Zprávy z facebooku

Zpráva

Slyghter · #1 Příspěvek od **Slyghter** » 05 led 2011 15:54

Dobrý den kamarádku ted nedavno zacal zlobit pocitac, tak sem si rekl ze ji pomuzu. Zamrzali ji filmy, z FB se ji posilal zpravy se spamem a velmi ji padal Firefox. Log z Rsitu byl proveden az po spusteni Combofixu....

ComboFix 11-01-04.06 - WORKSTATION 05.01.2011 15:37:21.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4095.2832 [GMT 1:00]
Spuštěný z: c:\users\WORKSTATION\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\nvsvc32.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-05 do 2011-01-05 )))))))))))))))))))))))))))))))
.

2011-01-05 14:39 . 2011-01-05 14:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-05 14:31 . 2010-12-31 20:06 38848 ----a-w- c:\windows\avastSS.scr
2011-01-05 14:31 . 2010-12-31 20:06 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-01-05 14:31 . 2011-01-05 14:31 -------- d-----w- c:\programdata\Alwil Software
2011-01-05 14:31 . 2011-01-05 14:31 -------- d-----w- c:\program files\Alwil Software
2011-01-04 20:54 . 2010-03-15 10:31 165376 ----a-w- c:\windows\SysWow64\unrar.dll
2011-01-04 20:54 . 2010-12-27 08:00 80896 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-01-04 20:54 . 2010-12-07 18:40 183808 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-01-04 20:54 . 2010-12-07 18:22 810496 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-01-04 20:54 . 2010-11-03 19:08 237568 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2011-01-04 20:54 . 2010-01-17 16:18 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-01-04 20:54 . 2006-10-18 19:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
2011-01-04 20:28 . 2011-01-04 20:50 -------- d-----w- c:\users\WORKSTATION\AppData\Roaming\BSplayer
2011-01-04 20:28 . 2011-01-04 20:28 -------- d-----w- c:\users\WORKSTATION\AppData\Roaming\BSplayer Pro
2011-01-04 09:04 . 2010-11-16 11:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06AB5962-5148-409F-B200-AD898F55C022}\mpengine.dll
2010-12-29 13:13 . 2010-12-29 13:13 -------- d-----w- c:\program files (x86)\ICQ6Toolbar
2010-12-29 13:13 . 2010-12-29 13:13 -------- d-----w- c:\programdata\ICQ
2010-12-29 13:13 . 2011-01-05 14:38 -------- d-----w- c:\users\WORKSTATION\AppData\Roaming\ICQ
2010-12-29 13:13 . 2010-12-29 13:13 -------- d-----w- c:\users\WORKSTATION\AppData\Local\AOL
2010-12-24 15:59 . 2010-12-24 15:59 -------- d-----w- c:\users\WORKSTATION\AppData\Local\Electronic Arts
2010-12-24 11:50 . 2010-12-24 11:50 -------- d-----w- c:\users\WORKSTATION\AppData\Local\Mozilla
2010-12-24 11:40 . 2010-12-24 11:40 -------- d-----w- c:\windows\SysWow64\Wat
2010-12-23 17:29 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2010-12-23 17:26 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2010-12-23 17:26 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2010-12-23 17:26 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2010-12-23 17:26 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2010-12-23 17:26 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2010-12-23 15:52 . 2010-05-05 06:46 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2010-12-23 15:51 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2010-12-23 15:48 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2010-12-23 15:48 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-02 04:34 . 2010-12-23 15:53 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-10-10 18:01 . 2010-06-08 15:38 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2010-10-10 18:01 . 2010-06-08 15:38 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="d:\icq\ICQ7.2\ICQ.exe" [2010-10-27 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-23 1255736]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-31 62032]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-12-11 6228480]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-12-11 160256]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - d:\slovník\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - d:\slovník\Verdict Free\etnxp.dll
FF - ProfilePath - c:\users\WORKSTATION\AppData\Roaming\Mozilla\Firefox\Profiles\dmrcdmv5.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.seznam.cz/?sourceid=FF_5&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Seznam liĹˇtiÄŤka: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files (x86)\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-01-05 15:41:40
ComboFix-quarantined-files.txt 2011-01-05 14:41

Před spuštěním: Volných bajtů: 19 282 681 856
Po spuštění: Volných bajtů: 20 477 874 176

- - End Of File - - A2EB529623015B177B32A068C02D79C8

RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by WORKSTATION at 2011-01-05 15:47:30
Microsoft Windows 7 Ultimate
System drive C: has 20 GB (39%) free of 50 GB
Total RAM: 4095 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:47:46, on 5.1.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
D:\ICQ\ICQ7.2\ICQ.exe
C:\Users\WORKSTATION\Documents\ICQ\396068041\ReceivedFiles\319192995 Valda\RSIT.exe
C:\Program Files (x86)\trend micro\WORKSTATION.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ICQ] "D:\ICQ\ICQ7.2\ICQ.exe" silent loginmode=4
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - D:\Slovník\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - D:\Slovník\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - D:\Slovník\Verdict Free\etnxp.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ\ICQ7.2\ICQ.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5094 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-12-11 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=D:\ICQ\ICQ7.2\ICQ.exe [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWow64\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\WORKSTATION\Downloads\facebook-pic00005267.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-01-05 15:47:30 ----D---- C:\rsit
2011-01-05 15:47:30 ----D---- C:\Program Files (x86)\trend micro
2011-01-05 15:41:41 ----A---- C:\ComboFix.txt
2011-01-05 15:36:51 ----A---- C:\Windows\zip.exe
2011-01-05 15:36:51 ----A---- C:\Windows\SWSC.exe
2011-01-05 15:36:51 ----A---- C:\Windows\SWREG.exe
2011-01-05 15:36:51 ----A---- C:\Windows\sed.exe
2011-01-05 15:36:51 ----A---- C:\Windows\PEV.exe
2011-01-05 15:36:51 ----A---- C:\Windows\NIRCMD.exe
2011-01-05 15:36:51 ----A---- C:\Windows\MBR.exe
2011-01-05 15:36:51 ----A---- C:\Windows\grep.exe
2011-01-05 15:36:47 ----D---- C:\Windows\ERDNT
2011-01-05 15:36:09 ----D---- C:\Qoobox
2011-01-05 15:35:53 ----A---- C:\Windows\SWXCACLS.exe
2011-01-05 15:34:34 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-01-05 15:31:53 ----A---- C:\Windows\SysWOW64\aswBoot.exe
2011-01-05 15:31:52 ----D---- C:\ProgramData\Alwil Software
2011-01-04 21:54:36 ----A---- C:\Windows\SysWOW64\unrar.dll
2011-01-04 21:54:36 ----A---- C:\Windows\avisplitter.ini
2011-01-04 21:54:35 ----A---- C:\Windows\SysWOW64\yv12vfw.dll
2011-01-04 21:54:35 ----A---- C:\Windows\SysWOW64\xvidvfw.dll
2011-01-04 21:54:35 ----A---- C:\Windows\SysWOW64\xvidcore.dll
2011-01-04 21:54:35 ----A---- C:\Windows\SysWOW64\ff_vfw.dll.manifest
2011-01-04 21:54:35 ----A---- C:\Windows\SysWOW64\ff_vfw.dll
2011-01-04 21:28:28 ----D---- C:\Users\WORKSTATION\AppData\Roaming\BSplayer Pro
2011-01-04 21:28:28 ----D---- C:\Users\WORKSTATION\AppData\Roaming\BSplayer
2010-12-29 14:13:40 ----D---- C:\Program Files (x86)\ICQ6Toolbar
2010-12-29 14:13:39 ----D---- C:\ProgramData\ICQ
2010-12-29 14:13:35 ----D---- C:\Users\WORKSTATION\AppData\Roaming\ICQ
2010-12-24 12:50:05 ----D---- C:\Users\WORKSTATION\AppData\Roaming\Mozilla
2010-12-24 12:40:58 ----D---- C:\Windows\SysWOW64\Wat
2010-12-23 18:29:56 ----A---- C:\Windows\SysWOW64\msv1_0.dll
2010-12-23 18:26:00 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll
2010-12-23 18:26:00 ----A---- C:\Windows\SysWOW64\PresentationHost.exe
2010-12-23 18:26:00 ----A---- C:\Windows\SysWOW64\netfxperf.dll
2010-12-23 18:26:00 ----A---- C:\Windows\SysWOW64\mscoree.dll
2010-12-23 18:26:00 ----A---- C:\Windows\SysWOW64\dfshim.dll
2010-12-23 16:53:15 ----A---- C:\Windows\SysWOW64\asycfilt.dll
2010-12-23 16:53:14 ----A---- C:\Windows\SysWOW64\tzres.dll
2010-12-23 16:53:10 ----A---- C:\Windows\SysWOW64\ntdll.dll
2010-12-23 16:53:07 ----A---- C:\Windows\SysWOW64\vbscript.dll
2010-12-23 16:53:05 ----A---- C:\Windows\SysWOW64\t2embed.dll
2010-12-23 16:53:03 ----A---- C:\Windows\SysWOW64\ole32.dll
2010-12-23 16:53:00 ----A---- C:\Windows\SysWOW64\taskschd.dll
2010-12-23 16:53:00 ----A---- C:\Windows\SysWOW64\taskeng.exe
2010-12-23 16:53:00 ----A---- C:\Windows\SysWOW64\taskcomp.dll
2010-12-23 16:53:00 ----A---- C:\Windows\SysWOW64\schtasks.exe
2010-12-23 16:52:57 ----A---- C:\Windows\SysWOW64\StructuredQuery.dll
2010-12-23 16:52:55 ----A---- C:\Windows\SysWOW64\atmlib.dll
2010-12-23 16:52:55 ----A---- C:\Windows\SysWOW64\atmfd.dll
2010-12-23 16:52:53 ----A---- C:\Windows\SysWOW64\CertEnroll.dll
2010-12-23 16:52:45 ----A---- C:\Windows\SysWOW64\secproc_ssp_isv.dll
2010-12-23 16:52:45 ----A---- C:\Windows\SysWOW64\secproc_ssp.dll
2010-12-23 16:52:45 ----A---- C:\Windows\SysWOW64\secproc_isv.dll
2010-12-23 16:52:45 ----A---- C:\Windows\SysWOW64\secproc.dll
2010-12-23 16:52:45 ----A---- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2010-12-23 16:52:45 ----A---- C:\Windows\SysWOW64\RMActivate_ssp.exe
2010-12-23 16:52:45 ----A---- C:\Windows\SysWOW64\RMActivate_isv.exe
2010-12-23 16:52:45 ----A---- C:\Windows\SysWOW64\RMActivate.exe
2010-12-23 16:52:36 ----A---- C:\Windows\SysWOW64\shell32.dll
2010-12-23 16:52:33 ----A---- C:\Windows\SysWOW64\inetcomm.dll
2010-12-23 16:52:33 ----A---- C:\Windows\SysWOW64\CPFilters.dll
2010-12-23 16:52:32 ----A---- C:\Windows\SysWOW64\psisdecd.dll
2010-12-23 16:52:26 ----A---- C:\Windows\SysWOW64\fontsub.dll
2010-12-23 16:52:19 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2010-12-23 16:52:19 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2010-12-23 16:52:17 ----A---- C:\Windows\SysWOW64\schannel.dll
2010-12-23 16:52:13 ----A---- C:\Windows\SysWOW64\comctl32.dll
2010-12-23 16:52:12 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2010-12-23 16:52:11 ----A---- C:\Windows\SysWOW64\explorer.exe
2010-12-23 16:52:11 ----A---- C:\Windows\explorer.exe
2010-12-23 16:52:07 ----A---- C:\Windows\SysWOW64\wow32.dll
2010-12-23 16:52:07 ----A---- C:\Windows\SysWOW64\user.exe
2010-12-23 16:52:07 ----A---- C:\Windows\SysWOW64\setup16.exe
2010-12-23 16:52:07 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2010-12-23 16:52:07 ----A---- C:\Windows\SysWOW64\instnm.exe
2010-12-23 16:52:06 ----A---- C:\Windows\SysWOW64\rtutils.dll
2010-12-23 16:51:59 ----A---- C:\Windows\SysWOW64\webio.dll
2010-12-23 16:51:58 ----A---- C:\Windows\SysWOW64\iccvid.dll
2010-12-23 16:51:47 ----A---- C:\Windows\SysWOW64\wmpmde.dll
2010-12-23 16:51:46 ----A---- C:\Windows\SysWOW64\tsbyuv.dll
2010-12-23 16:51:46 ----A---- C:\Windows\SysWOW64\quartz.dll
2010-12-23 16:51:46 ----A---- C:\Windows\SysWOW64\msyuv.dll
2010-12-23 16:51:46 ----A---- C:\Windows\SysWOW64\msvidc32.dll
2010-12-23 16:51:46 ----A---- C:\Windows\SysWOW64\msrle32.dll
2010-12-23 16:51:46 ----A---- C:\Windows\SysWOW64\mciavi32.dll
2010-12-23 16:51:46 ----A---- C:\Windows\SysWOW64\iyuv_32.dll
2010-12-23 16:51:46 ----A---- C:\Windows\SysWOW64\avifil32.dll
2010-12-23 16:51:37 ----A---- C:\Windows\SysWOW64\msxml3.dll
2010-12-23 16:51:34 ----A---- C:\Windows\SysWOW64\jscript.dll
2010-12-23 16:51:31 ----A---- C:\Windows\SysWOW64\sspicli.dll
2010-12-23 16:51:31 ----A---- C:\Windows\SysWOW64\secur32.dll
2010-12-23 16:51:26 ----A---- C:\Windows\SysWOW64\mfc40u.dll
2010-12-23 16:51:26 ----A---- C:\Windows\SysWOW64\mfc40.dll
2010-12-23 16:51:23 ----A---- C:\Windows\SysWOW64\msasn1.dll
2010-12-23 16:51:22 ----A---- C:\Windows\SysWOW64\wmp.dll
2010-12-23 16:51:21 ----A---- C:\Windows\SysWOW64\wmploc.DLL
2010-12-23 16:51:18 ----A---- C:\Windows\SysWOW64\sscore.dll
2010-12-23 16:50:31 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-12-23 16:50:31 ----A---- C:\Windows\SysWOW64\iertutil.dll
2010-12-23 16:50:30 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-12-23 16:50:30 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-12-23 16:50:30 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-12-23 16:50:30 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-12-23 16:50:30 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2010-12-23 16:50:30 ----A---- C:\Windows\SysWOW64\licmgr10.dll
2010-12-23 16:50:30 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-12-23 16:50:30 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-12-23 16:50:30 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-12-23 16:50:29 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2010-12-23 16:50:29 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2010-12-23 16:50:29 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-12-23 16:50:29 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-12-23 16:48:30 ----A---- C:\Windows\SysWOW64\wintrust.dll
2010-12-23 16:48:28 ----A---- C:\Windows\SysWOW64\cabview.dll

======List of files/folders modified in the last 1 months======

2011-01-05 15:47:33 ----D---- C:\Windows\Temp
2011-01-05 15:47:30 ----RD---- C:\Program Files (x86)
2011-01-05 15:40:14 ----D---- C:\Windows
2011-01-05 15:40:14 ----A---- C:\Windows\system.ini
2011-01-05 15:38:48 ----D---- C:\Windows\SysWOW64\drivers
2011-01-05 15:38:48 ----D---- C:\Windows\SysWOW64
2011-01-05 15:38:48 ----D---- C:\Windows\System32
2011-01-05 15:38:48 ----D---- C:\Windows\AppPatch
2011-01-05 15:38:47 ----D---- C:\Program Files (x86)\Common Files
2011-01-05 15:33:32 ----D---- C:\Windows\Prefetch
2011-01-05 15:32:20 ----SHD---- C:\Windows\Installer
2011-01-05 15:32:16 ----D---- C:\Windows\winsxs
2011-01-05 15:31:52 ----SHD---- C:\System Volume Information
2011-01-05 15:31:52 ----RD---- C:\Program Files
2011-01-05 15:31:52 ----D---- C:\ProgramData
2011-01-05 15:15:13 ----D---- C:\Windows\inf
2010-12-29 14:13:39 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-12-25 12:36:05 ----D---- C:\ProgramData\Electronic Arts
2010-12-25 10:09:44 ----D---- C:\Windows\rescache
2010-12-24 19:40:18 ----D---- C:\Windows\Minidump
2010-12-24 16:59:24 ----D---- C:\Program Files (x86)\Electronic Arts
2010-12-24 16:48:51 ----D---- C:\Windows\Microsoft.NET
2010-12-24 16:48:47 ----RSD---- C:\Windows\assembly
2010-12-24 12:41:06 ----D---- C:\Windows\SysWOW64\cs-CZ
2010-12-24 12:41:05 ----D---- C:\Program Files (x86)\Internet Explorer
2010-12-24 12:41:03 ----D---- C:\Windows\ehome
2010-12-24 12:41:03 ----D---- C:\Program Files (x86)\Windows Mail
2010-12-24 12:40:56 ----D---- C:\Program Files (x86)\Windows Media Player
2010-12-24 12:40:55 ----D---- C:\Windows\SysWOW64\migration
2010-12-23 18:21:45 ----D---- C:\Windows\SoftwareDistribution
2010-12-23 16:47:39 ----D---- C:\Windows\Logs
2010-12-23 12:02:46 ----SD---- C:\ProgramData\Microsoft
2010-12-18 15:30:29 ----D---- C:\Windows\debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys []
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-31 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 05 led 2011 16:03

Zdravim a pekny den preji

Kdyz tak rad pouzivate ComboFix a pomahat, tak proc si jeho log nevylustite

Svevolne pouziti CFka je zakazano, navic vizte nebezepeci nize

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Folder::
c:\program files (x86)\ICQ6Toolbar

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\WORKSTATION\Downloads\facebook-pic00005267.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-

Driver::
ICQ Service

DDS::
uStart Page = hxxp://start.icq.com/

Firefox::
FF - ProfilePath - c:\users\WORKSTATION\AppData\Roaming\Mozilla\Firefox\Profiles\dmrcdmv5.default\
FF - prefs.js: keyword.URL - hxxp://search.seznam.cz/?sourceid=FF_5&q=

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

File::
C:\Users\WORKSTATION\Downloads\facebook-pic00005267.exe

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Slyghter · #3 Příspěvek od **Slyghter** » 05 led 2011 18:16

Omlouvam se, kamaradka me poslala pouze ty logy, uz sem ji poucil... Diky moc ale za pomoc. Tu je log

ComboFix 11-01-04.06 - WORKSTATION 05.01.2011 18:07:00.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4095.2866 [GMT 1:00]
Spuštěný z: c:\users\WORKSTATION\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\WORKSTATION\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\users\WORKSTATION\Downloads\facebook-pic00005267.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\ICQ6Toolbar
c:\program files (x86)\ICQ6Toolbar\config.xml
c:\program files (x86)\ICQ6Toolbar\Icons.bmp
c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe
c:\program files (x86)\ICQ6Toolbar\icq6Toolbar.ico
c:\program files (x86)\ICQ6Toolbar\ICQToolBar.dll
c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files (x86)\ICQ6Toolbar\logo_small.gif
c:\program files (x86)\ICQ6Toolbar\ServiceStarter.exe
c:\program files (x86)\ICQ6Toolbar\short.wav
c:\program files (x86)\ICQ6Toolbar\Version.txt
c:\users\WORKSTATION\Downloads\facebook-pic00005267.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ICQ Service

((((((((((((((((((((((((( Soubory vytvořené od 2010-12-05 do 2011-01-05 )))))))))))))))))))))))))))))))
.

2011-01-05 17:09 . 2011-01-05 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-05 14:47 . 2011-01-05 14:47 -------- d-----w- C:\rsit
2011-01-05 14:47 . 2011-01-05 14:47 -------- d-----w- c:\program files (x86)\trend micro
2011-01-05 14:31 . 2010-12-31 20:06 38848 ----a-w- c:\windows\avastSS.scr
2011-01-05 14:31 . 2010-12-31 20:06 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-01-05 14:31 . 2011-01-05 14:31 -------- d-----w- c:\programdata\Alwil Software
2011-01-05 14:31 . 2011-01-05 14:31 -------- d-----w- c:\program files\Alwil Software
2011-01-04 20:54 . 2010-03-15 10:31 165376 ----a-w- c:\windows\SysWow64\unrar.dll
2011-01-04 20:54 . 2010-12-27 08:00 80896 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-01-04 20:54 . 2010-12-07 18:40 183808 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-01-04 20:54 . 2010-12-07 18:22 810496 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-01-04 20:54 . 2010-11-03 19:08 237568 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2011-01-04 20:54 . 2010-01-17 16:18 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-01-04 20:54 . 2006-10-18 19:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
2011-01-04 20:28 . 2011-01-04 20:50 -------- d-----w- c:\users\WORKSTATION\AppData\Roaming\BSplayer
2011-01-04 20:28 . 2011-01-04 20:28 -------- d-----w- c:\users\WORKSTATION\AppData\Roaming\BSplayer Pro
2011-01-04 09:04 . 2010-11-16 11:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06AB5962-5148-409F-B200-AD898F55C022}\mpengine.dll
2010-12-29 13:13 . 2010-12-29 13:13 -------- d-----w- c:\programdata\ICQ
2010-12-29 13:13 . 2011-01-05 17:10 -------- d-----w- c:\users\WORKSTATION\AppData\Roaming\ICQ
2010-12-29 13:13 . 2010-12-29 13:13 -------- d-----w- c:\users\WORKSTATION\AppData\Local\AOL
2010-12-24 15:59 . 2010-12-24 15:59 -------- d-----w- c:\users\WORKSTATION\AppData\Local\Electronic Arts
2010-12-24 11:50 . 2010-12-24 11:50 -------- d-----w- c:\users\WORKSTATION\AppData\Local\Mozilla
2010-12-24 11:40 . 2010-12-24 11:40 -------- d-----w- c:\windows\SysWow64\Wat
2010-12-23 17:29 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2010-12-23 17:26 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2010-12-23 17:26 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2010-12-23 17:26 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2010-12-23 17:26 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2010-12-23 17:26 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2010-12-23 15:52 . 2010-05-05 06:46 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2010-12-23 15:51 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2010-12-23 15:48 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2010-12-23 15:48 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-02 04:34 . 2010-12-23 15:53 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-10-10 18:01 . 2010-06-08 15:38 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2010-10-10 18:01 . 2010-06-08 15:38 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-01-05_14.40.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-01-05 14:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-01-05 17:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-05 14:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-05 17:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-05 14:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-05 17:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-05 17:10 . 2011-01-05 17:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-05 14:11 . 2011-01-05 14:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-05 17:10 . 2011-01-05 17:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-01-05 14:11 . 2011-01-05 14:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-01-05 14:15 606992 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-01-05 16:52 606992 c:\windows\system32\perfh009.dat
- 2009-07-14 15:18 . 2011-01-05 14:15 622422 c:\windows\system32\perfh005.dat
+ 2009-07-14 15:18 . 2011-01-05 16:52 622422 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2011-01-05 16:52 103370 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-01-05 14:15 103370 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2011-01-05 14:15 118604 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2011-01-05 16:52 118604 c:\windows\system32\perfc005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="d:\icq\ICQ7.2\ICQ.exe" [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-23 1255736]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-31 62032]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-12-11 6228480]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-12-11 160256]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF17243.cfxxe" [X]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - d:\slovník\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - d:\slovník\Verdict Free\etnxp.dll
FF - ProfilePath - c:\users\WORKSTATION\AppData\Roaming\Mozilla\Firefox\Profiles\dmrcdmv5.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Seznam liĹˇtiÄŤka: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files (x86)\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe

.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
.
**************************************************************************
.
Celkový čas: 2011-01-05 18:12:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-05 17:12
ComboFix2.txt 2011-01-05 14:41

Před spuštěním: Volných bajtů: 20 389 072 896
Po spuštění: Volných bajtů: 19 890 040 832

- - End Of File - - FF0936A52479C7BA6D3B8BCB82E1AF8C

#4 Příspěvek od **vyosek** » 05 led 2011 18:20

Jak se chova PC, stale si sam povida po FB

Slyghter · #5 Příspěvek od **Slyghter** » 05 led 2011 19:40

FB je jiz normalni nikdo si ji nestezuje ze by rozesilala neco, pracuje vse jak ma byt.... Diky moc

#6 Příspěvek od **vyosek** » 05 led 2011 19:57

Jeste tedy uklidime

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

A pokud tedy nejsou problemy nebo dotazy, je to z me strany vse

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

VIRY.CZ

Zprávy z facebooku

Zprávy z facebooku

Re: Zprávy z facebooku

Re: Zprávy z facebooku

Re: Zprávy z facebooku

Re: Zprávy z facebooku

Re: Zprávy z facebooku