Prosím o kontrolu logu

Zpráva

Slim_ · #1 Příspěvek od **Slim_** » 15 pro 2010 08:45

Dobrý den,

již několik dní mám zpomalený internet, prosím o kontrolu logu, jestli se nejedná o nějaký vir.

ComboFix 10-12-14.04 - Petr 15.12.2010 8:27.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.3.1250.420.1029.18.3957.2731 [GMT 1:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-15 do 2010-12-15 )))))))))))))))))))))))))))))))
.

2015-12-12 15:17 . 2015-12-12 15:17 33408 ----a-w- c:\windows\SysWow64\drivers\fsbts.sys
2015-12-12 15:16 . 2015-12-12 15:14 574632 ----a-w- c:\windows\SysWow64\msvcp50.dll
2015-12-12 15:15 . 2010-12-12 16:46 -------- d-----w- c:\program files (x86)\F-Secure
2015-12-12 15:09 . 2015-12-12 15:14 -------- d-----w- c:\programdata\fssg
2010-12-15 07:29 . 2010-12-15 07:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-14 13:00 . 2010-12-14 13:00 110080 ----a-r- c:\users\Petr\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2010-12-14 13:00 . 2010-12-14 13:00 110080 ----a-r- c:\users\Petr\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2010-12-14 13:00 . 2010-12-14 13:00 -------- d-----w- C:\sh4ldr
2010-12-14 13:00 . 2010-12-14 13:00 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-12-14 12:40 . 2010-12-14 12:40 -------- d-----w- c:\program files (x86)\Enigma Software Group
2010-12-14 12:39 . 2010-12-14 12:56 -------- d-----w- c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP
2010-12-14 11:45 . 2010-11-16 11:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{37CCA0BC-2AC4-44F6-B9A3-8278811192B6}\mpengine.dll
2010-12-12 16:49 . 2010-09-07 15:47 20048 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-12 16:49 . 2010-09-07 15:52 121936 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-12 16:49 . 2010-09-07 15:47 28752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-12 16:49 . 2010-09-07 15:52 51280 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-12 16:49 . 2010-09-07 15:47 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-12 16:48 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-12 16:48 . 2010-09-07 16:11 167592 ----a-w- c:\windows\SysWow64\aswBoot.exe
2010-12-12 16:48 . 2010-12-12 16:48 -------- d-----w- c:\programdata\Alwil Software
2010-12-12 16:48 . 2010-12-12 16:48 -------- d-----w- c:\program files\Alwil Software
2010-12-12 14:58 . 2010-12-12 16:27 -------- d-----w- c:\programdata\f-secure
2010-12-11 14:08 . 2010-12-11 14:08 -------- d-----w- c:\programdata\Kaspersky Lab
2010-12-10 11:46 . 2010-12-10 11:47 -------- d-----w- c:\users\Petr\AppData\Roaming\Anti-spyware
2010-12-08 14:58 . 2010-12-08 14:58 -------- d-----w- c:\program files (x86)\GamePark
2010-12-05 18:56 . 2010-12-15 07:20 -------- d-----w- c:\users\AppData
2010-12-05 18:56 . 2010-12-05 18:56 -------- d-----w- c:\program files (x86)\Movier-media
2010-12-05 17:38 . 2010-12-05 17:38 -------- d-----w- c:\program files (x86)\Microsoft Works
2010-12-05 17:35 . 2010-12-05 17:35 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2010-12-05 17:33 . 2010-12-05 17:33 -------- d-----r- C:\MSOCache
2010-11-24 11:16 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-24 11:16 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-23 19:18 . 2010-11-23 19:18 34120 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-11-18 19:02 . 2010-12-08 16:44 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2010-11-18 19:02 . 2010-12-08 16:44 234392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2010-11-15 13:22 . 2010-11-15 13:22 -------- d-----w- c:\users\Petr\AppData\Local\Two Worlds II
2010-11-15 13:14 . 2007-10-12 14:14 5081608 ----a-w- c:\windows\system32\d3dx9_36.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-08 16:44 . 2010-08-01 18:44 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-12-08 15:06 . 2010-07-31 10:08 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-10-19 09:41 . 2010-07-30 12:30 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-09-27 22:53 . 2010-09-27 22:53 3124 ----a-w- c:\users\Petr\wxDA7E5.tmp
2010-09-27 21:57 . 2010-09-27 21:57 2316 ----a-w- c:\users\Petr\wxD5F83.tmp
2010-09-27 21:57 . 2010-09-27 21:57 54 ----a-w- c:\users\Petr\wxD15C4.tmp
2010-09-27 21:57 . 2010-09-27 21:57 31 ----a-w- c:\users\Petr\wxD15C5.tmp
2010-09-27 21:57 . 2010-09-27 21:57 29 ----a-w- c:\users\Petr\wxD15D7.tmp
2010-09-27 21:57 . 2010-09-27 21:57 29 ----a-w- c:\users\Petr\wxD15D6.tmp
2010-09-27 21:57 . 2010-09-27 21:57 2348 ----a-w- c:\users\Petr\wxD15C3.tmp
2010-09-27 21:55 . 2010-09-27 21:55 1007 ----a-w- c:\users\Petr\wxDFF2B.tmp
2010-09-27 20:46 . 2010-09-27 20:46 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-09-27 20:46 . 2010-09-27 20:46 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-15_07.19.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 02:34 . 2010-12-15 07:21 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2010-12-14 13:41 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files (x86)\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\tbXfir.dll" [2010-06-13 2734688]
"{ce10bf86-da68-441e-91fa-38336363e3cd}"= "c:\program files (x86)\Movier-media\tbMovi.dll" [2010-03-09 2355224]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CLASSES_ROOT\clsid\{ce10bf86-da68-441e-91fa-38336363e3cd}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-06-13 17:10 2734688 ----a-w- c:\program files (x86)\XfireXO\tbXfir.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ce10bf86-da68-441e-91fa-38336363e3cd}]
2010-03-09 10:06 2355224 ----a-w- c:\program files (x86)\Movier-media\tbMovi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\tbXfir.dll" [2010-06-13 2734688]
"{ce10bf86-da68-441e-91fa-38336363e3cd}"= "c:\program files (x86)\Movier-media\tbMovi.dll" [2010-03-09 2355224]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CLASSES_ROOT\clsid\{ce10bf86-da68-441e-91fa-38336363e3cd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-17 1242448]
"Skype"="c:\program files (x86)\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"uTorrent"="c:\users\Petr\Desktop\utorrent.exe" [2010-10-14 328056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-10-01 111640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-07 136176]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-30 1255736]
R3 X6va002;X6va002;c:\users\Petr\AppData\Local\Temp\00248C9.tmp [x]
R3 X6va003;X6va003;c:\users\Petr\AppData\Local\Temp\003CB6B.tmp [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-30 834544]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]

.
Obsah adresáře 'Naplánované úlohy'

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-07 17:23]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-07 17:23]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-16 8114720]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: ????3??
IE: ????3??????
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: ????3?? - c:\users\Petr\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\Petr\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
WebBrowser-{CE10BF86-DA68-441E-91FA-38336363E3CD} - (no file)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\Petr\AppData\Local\Temp\00248C9.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Petr\AppData\Local\Temp\003CB6B.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-582365400-1332531107-906953223-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="c:\\Users\\Petr\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-582365400-1332531107-906953223-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Users\\Petr\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_USERS\S-1-5-21-582365400-1332531107-906953223-1000\Software\SecuROM\License information*]
"datasecu"=hex:86,db,95,18,f9,03,48,41,fc,97,f2,25,1a,de,0c,cd,14,4f,fc,cd,1e,
9c,22,d4,b2,45,72,88,f6,a5,b3,90,11,bd,29,97,f7,ce,5a,14,ac,c9,ff,b7,aa,98,\
"rkeysecu"=hex:fa,f1,6a,d4,43,5c,8e,72,8a,6a,02,82,58,4c,bd,6d

[HKEY_USERS\S-1-5-21-582365400-1332531107-906953223-1000_Classes\Wow6432Node\CLSID\{18f22bbf-b0ec-4f4f-b297-a4808d4114e9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000f3
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,99,fb,1d,e9,47,3d,8f,19,74,76,95,e5,7e,99,\

[HKEY_USERS\S-1-5-21-582365400-1332531107-906953223-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):68,31,1a,04,94,8b,3d,7e,a5,6f,8b,c3,74,f5,68,61,9a,2c,4d,0b,95,
d9,9f,9f,b6,e9,69,41,8a,a2,3a,98,46,ad,81,01,50,25,f3,f0,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-12-15 08:31:03
ComboFix-quarantined-files.txt 2010-12-15 07:31
ComboFix2.txt 2010-12-15 07:20

Před spuštěním: Volných bajtů: 20 653 854 720
Po spuštění: Volných bajtů: 20 588 810 240

- - End Of File - - FD7408B670B1C2AF10E968D80A90139F

#2 Příspěvek od **Rudy** » 15 pro 2010 17:33

Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\users\Petr\wxDA7E5.tmp
c:\users\Petr\wxD5F83.tmp
c:\users\Petr\wxD15C4.tmp
c:\users\Petr\wxD15C5.tmp
c:\users\Petr\wxD15D7.tmp
c:\users\Petr\wxD15D6.tmp
c:\users\Petr\wxD15C3.tmp
c:\users\Petr\wxDFF2B.tmp
c:\users\Petr\AppData\Local\Temp\00248C9.tmp
c:\users\Petr\AppData\Local\Temp\003CB6B.tmp

Driver::
X6va002
X6va003

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Slim_ · #3 Příspěvek od **Slim_** » 15 pro 2010 20:09

Problém s internetem to nevyřešilo, zde je log, možná je problém u poskytovatele...

ComboFix 10-12-14.04 - Petr 15.12.2010 19:57:51.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.3.1250.420.1029.18.3957.2350 [GMT 1:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Petr\wxD15C3.tmp
c:\users\Petr\wxD15C4.tmp
c:\users\Petr\wxD15C5.tmp
c:\users\Petr\wxD15D6.tmp
c:\users\Petr\wxD15D7.tmp
c:\users\Petr\wxD5F83.tmp
c:\users\Petr\wxDA7E5.tmp
c:\users\Petr\wxDFF2B.tmp

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_X6VA002
-------\Legacy_X6VA003
-------\Service_X6va002
-------\Service_X6va003

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-15 do 2010-12-15 )))))))))))))))))))))))))))))))
.

2015-12-12 15:17 . 2015-12-12 15:17 33408 ----a-w- c:\windows\SysWow64\drivers\fsbts.sys
2015-12-12 15:16 . 2015-12-12 15:14 574632 ----a-w- c:\windows\SysWow64\msvcp50.dll
2015-12-12 15:15 . 2010-12-12 16:46 -------- d-----w- c:\program files (x86)\F-Secure
2015-12-12 15:09 . 2015-12-12 15:14 -------- d-----w- c:\programdata\fssg
2010-12-14 13:00 . 2010-12-14 13:00 110080 ----a-r- c:\users\Petr\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2010-12-14 13:00 . 2010-12-14 13:00 110080 ----a-r- c:\users\Petr\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2010-12-14 13:00 . 2010-12-14 13:00 -------- d-----w- C:\sh4ldr
2010-12-14 13:00 . 2010-12-14 13:00 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-12-14 12:40 . 2010-12-14 12:40 -------- d-----w- c:\program files (x86)\Enigma Software Group
2010-12-14 12:39 . 2010-12-14 12:56 -------- d-----w- c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP
2010-12-14 11:45 . 2010-11-16 11:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{37CCA0BC-2AC4-44F6-B9A3-8278811192B6}\mpengine.dll
2010-12-12 16:49 . 2010-09-07 15:47 20048 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-12 16:49 . 2010-09-07 15:52 121936 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-12 16:49 . 2010-09-07 15:47 28752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-12 16:49 . 2010-09-07 15:52 51280 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-12 16:49 . 2010-09-07 15:47 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-12 16:48 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-12 16:48 . 2010-09-07 16:11 167592 ----a-w- c:\windows\SysWow64\aswBoot.exe
2010-12-12 16:48 . 2010-12-12 16:48 -------- d-----w- c:\programdata\Alwil Software
2010-12-12 16:48 . 2010-12-12 16:48 -------- d-----w- c:\program files\Alwil Software
2010-12-12 14:58 . 2010-12-12 16:27 -------- d-----w- c:\programdata\f-secure
2010-12-11 14:08 . 2010-12-11 14:08 -------- d-----w- c:\programdata\Kaspersky Lab
2010-12-10 11:46 . 2010-12-10 11:47 -------- d-----w- c:\users\Petr\AppData\Roaming\Anti-spyware
2010-12-08 14:58 . 2010-12-08 14:58 -------- d-----w- c:\program files (x86)\GamePark
2010-12-05 18:56 . 2010-12-15 07:20 -------- d-----w- c:\users\AppData
2010-12-05 18:56 . 2010-12-05 18:56 -------- d-----w- c:\program files (x86)\Movier-media
2010-12-05 17:38 . 2010-12-05 17:38 -------- d-----w- c:\program files (x86)\Microsoft Works
2010-12-05 17:35 . 2010-12-05 17:35 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2010-12-05 17:33 . 2010-12-05 17:33 -------- d-----r- C:\MSOCache
2010-11-24 11:16 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-24 11:16 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-23 19:18 . 2010-11-23 19:18 34120 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-11-18 19:02 . 2010-12-08 16:44 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2010-11-18 19:02 . 2010-12-08 16:44 234392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-08 16:44 . 2010-08-01 18:44 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-12-08 15:06 . 2010-07-31 10:08 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-10-19 09:41 . 2010-07-30 12:30 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-09-27 20:46 . 2010-09-27 20:46 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-09-27 20:46 . 2010-09-27 20:46 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-15_07.19.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2010-12-15 06:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2010-12-15 19:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2010-12-15 06:41 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-15 19:04 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-15 06:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-15 19:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-15 19:03 . 2010-12-15 19:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-15 06:40 . 2010-12-15 06:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-15 19:03 . 2010-12-15 19:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-15 06:40 . 2010-12-15 06:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2010-12-15 00:41 444564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2010-12-15 19:02 444564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-08-30 16:10 . 2010-12-07 07:19 6389548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-582365400-1332531107-906953223-1000-12288.dat
+ 2010-08-30 16:10 . 2010-12-15 19:02 6389548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-582365400-1332531107-906953223-1000-12288.dat
+ 2009-07-14 02:34 . 2010-12-15 08:24 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2010-12-14 13:41 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2010-07-30 12:41 . 2010-12-15 00:41 21113332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-582365400-1332531107-906953223-1000-8192.dat
+ 2010-07-30 12:41 . 2010-12-15 19:02 21113332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-582365400-1332531107-906953223-1000-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files (x86)\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\tbXfir.dll" [2010-06-13 2734688]
"{ce10bf86-da68-441e-91fa-38336363e3cd}"= "c:\program files (x86)\Movier-media\tbMovi.dll" [2010-03-09 2355224]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CLASSES_ROOT\clsid\{ce10bf86-da68-441e-91fa-38336363e3cd}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-06-13 17:10 2734688 ----a-w- c:\program files (x86)\XfireXO\tbXfir.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ce10bf86-da68-441e-91fa-38336363e3cd}]
2010-03-09 10:06 2355224 ----a-w- c:\program files (x86)\Movier-media\tbMovi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\tbXfir.dll" [2010-06-13 2734688]
"{ce10bf86-da68-441e-91fa-38336363e3cd}"= "c:\program files (x86)\Movier-media\tbMovi.dll" [2010-03-09 2355224]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CLASSES_ROOT\clsid\{ce10bf86-da68-441e-91fa-38336363e3cd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-17 1242448]
"Skype"="c:\program files (x86)\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"uTorrent"="c:\users\Petr\Desktop\utorrent.exe" [2010-10-14 328056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-10-01 111640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-07 136176]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-30 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-30 834544]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]

.
Obsah adresáře 'Naplánované úlohy'

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-07 17:23]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-07 17:23]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF12168.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-16 8114720]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: ????3??
IE: ????3??????
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: ????3?? - c:\users\Petr\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\Petr\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
WebBrowser-{CE10BF86-DA68-441E-91FA-38336363E3CD} - (no file)

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-582365400-1332531107-906953223-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="c:\\Users\\Petr\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-582365400-1332531107-906953223-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Users\\Petr\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_USERS\S-1-5-21-582365400-1332531107-906953223-1000\Software\SecuROM\License information*]
"datasecu"=hex:86,db,95,18,f9,03,48,41,fc,97,f2,25,1a,de,0c,cd,14,4f,fc,cd,1e,
9c,22,d4,b2,45,72,88,f6,a5,b3,90,11,bd,29,97,f7,ce,5a,14,ac,c9,ff,b7,aa,98,\
"rkeysecu"=hex:fa,f1,6a,d4,43,5c,8e,72,8a,6a,02,82,58,4c,bd,6d

[HKEY_USERS\S-1-5-21-582365400-1332531107-906953223-1000_Classes\Wow6432Node\CLSID\{18f22bbf-b0ec-4f4f-b297-a4808d4114e9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000f3
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,99,fb,1d,e9,47,3d,8f,19,74,76,95,e5,7e,99,\

[HKEY_USERS\S-1-5-21-582365400-1332531107-906953223-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):68,31,1a,04,94,8b,3d,7e,a5,6f,8b,c3,74,f5,68,61,9a,2c,4d,0b,95,
d9,9f,9f,b6,e9,69,41,8a,a2,3a,98,46,ad,81,01,50,25,f3,f0,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2010-12-15 20:06:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-15 19:06
ComboFix2.txt 2010-12-15 07:31
ComboFix3.txt 2010-12-15 07:20

Před spuštěním: Volných bajtů: 19 658 043 392
Po spuštění: Volných bajtů: 19 400 679 424

- - End Of File - - 8BD9D72A98D18525BE111F071D893424

#4 Příspěvek od **Rudy** » 15 pro 2010 21:13

PC je nyní po virové straánce čistý. Pokud nejste náhodou pod FUPem, zkuste ještě:

1. Restartovat modem, příp. další síť. prvek v datové cestě.
2. Provést reset TCP/IP protokolu: Startmenu - do příkazové řádky napište

netsh int ip reset

Stiskněte >Enter< a restartujte PC.
Nepomůže-li nic z výše uvedeného, kontaktujte providera.

Slim_ · #5 Příspěvek od **Slim_** » 16 pro 2010 15:41

Tak nic z tohohle nepomohlo, volal jsem poskytovateli a řekli mi že to vypadá jako bych permanentně něco stahoval, problém je že nic nestahuju. Neumím se to vysvětlit jinak, než že tam někde něco ještě mam.

#6 Příspěvek od **Rudy** » 16 pro 2010 20:07

OK. Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu