Virus Neshta.a kontrola logu

Zpráva

stanta · #1 Příspěvek od **stanta** » 14 bře 2011 10:38

Zdravím, mám problémy s Virus.Win32.Neshta.a. Byla by nějaká rada jak se ho zbavit. Zde je výpis z logu.

ComboFix 11-03-12.01 - Štanta 13.03.2011 20:07:58.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4092.2716 [GMT 1:00]
Spuštěný z: c:\users\Štanta\Desktop\abraka.com
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\GameSpy Arcade\UNWISE.EXE
c:\windows\directx.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-13 do 2011-03-13 )))))))))))))))))))))))))))))))
.
.
2011-03-13 19:13 . 2011-03-13 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-13 10:08 . 2010-07-01 20:34 109240 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
2011-03-13 10:08 . 2010-07-01 20:35 150200 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-03-13 10:06 . 2011-03-13 19:05 -------- d-----w- c:\programdata\Kaspersky Lab
2011-03-13 10:06 . 2011-03-13 10:06 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2011-03-13 10:04 . 2011-03-13 10:04 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-03-13 09:58 . 2011-03-13 09:58 -------- d-----w- c:\program files\CCleaner
2011-03-11 20:07 . 2011-03-11 20:07 -------- d-----w- c:\programdata\CentrumczToolbar
2011-03-11 20:07 . 2011-03-11 20:16 -------- d-----w- c:\program files (x86)\CentrumczToolbar
2011-03-11 16:55 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{290A89B7-A61D-4174-BFAE-E2AA435317BF}\mpengine.dll
2011-03-10 20:17 . 2011-03-13 11:55 -------- d-----w- c:\program files (x86)\7-Zip
2011-03-09 12:50 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 12:50 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 12:50 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 12:50 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-02-23 20:56 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 20:56 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-02-23 14:21 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 14:21 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 14:21 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-02-23 14:21 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-19 11:57 . 2011-02-19 11:57 -------- d-----w- C:\kav
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-13 17:45 . 2010-02-06 10:52 99384 ----a-w- c:\users\Štanta\AppData\Roaming\inst.exe
2011-03-13 17:45 . 2010-02-06 10:52 99384 ----a-w- c:\users\Štanta\AppData\Roaming\inst.exe
2011-03-11 17:15 . 2010-05-24 21:37 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-03-11 17:15 . 2010-05-24 21:37 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-02-02 16:11 . 2010-01-06 14:24 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-10 05:55 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-10 05:55 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-10 05:55 144384 ----a-w- c:\windows\system32\cdd.dll
2011-01-14 07:30 . 2010-03-14 10:16 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-01-10 18:03 . 2011-01-10 18:03 335288 ----a-w- c:\windows\system32\drivers\acedrv11.sys
2011-01-07 08:06 . 2011-02-10 05:54 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-10 05:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-10 05:54 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-10 05:54 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-10 06:03 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-10 06:03 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-10 05:55 3127808 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 06:16 . 2011-02-10 06:04 62976 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 06:16 . 2011-02-10 06:04 97280 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 06:16 . 2011-02-10 05:55 214016 ----a-w- c:\windows\system32\winsrv.dll
2010-12-21 06:16 . 2011-02-10 06:04 442880 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 06:16 . 2011-02-10 06:04 1197056 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 06:16 . 2011-02-10 06:04 258048 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 06:15 . 2011-02-10 06:04 264192 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 06:15 . 2011-02-10 06:04 15360 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 06:13 . 2011-02-10 06:04 2003968 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 06:13 . 2011-02-10 06:04 1880576 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 06:10 . 2011-02-10 06:04 100864 ----a-w- c:\windows\system32\davclnt.dll
2010-12-21 05:38 . 2011-02-10 06:04 51200 ----a-w- c:\windows\SysWow64\wscapi.dll
2010-12-21 05:38 . 2011-02-10 06:04 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2010-12-21 05:38 . 2011-02-10 06:04 350720 ----a-w- c:\windows\SysWow64\winhttp.dll
2010-12-21 05:38 . 2011-02-10 06:04 204800 ----a-w- c:\windows\SysWow64\WebClnt.dll
2010-12-21 05:38 . 2011-02-10 06:04 204288 ----a-w- c:\windows\SysWow64\upnp.dll
2010-12-21 05:38 . 2011-02-10 06:04 14336 ----a-w- c:\windows\SysWow64\slwga.dll
2010-12-21 05:36 . 2011-02-10 06:04 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2010-12-21 05:36 . 2011-02-10 06:04 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2010-12-21 05:34 . 2011-02-10 06:04 80384 ----a-w- c:\windows\SysWow64\davclnt.dll
2010-12-18 06:11 . 2011-02-10 06:25 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:11 . 2011-02-10 05:56 714752 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 05:29 . 2011-02-10 06:25 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-12-18 05:29 . 2011-02-10 05:56 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2010-12-18 04:55 . 2011-02-10 06:25 482816 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:20 . 2011-02-10 06:25 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-12-18 04:13 . 2011-02-10 06:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-18 03:47 . 2011-02-10 06:25 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"FlashGet 3"="c:\program files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe" [2009-12-22 2127408]
"NBCore"="c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2011-03-13 1598760]
"QIP Internet Guardian"="c:\users\Štanta\AppData\Roaming\QipGuard\QipGuard.exe" [2010-04-12 184272]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-03-13 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-13 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Nokia FastStart"="c:\program files (x86)\Nokia\Nokia Music\NokiaMusic.exe" [2011-03-13 2376992]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-03-13 417792]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2011-03-13 352976]
.
c:\users\ćtanta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\program files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 178688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-10 171520]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Download all by FlashGet3 - c:\users\Štanta\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Štanta\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Přidat do Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
Trusted Zone: kuaiche.com\software
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\progra~2\CENTRU~1\IEToolbar.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-FlashGet 3.3 - c:\program files (x86)\FlashGet Network\FlashGet 3\uninst.exe
AddRemove-FormatFactory - c:\program files (x86)\FreeTime\FormatFactory\uninst.exe
AddRemove-GameSpy Arcade - c:\progra~2\GAMESP~1\UNWISE.EXE
AddRemove-ProtectDisc Driver 11 - c:\program files (x86)\ProtectDisc Driver Installer\uninstall_v11.exe
AddRemove-Stanza - c:\program files (x86)\Stanza\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3849147831-994584589-3576205907-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f5,73,20,8f,57,39,07,2b,00,a2,8f,88,13,76,95,5d,f5,fb,fc,56,2e,77,41,
e7,a3,05,dc,4f,82,2e,09,71,f9,43,a7,7f,c5,d5,9b,5d,5b,0b,9e,4c,99,2e,96,17,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c
.
[HKEY_USERS\S-1-5-21-3849147831-994584589-3576205907-1000\Software\SecuROM\License information*]
"datasecu"=hex:ad,7f,8e,50,94,f3,b5,54,9a,64,9d,df,30,43,9b,5c,64,f3,cf,c7,1a,
14,4a,d1,7a,e9,af,fc,23,70,5a,96,27,57,56,93,6d,23,a8,40,dd,15,61,3b,04,e6,\
"rkeysecu"=hex:f2,57,1d,97,ba,ce,87,2e,b6,d7,b4,11,0f,09,ae,b1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-03-13 20:15:40
ComboFix-quarantined-files.txt 2011-03-13 19:15
.
Před spuštěním: Volných bajtů: 33 203 240 960
Po spuštění: Volných bajtů: 33 096 527 872
.
- - End Of File - - 774BC080B92C6203E553A0742C72069B

#2 Příspěvek od **Rudy** » 14 bře 2011 17:44

CF smazal 2 infikované položky. Zbytek logu vypadá OK. V kterém souboru by měl virus být?

stanta · #3 Příspěvek od **stanta** » 15 bře 2011 19:10

Díky moc za radu, zatím to vypadá v pohodě. Projel jsem pc rychloscanem a nic se nenašlo, zítra až budu mít čas tak necham projet pořádně celý pc.

#4 Příspěvek od **Rudy** » 15 bře 2011 19:22

OK, nemáte zač!

stanta · #5 Příspěvek od **stanta** » 16 bře 2011 21:02

Tak to vypadá ok, mockrát děkuju za pomoc.

#6 Příspěvek od **Rudy** » 16 bře 2011 21:20

Rádo se stalo!

VIRY.CZ

Virus Neshta.a kontrola logu

Virus Neshta.a kontrola logu

Re: Virus Neshta.a kontrola logu

Re: Virus Neshta.a kontrola logu

Re: Virus Neshta.a kontrola logu

Re: Virus Neshta.a kontrola logu

Re: Virus Neshta.a kontrola logu