VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Win32.FraudLoad.edt

https://forum.viry.cz:443/viewtopic.php?t=107531

Stránka 1 z 1

Win32.FraudLoad.edt

Napsal: 14 pro 2010 19:53
od rogerooz
Dobrý den, potřeboval bych prosím poradit jak odstranit Win32.FraudLoad.edt a Microsoft.WindowsSecurityCenter_Disabled (našel jsem je pomocí SS&D). Verzi windows mám Windows 7 32bit pokud na tom záleží :)

Re: Win32.FraudLoad.edt

Napsal: 14 pro 2010 20:09
od Rudy
Nejdříve dejte log z RSIT:

Re: Win32.FraudLoad.edt

Napsal: 14 pro 2010 20:15
od rogerooz
S dovolením jsem udělal test ComboFixem :) Zde je Log:
Spuštěný z: c:\users\davcakingos\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\install.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-14 do 2010-12-14 )))))))))))))))))))))))))))))))
.

2010-12-14 19:03 . 2010-12-14 19:04 -------- d-----w- c:\users\davcakingos\AppData\Local\temp
2010-12-14 18:56 . 2010-12-14 18:57 -------- d-----w- C:\32788R22FWJFW
2010-12-14 18:02 . 2010-12-14 18:08 -------- d-----w- c:\users\davcakingos\AppData\Local\MicroVision Applications
2010-12-14 18:02 . 2006-09-21 06:42 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-12-14 18:02 . 2010-12-14 18:02 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-12-14 17:53 . 2010-12-14 17:53 210432 ----a-w- c:\windows\Oducoa.exe
2010-12-14 17:53 . 2010-12-14 17:53 73216 --sha-r- c:\windows\system32\OpenCLN.dll
2010-12-14 13:31 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD45EFA3-C045-4146-AD2C-D977D1E49C47}\mpengine.dll
2010-12-13 12:09 . 2010-12-13 12:09 -------- d-----w- c:\programdata\LightScribe
2010-12-12 23:00 . 2010-12-12 23:00 -------- d-----w- c:\program files\Common Files\LightScribe
2010-12-12 12:09 . 2010-12-12 12:09 -------- d-----w- c:\users\davcakingos\AppData\Local\Divinity 2
2010-12-12 12:02 . 2010-12-12 12:02 -------- d-----w- c:\programdata\Divinity 2
2010-12-11 21:38 . 2010-12-11 21:38 -------- d-----w- c:\users\davcakingos\AppData\Local\Two Worlds II
2010-12-11 21:23 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-12-11 21:23 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-12-11 21:23 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-12-11 21:23 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-12-11 21:23 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-12-11 21:23 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-12-11 21:23 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-12-11 21:23 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-12-09 10:47 . 2010-12-09 10:47 12800 ----a-w- c:\program files\Mozilla Firefox\plugins\npwachk.dll
2010-12-03 20:06 . 2010-12-13 22:16 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-03 20:05 . 2010-12-13 22:16 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-03 20:05 . 2010-12-03 20:11 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-03 15:07 . 2010-12-03 15:07 -------- d-----w- c:\users\davcakingos\AppData\Local\Ubisoft
2010-12-03 15:05 . 2010-12-03 15:05 -------- d-----w- c:\users\Public\Ubisoft
2010-12-03 15:00 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-12-03 15:00 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-12-03 15:00 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-12-03 14:58 . 2010-12-03 14:58 -------- d-----w- c:\programdata\InstallShield
2010-12-03 14:52 . 2007-04-27 09:12 78784 ----a-w- c:\windows\system32\ISUSPM.cpl
2010-12-03 14:52 . 2006-09-10 20:56 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
2010-12-03 14:52 . 2007-04-27 09:12 394184 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2010-12-03 14:52 . 2007-04-27 09:12 29640 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_ispmres.dll
2010-12-03 14:52 . 2006-09-10 20:56 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2010-12-03 14:52 . 2006-09-10 20:56 283568 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
2010-12-03 14:52 . 2006-09-10 20:56 992176 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2010-12-02 14:13 . 2006-02-07 14:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-12-02 14:13 . 2006-02-07 14:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2010-12-02 14:13 . 2006-02-07 14:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-12-02 14:13 . 2006-02-07 14:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2010-12-02 14:13 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-12-02 14:13 . 2010-12-02 14:13 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-12-02 14:13 . 2010-12-02 14:13 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-11-28 17:00 . 2009-07-14 01:15 315904 ----a-w- c:\windows\system32\Difxa2f7.rra
2010-11-28 16:58 . 2009-03-05 06:54 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-11-28 16:58 . 2009-05-22 14:52 167936 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2010-11-28 16:58 . 2010-11-28 16:58 -------- d-----w- c:\program files\Realtek
2010-11-27 16:51 . 2010-11-27 16:51 -------- d-----w- c:\programdata\Electronic Arts
2010-11-27 16:51 . 2010-11-27 16:51 -------- d-----w- c:\programdata\EA Core
2010-11-27 15:37 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-11-27 15:37 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-11-27 15:37 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-11-27 15:37 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-11-27 15:36 . 2010-11-27 16:51 -------- d-----w- c:\programdata\Solidshield
2010-11-26 22:05 . 2010-11-26 22:05 -------- d-sh--w- c:\windows\ftpcache
2010-11-23 19:33 . 2010-11-27 10:09 -------- d-----w- c:\users\davcakingos\AppData\Local\Activision
2010-11-19 14:50 . 2010-12-14 18:20 -------- d-----w- c:\program files\Common Files\Akamai
2010-11-19 10:49 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2010-11-19 10:49 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2010-11-19 10:49 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2010-11-19 10:49 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2010-11-19 10:49 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2010-11-19 10:49 . 2010-11-19 10:49 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2010-11-19 10:49 . 2010-11-19 10:49 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2010-11-19 01:45 . 2010-11-19 01:45 -------- d-----w- c:\programdata\Badoo
2010-11-18 22:10 . 2010-11-18 22:10 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-11-18 22:10 . 2010-11-18 22:10 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-11-16 11:36 . 2010-11-28 16:58 -------- d-----w- c:\windows\LastGood
2010-11-16 11:35 . 2010-11-16 11:35 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-13 22:16 . 2010-10-17 12:38 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-12-12 21:25 . 2010-10-09 14:27 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-12-03 20:06 . 2010-10-09 14:27 22328 ----a-w- c:\users\davcakingos\AppData\Roaming\PnkBstrK.sys
2010-12-03 20:05 . 2010-10-09 14:26 674600 ----a-w- c:\windows\system32\pbsvc.exe
2010-11-10 21:40 . 2010-11-10 21:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-10 04:33 . 2010-10-09 22:42 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-05 22:32 . 2010-11-05 22:32 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-11-05 22:32 . 2010-11-05 22:32 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-30 16:51 . 2010-10-30 16:51 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-10-30 16:51 . 2010-10-30 16:51 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-10-21 12:49 . 2010-10-21 12:49 49152 ----a-r- c:\users\davcakingos\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2010-10-19 20:51 . 2010-10-08 13:32 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 18:55 . 2010-10-28 13:30 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-10-16 18:55 . 2010-10-28 13:30 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-10-16 18:55 . 2010-10-28 13:30 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55 . 2010-10-28 13:30 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55 . 2010-10-28 13:30 319080 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-10-16 18:55 . 2010-10-28 13:30 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55 . 2010-10-28 13:30 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55 . 2010-10-28 13:30 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-10-16 18:55 . 2010-10-28 13:30 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-10-16 18:55 . 2010-10-28 13:30 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55 . 2010-10-28 13:30 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-10-16 18:55 . 2010-10-08 14:13 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-10-16 18:55 . 2010-10-08 14:13 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-16 18:55 . 2010-10-08 14:13 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 10:42 . 2010-10-16 10:42 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 10:42 . 2010-10-16 10:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 10:42 . 2010-10-16 10:42 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 10:42 . 2010-10-16 10:42 2079336 ----a-w- c:\windows\system32\nvsvc.dll
2010-10-08 16:21 . 2010-10-08 16:21 662 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-10-08 15:12 . 2010-10-08 15:12 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-08 14:17 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-10-08 14:17 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-09-16 08:24 . 2010-10-08 13:32 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1583D225-F44B-4BD9-B1E3-6EDA42DCAFF5}\mpengine.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-10 15:28 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-10-19 36864]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 1681408]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"QFan Help"="d:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-03-25 611968]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]

c:\users\davcakingos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - d:\program files\Xfire\Xfire.exe [2010-7-9 3493776]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2010-10-10 50848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\davcakingos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"ICQ"="d:\program files\ICQ7.2\ICQ.exe" silent loginmode=4
"Badoo Desktop"="c:\programdata\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe"
"NokiaOviSuite2"=c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"PWRISOVM.EXE"=d:\program files\PowerISO\PWRISOVM.EXE
"Adobe Photo Downloader"="d:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"T Probe"="d:\program files\ASUS\T Probe\TProbe.exe" -b
"TurboV EVO"="d:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" -b

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpuz130;cpuz130;c:\users\DAVCAK~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-09 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-08 691696]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [2009-12-28 96896]
S2 DvmMDES;DeviceVM Meta Data Export Service;d:\asus.sys\config\DVMExportService.exe [2009-07-17 319488]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\32bit\IOCBIOS.sys [2010-02-03 27312]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
S2 XTUService;Intel(R) Extreme Tuning Utility;c:\program files\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-04-09 22280]
S3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [2007-05-21 21168]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 59904]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 139648]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [2009-01-29 74392]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1086976]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 13:18 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2611472170-914919016-1591951789-1000Core.job
- c:\users\davcakingos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 14:04]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2611472170-914919016-1591951789-1000UA.job
- c:\users\davcakingos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 14:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\davcakingos\AppData\Roaming\Mozilla\Firefox\Profiles\176niq9g.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - d:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2611472170-914919016-1591951789-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:54,59,15,91,c2,c2,f8,13,0f,af,9d,69,b2,17,ea,a1,53,03,6f,3d,a7,07,bf,
06,c1,16,ac,5e,1d,57,c8,51,e6,d2,6f,74,1d,63,8f,75,2c,7a,fb,68,b4,77,2a,44,\
"??"=hex:ce,70,46,43,bc,32,a0,94,ed,76,8e,e0,0d,4c,af,d5

[HKEY_USERS\S-1-5-21-2611472170-914919016-1591951789-1000\Software\SecuROM\License information*]
"datasecu"=hex:eb,6d,f0,7c,5d,02,1c,ed,39,8a,2b,98,99,c7,6c,da,c7,f4,0e,e3,28,
5a,f8,29,f8,e8,9b,d9,92,07,87,90,c8,6a,cb,76,19,6f,6d,f7,6e,89,5f,82,30,25,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-12-14 20:05:07
ComboFix-quarantined-files.txt 2010-12-14 19:05

Před spuštěním: 9 521 033 216
Po spuštění: 9 518 194 688

- - End Of File - - 00D7248A7A5A81E77D315A69B8302349

Re: Win32.FraudLoad.edt

Napsal: 14 pro 2010 20:28
od Rudy
S dovolením jste si mohl shodit systém, buďte rád, že se to nestalo. Proč myslíte, že jsem vás rovnou o něj nepožádal? No nic, ještě dočistíme:

Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Collect::
c:\windows\Oducoa.exe
c:\windows\system32\Difxa2f7.rra

Folder::
c:\program files\Common Files\Akamai
c:\programdata\Badoo
c:\program files\Ask.com

Driver::
Akamai

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Win32.FraudLoad.edt

Napsal: 14 pro 2010 20:49
od rogerooz
No tak to jsem tedy velice rád. Měl jsem s viry problém již dříve a vždy mě prvně instruovali použít ComboFix k vytovření LOGu. Je pravda, že této problematice téměř vůbec nerozumím, takže příště nebudu dělat nic sám dopředu a počkám na instrukce. Mockrát děkuji za odbornou pomoc, jsem rád že je počítač opět čistý. :)

Re: Win32.FraudLoad.edt

Napsal: 14 pro 2010 21:59
od Rudy
Ještě porosím o log z posledního skenu, aby byla jistota, že nic nezbylo.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz