1902 TIME_WAIT
TCP (0) 192.168.1.100:1904 TIME_WAIT
TCP (0) 192.168.1.100:1905 TIME_WAIT
UDP (2884) Skype.exe 0.0.0.0:443 <-> 90.183.38.65:110 ESTABLISHED
UDP (4) Systém 0.0.0.0:445
UDP (600) lsass.exe 0.0.0.0:500
UDP (600) lsass.exe 0.0.0.0:4500
UDP (2884) Skype.exe 0.0.0.0:18001
UDP (916) svchost.exe 127.0.0.1:123
UDP (2884) Skype.exe 127.0.0.1:1032
UDP (4220) iexplore.exe 127.0.0.1:1563
UDP (1060) svchost.exe 127.0.0.1:1900
UDP (916) svchost.exe 192.168.1.100:123
UDP (4) Systém 192.168.1.100:137
UDP (4) Systém 192.168.1.100:138
UDP (1060) svchost.exe 192.168.1.100:1900
Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] unrar.dll
|_ Cesta: C:\Program Files\Lavasoft\Ad-Aware\unrar.dll
|_ MD5: 5B5DB8A0D5FB1CE6BC7261DBD2604822
|_ Výrobce: ?
|_ Procesy
|_ AAWService.exe (1132)
[?] shellext7.dll
|_ Cesta: C:\Program Files\Zoner\Photo Studio 7\Program\ShellExt7.dll
|_ MD5: 2A1D33255FD1C11124620459C08370EA
|_ Výrobce: ZONER software
|_ Procesy
|_ explorer.exe (1316)
[?] shlext.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\shlext.dll
|_ MD5: 318B0D2CF5470F724B217498553D36E6
|_ Výrobce: Avira GmbH
|_ Procesy
|_ explorer.exe (1316)
[?] ophookse4.dll
|_ Cesta: C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll
|_ MD5: FBA22C413FE8B13BA49D7535174DDBEF
|_ Výrobce: Nuance Communications, Inc.
|_ Procesy
|_ explorer.exe (1316)
|_ AAWTray.exe (2440)
|_ igfxtray.exe (2588)
|_ hkcmd.exe (2596)
|_ igfxpers.exe (2620)
|_ RTHDCPL.exe (2680)
|_ avgnt.exe (2704)
|_ OpWareSE4.exe (2724)
|_ BJMYPRT.EXE (2800)
|_ ctfmon.exe (2828)
|_ msmsgs.exe (2856)
|_ GoogleToolbarNotifier.exe (2864)
|_ Skype.exe (2884)
|_ skypePM.exe (3444)
|_ msimn.exe (3436)
|_ iexplore.exe (4320)
|_ iexplore.exe (4220)
|_ UPM.exe (3044)
[?] avevtlog.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\avevtlog.dll
|_ MD5: 8C3372E134E788CCB190913075619948
|_ Výrobce: Avira GmbH
|_ Procesy
|_ sched.exe (1468)
|_ avguard.exe (1760)
[?] sqlite3.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
|_ MD5: 22064F0107F144ACAA6BF444EBACA212
|_ Výrobce: ?
|_ Procesy
|_ sched.exe (1468)
|_ avguard.exe (1760)
[?] avpref.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\avpref.dll
|_ MD5: FB8E5AFBD9F99446888ED1DF354AD28B
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)
[?] smtplib.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\smtplib.dll
|_ MD5: 4DAD5D05D96D57DA36F61C40D3FB7241
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)
[?] avgio.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\avgio.dll
|_ MD5: E6279DB37754828A2F5016FDEEA25A0F
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)
[?] aecore.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aecore.dll
|_ MD5: ABBCB1867AD6C83615EF99220B25A3AD
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)
[?] aevdf.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aevdf.dll
|_ MD5: 100CAAF3542FB51FECA9C09DB1CB940D
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)
[?] aescript.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aescript.dll
|_ MD5: 8A471B46A195272B2F77BC30891A5221
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)
[?] aescn.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aescn.dll
|_ MD5: 2EE40BD646AE9E2AEA3282F2C86A05AD
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)
[?] aesbx.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aesbx.dll
|_ MD5: F3A07C983A0EE71D150BCFF15F6B40EC
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)
[?] aerdl.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aerdl.dll
|_ MD5: C56E00C5335383893257C5B1C1334D9C
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)
[?] aepack.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aepack.dll
|_ MD5: B2E908FFA076318BE80815A7DEA6FC83
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)
[!] unacev2.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\unacev2.dll
|_ MD5: F9622B84D0050D590CE71FD882A130EE
|_ Výrobce: ACE Compression Software
|_ Procesy
|_ avguard.exe (1760)
[?] aeoffice.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll
|_ MD5: 76AE96973EECFA76A88264FD873E5B26
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)
[?] aeheur.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aeheur.dll
|_ MD5: 94BB0C34A6CE650AF0F653914C59C4E3
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)
[?] aehelp.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aehelp.dll
|_ MD5: 282FF189AA970391CF1B7544A1A8A383
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)
[?] aegen.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aegen.dll
|_ MD5: 207DB427AEB4741D4CE7DB40AC603885
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)
[?] aeemu.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aeemu.dll
|_ MD5: 2364E3D43E8839AE6F47D4CA9AE05762
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)
[?] aebb.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aebb.dll
|_ MD5: 7E3D9E781E7D2E099BD424B188FBC9AA
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)
[?] avipc.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\avipc.dll
|_ MD5: 2013FBA8166C3EF321F15917A4957B9F
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)
|_ avgnt.exe (2704)
[?] ccgen.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\ccgen.dll
|_ MD5: 6773F1370B793DA385EB8B476595C103
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (2704)
[?] ccguard.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\ccguard.dll
|_ MD5: CE1FCCFC91C0A14DE738D03D252F87B1
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (2704)
[?] ccupdate.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\ccupdate.dll
|_ MD5: 2A13898F9AAC250EAD07C7267B16C49D
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (2704)
[?] cclic.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\cclic.dll
|_ MD5: E77B57B521E5212F341338CC7C4ADCDC
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (2704)
[?] ccmsg.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\ccmsg.dll
|_ MD5: 1D03CC5A2EE7204E7222405F71841FC2
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (2704)
[?] cclib.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\cclib.dll
|_ MD5: 580D9DC5EFFBFEF0B2A2186F947BF3EA
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (2704)
================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
DR/Autoit.YH.344
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: DR/Autoit.YH.344
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: DR/Autoit.YH.344
Děkuji. Zde je log z Combofixu:
ComboFix 10-08-24.0C - Owner 26.08.2010 10:09:25.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1579 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
c:\windows\system32\KBD0.dll
c:\windows\system32\msvcsv60.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-26 do 2010-08-26 )))))))))))))))))))))))))))))))
.
2010-08-25 17:43 . 2010-08-25 17:43 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-25 17:19 . 2010-08-25 20:15 -------- d-----w- c:\program files\Ultimate Process Manager
2010-08-25 14:48 . 2010-08-25 14:48 -------- d-----w- c:\program files\Enigma Software Group
2010-08-25 14:48 . 2010-08-25 19:19 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-08-25 14:44 . 2010-08-25 14:44 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-08-19 11:58 . 2010-08-19 11:58 -------- d-----w- c:\program files\ConvertHelper
2010-08-19 11:54 . 2010-08-19 11:54 -------- d-----w- c:\documents and settings\Owner\dwhelper
2010-08-15 20:51 . 2010-08-15 20:52 -------- d-----w- c:\program files\Any Video Convertor
2010-08-02 09:04 . 2004-08-03 20:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2010-08-02 09:04 . 2004-08-03 20:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-08-02 08:58 . 2010-08-02 08:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-30 06:56 . 2010-07-30 06:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-30 06:55 . 2010-07-30 06:55 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-07-30 06:55 . 2010-07-30 06:55 -------- d-----w- c:\windows\system32\LogFiles
2010-07-30 06:45 . 2010-07-30 06:45 -------- d-----w- c:\program files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 19:39 . 2009-10-20 22:58 -------- d-----w- c:\program files\Google
2010-08-25 14:48 . 2009-10-22 06:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-22 13:05 . 2010-07-25 16:54 -------- d-----w- c:\program files\Avidemux
2010-08-12 12:15 . 2009-10-22 18:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-12 12:15 . 2009-10-22 13:42 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-12 12:15 . 2006-03-02 12:00 91040 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 12:15 . 2006-03-02 12:00 454696 ----a-w- c:\windows\system32\perfh005.dat
2010-07-30 06:45 . 2009-10-21 20:26 -------- d-----w- c:\program files\Common Files\Real
2010-07-30 06:45 . 2009-10-21 20:26 -------- d-----w- c:\program files\Real
2010-07-25 18:29 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-25 18:29 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-21 16:46 . 2010-07-21 16:46 -------- d-----w- c:\program files\VideoLAN
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2006-03-02 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-17 05:56 . 2010-06-17 05:56 16 ----a-w- c:\windows\msocreg32.dat
2010-06-17 05:41 . 2010-06-17 05:41 2892 ----a-w- c:\windows\system32\audcon.sys
2010-06-14 14:31 . 2009-10-20 09:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 20:41 . 2010-06-10 20:41 0 ----a-w- c:\windows\nsreg.dat
2009-10-20 23:48 . 2009-10-20 23:48 677 ----a-w- c:\program files\Zástupce - SRAEB.lnk
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-22 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-08-12 864624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\winbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22.10.2009 15:42 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21.10.2009 0:41 108289]
R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [17.6.2010 7:34 20992]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12.8.2010 14:15 1355416]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12.8.2010 14:15 15008]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [17.6.2010 7:34 163352]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10.3.2010 8:18 24216]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [17.6.2010 7:41 18432]
.
Obsah adresáře 'Naplánované úlohy'
2010-08-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]
2010-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\govihvr9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove- - c:\windows\ \Setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 10:16
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-08-26 10:18:08
ComboFix-quarantined-files.txt 2010-08-26 08:18
Před spuštěním: Volných bajtů: 423 979 536 384
Po spuštění: Volných bajtů: 425 428 520 960
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 873ECAAD8B75D95FD76C5D2835A89F2E
ComboFix 10-08-24.0C - Owner 26.08.2010 10:09:25.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1579 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
c:\windows\system32\KBD0.dll
c:\windows\system32\msvcsv60.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-26 do 2010-08-26 )))))))))))))))))))))))))))))))
.
2010-08-25 17:43 . 2010-08-25 17:43 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-25 17:19 . 2010-08-25 20:15 -------- d-----w- c:\program files\Ultimate Process Manager
2010-08-25 14:48 . 2010-08-25 14:48 -------- d-----w- c:\program files\Enigma Software Group
2010-08-25 14:48 . 2010-08-25 19:19 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-08-25 14:44 . 2010-08-25 14:44 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-08-19 11:58 . 2010-08-19 11:58 -------- d-----w- c:\program files\ConvertHelper
2010-08-19 11:54 . 2010-08-19 11:54 -------- d-----w- c:\documents and settings\Owner\dwhelper
2010-08-15 20:51 . 2010-08-15 20:52 -------- d-----w- c:\program files\Any Video Convertor
2010-08-02 09:04 . 2004-08-03 20:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2010-08-02 09:04 . 2004-08-03 20:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-08-02 08:58 . 2010-08-02 08:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-30 06:56 . 2010-07-30 06:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-30 06:55 . 2010-07-30 06:55 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-07-30 06:55 . 2010-07-30 06:55 -------- d-----w- c:\windows\system32\LogFiles
2010-07-30 06:45 . 2010-07-30 06:45 -------- d-----w- c:\program files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 19:39 . 2009-10-20 22:58 -------- d-----w- c:\program files\Google
2010-08-25 14:48 . 2009-10-22 06:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-22 13:05 . 2010-07-25 16:54 -------- d-----w- c:\program files\Avidemux
2010-08-12 12:15 . 2009-10-22 18:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-12 12:15 . 2009-10-22 13:42 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-12 12:15 . 2006-03-02 12:00 91040 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 12:15 . 2006-03-02 12:00 454696 ----a-w- c:\windows\system32\perfh005.dat
2010-07-30 06:45 . 2009-10-21 20:26 -------- d-----w- c:\program files\Common Files\Real
2010-07-30 06:45 . 2009-10-21 20:26 -------- d-----w- c:\program files\Real
2010-07-25 18:29 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-25 18:29 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-21 16:46 . 2010-07-21 16:46 -------- d-----w- c:\program files\VideoLAN
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2006-03-02 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-17 05:56 . 2010-06-17 05:56 16 ----a-w- c:\windows\msocreg32.dat
2010-06-17 05:41 . 2010-06-17 05:41 2892 ----a-w- c:\windows\system32\audcon.sys
2010-06-14 14:31 . 2009-10-20 09:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 20:41 . 2010-06-10 20:41 0 ----a-w- c:\windows\nsreg.dat
2009-10-20 23:48 . 2009-10-20 23:48 677 ----a-w- c:\program files\Zástupce - SRAEB.lnk
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-22 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-08-12 864624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\winbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22.10.2009 15:42 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21.10.2009 0:41 108289]
R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [17.6.2010 7:34 20992]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12.8.2010 14:15 1355416]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12.8.2010 14:15 15008]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [17.6.2010 7:34 163352]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10.3.2010 8:18 24216]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [17.6.2010 7:41 18432]
.
Obsah adresáře 'Naplánované úlohy'
2010-08-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]
2010-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\govihvr9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove- - c:\windows\ \Setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 10:16
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-08-26 10:18:08
ComboFix-quarantined-files.txt 2010-08-26 08:18
Před spuštěním: Volných bajtů: 423 979 536 384
Po spuštění: Volných bajtů: 425 428 520 960
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 873ECAAD8B75D95FD76C5D2835A89F2E
Re: DR/Autoit.YH.344
Avira stále ukazuje virus TR/Dropper.Gen Trojan
Přikládám současný log z Combofix. Děkuji za radu.
ComboFix 10-08-24.0C - Owner 26.08.2010 17:45:55.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1338 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-26 do 2010-08-26 )))))))))))))))))))))))))))))))
.
2010-08-25 17:43 . 2010-08-25 17:43 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-25 17:19 . 2010-08-26 14:45 -------- d-----w- c:\program files\Ultimate Process Manager
2010-08-25 14:48 . 2010-08-25 14:48 -------- d-----w- c:\program files\Enigma Software Group
2010-08-25 14:48 . 2010-08-25 19:19 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-08-25 14:44 . 2010-08-25 14:44 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-08-19 11:58 . 2010-08-19 11:58 -------- d-----w- c:\program files\ConvertHelper
2010-08-19 11:54 . 2010-08-19 11:54 -------- d-----w- c:\documents and settings\Owner\dwhelper
2010-08-15 20:51 . 2010-08-15 20:52 -------- d-----w- c:\program files\Any Video Convertor
2010-08-02 09:04 . 2004-08-03 20:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2010-08-02 09:04 . 2004-08-03 20:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-08-02 08:58 . 2010-08-02 08:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-30 06:56 . 2010-07-30 06:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-30 06:55 . 2010-07-30 06:55 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-07-30 06:55 . 2010-07-30 06:55 -------- d-----w- c:\windows\system32\LogFiles
2010-07-30 06:45 . 2010-07-30 06:45 -------- d-----w- c:\program files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 19:39 . 2009-10-20 22:58 -------- d-----w- c:\program files\Google
2010-08-25 14:48 . 2009-10-22 06:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-22 13:05 . 2010-07-25 16:54 -------- d-----w- c:\program files\Avidemux
2010-08-12 12:15 . 2009-10-22 18:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-12 12:15 . 2009-10-22 13:42 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-12 12:15 . 2006-03-02 12:00 91040 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 12:15 . 2006-03-02 12:00 454696 ----a-w- c:\windows\system32\perfh005.dat
2010-07-30 06:45 . 2009-10-21 20:26 -------- d-----w- c:\program files\Common Files\Real
2010-07-30 06:45 . 2009-10-21 20:26 -------- d-----w- c:\program files\Real
2010-07-25 18:29 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-25 18:29 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-21 16:46 . 2010-07-21 16:46 -------- d-----w- c:\program files\VideoLAN
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2006-03-02 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-17 05:56 . 2010-06-17 05:56 16 ----a-w- c:\windows\msocreg32.dat
2010-06-17 05:41 . 2010-06-17 05:41 2892 ----a-w- c:\windows\system32\audcon.sys
2010-06-14 14:31 . 2009-10-20 09:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 20:41 . 2010-06-10 20:41 0 ----a-w- c:\windows\nsreg.dat
2009-10-20 23:48 . 2009-10-20 23:48 677 ----a-w- c:\program files\Zástupce - SRAEB.lnk
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-22 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-08-12 864624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\winbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22.10.2009 15:42 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21.10.2009 0:41 108289]
R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [17.6.2010 7:34 20992]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12.8.2010 14:15 1355416]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12.8.2010 14:15 15008]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [17.6.2010 7:34 163352]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10.3.2010 8:18 24216]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [17.6.2010 7:41 18432]
.
Obsah adresáře 'Naplánované úlohy'
2010-08-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]
2010-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\govihvr9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 17:51
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1220)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-08-26 17:52:13
ComboFix-quarantined-files.txt 2010-08-26 15:52
ComboFix2.txt 2010-08-26 08:18
Před spuštěním: Volných bajtů: 425 064 382 464
Po spuštění: Volných bajtů: 425 102 295 040
- - End Of File - - CCE120E9BFAD18B03239348F99BE63C2
Přikládám současný log z Combofix. Děkuji za radu.
ComboFix 10-08-24.0C - Owner 26.08.2010 17:45:55.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1338 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-26 do 2010-08-26 )))))))))))))))))))))))))))))))
.
2010-08-25 17:43 . 2010-08-25 17:43 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-25 17:19 . 2010-08-26 14:45 -------- d-----w- c:\program files\Ultimate Process Manager
2010-08-25 14:48 . 2010-08-25 14:48 -------- d-----w- c:\program files\Enigma Software Group
2010-08-25 14:48 . 2010-08-25 19:19 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-08-25 14:44 . 2010-08-25 14:44 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-08-19 11:58 . 2010-08-19 11:58 -------- d-----w- c:\program files\ConvertHelper
2010-08-19 11:54 . 2010-08-19 11:54 -------- d-----w- c:\documents and settings\Owner\dwhelper
2010-08-15 20:51 . 2010-08-15 20:52 -------- d-----w- c:\program files\Any Video Convertor
2010-08-02 09:04 . 2004-08-03 20:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2010-08-02 09:04 . 2004-08-03 20:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-08-02 08:58 . 2010-08-02 08:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-30 06:56 . 2010-07-30 06:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-30 06:55 . 2010-07-30 06:55 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-07-30 06:55 . 2010-07-30 06:55 -------- d-----w- c:\windows\system32\LogFiles
2010-07-30 06:45 . 2010-07-30 06:45 -------- d-----w- c:\program files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 19:39 . 2009-10-20 22:58 -------- d-----w- c:\program files\Google
2010-08-25 14:48 . 2009-10-22 06:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-22 13:05 . 2010-07-25 16:54 -------- d-----w- c:\program files\Avidemux
2010-08-12 12:15 . 2009-10-22 18:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-12 12:15 . 2009-10-22 13:42 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-12 12:15 . 2006-03-02 12:00 91040 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 12:15 . 2006-03-02 12:00 454696 ----a-w- c:\windows\system32\perfh005.dat
2010-07-30 06:45 . 2009-10-21 20:26 -------- d-----w- c:\program files\Common Files\Real
2010-07-30 06:45 . 2009-10-21 20:26 -------- d-----w- c:\program files\Real
2010-07-25 18:29 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-25 18:29 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-21 16:46 . 2010-07-21 16:46 -------- d-----w- c:\program files\VideoLAN
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2006-03-02 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-17 05:56 . 2010-06-17 05:56 16 ----a-w- c:\windows\msocreg32.dat
2010-06-17 05:41 . 2010-06-17 05:41 2892 ----a-w- c:\windows\system32\audcon.sys
2010-06-14 14:31 . 2009-10-20 09:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 20:41 . 2010-06-10 20:41 0 ----a-w- c:\windows\nsreg.dat
2009-10-20 23:48 . 2009-10-20 23:48 677 ----a-w- c:\program files\Zástupce - SRAEB.lnk
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-22 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-08-12 864624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\winbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22.10.2009 15:42 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21.10.2009 0:41 108289]
R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [17.6.2010 7:34 20992]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12.8.2010 14:15 1355416]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12.8.2010 14:15 15008]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [17.6.2010 7:34 163352]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10.3.2010 8:18 24216]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [17.6.2010 7:41 18432]
.
Obsah adresáře 'Naplánované úlohy'
2010-08-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]
2010-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\govihvr9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 17:51
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1220)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-08-26 17:52:13
ComboFix-quarantined-files.txt 2010-08-26 15:52
ComboFix2.txt 2010-08-26 08:18
Před spuštěním: Volných bajtů: 425 064 382 464
Po spuštění: Volných bajtů: 425 102 295 040
- - End Of File - - CCE120E9BFAD18B03239348F99BE63C2
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: DR/Autoit.YH.344
V logu není vidět. Ve kterém souboru se nachází?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?