Nefunkční Centrum zabezpečení Win7 32bit

Zpráva

Bizzaro · #1 Příspěvek od **Bizzaro** » 30 dub 2011 11:03

Zdravím, mám problém s Centrem zabezpečení Windows.
Stahoval jsem si program, když mi začaly vyskakovat okna v IE8, který nepoužívám a Centrum Akcí mi začalo hlásit, že mám vypnuté Centrum zabezpečení, i když bych přísahal, že ho mám zapnuté neustále a nikdy ho nevypínám. Když jsem počítač projel NODem, našel tři soubory, které ale s tímhle neměly nic společného. Prosím pomozte mi.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Flame at 2011-04-30 11:53:15
Microsoft Windows 7 Ultimate
System drive C: has 274 GB (90%) free of 305 GB
Total RAM: 1979 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:53:52, on 30.4.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Webteh\BSplayer\bsplayer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Flame\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flame\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flame\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Flame\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flame\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flame\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flame\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flame\Downloads\RSIT.exe
C:\Program Files\trend micro\Flame.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Flame\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\RunOnce: [5f5de7b] wscript /B C:\Windows\TEMP\5f5de7b.vbs
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Flame\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GHWAUC6NNZ] C:\Users\Flame\AppData\Local\Temp\Tdv.exe
O4 - HKCU\..\Run: [UserHost] C:\Users\Flame\AppData\Roaming\svchost.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Aktualizovat ESET licenci.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe

--
End of file - 9281 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1126576445-3012744228-152360302-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1126576445-3012744228-152360302-1001UA.job
C:\Windows\tasks\Yxgdtix.job
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\Flame\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll [2010-12-13 48512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-27 1721640]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-11-18 2219184]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-10 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-10 174104]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-10 151064]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2010-03-23 495708]
"DivX Download Manager"=C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe [2010-12-08 63360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"5f5de7b"=wscript /B C:\Windows\TEMP\5f5de7b.vbs []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-04-30 399736]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-12-21 1483264]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"Google Update"=C:\Users\Flame\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07 136176]
"GHWAUC6NNZ"=C:\Users\Flame\AppData\Local\Temp\Tdv.exe [2011-04-30 171520]
"UserHost"=C:\Users\Flame\AppData\Roaming\svchost.exe [2011-04-30 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe [2011-01-07 233936]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Aktualizovat ESET licenci.lnk - C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-08-27 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-04-30 11:53:16 ----D---- C:\Program Files\trend micro
2011-04-30 11:53:15 ----D---- C:\rsit
2011-04-30 10:44:42 ----A---- C:\Users\Flame\AppData\Roaming\svchost.exe
2011-04-30 10:44:14 ----A---- C:\Windows\Tgovaa.exe
2011-04-30 10:44:06 ----RASH---- C:\Windows\system32\C_21027L.dll
2011-04-27 18:26:32 ----D---- C:\Windows\Minidump
2011-04-26 21:57:55 ----D---- C:\Program Files\Valve
2011-04-26 11:44:18 ----D---- C:\Users\Flame\AppData\Roaming\Telefónica Móviles
2011-04-26 11:42:40 ----A---- C:\Windows\system32\drivers\ewusbnet.sys
2011-04-26 11:42:40 ----A---- C:\Windows\system32\drivers\ewusbmdm.sys
2011-04-26 11:42:40 ----A---- C:\Windows\system32\drivers\ewusbdev.sys
2011-04-26 11:42:40 ----A---- C:\Windows\system32\drivers\ewdcsc.sys
2011-04-26 11:42:21 ----D---- C:\Program Files\O2
2011-04-20 15:02:57 ----A---- C:\Windows\system32\TURegOpt.exe
2011-04-20 15:02:51 ----A---- C:\Windows\system32\uxtuneup.dll
2011-04-20 15:02:51 ----A---- C:\Windows\system32\authuitu.dll
2011-04-20 15:02:26 ----D---- C:\Users\Flame\AppData\Roaming\TuneUp Software
2011-04-20 15:02:09 ----D---- C:\Program Files\TuneUp Utilities 2011
2011-04-20 15:01:46 ----D---- C:\ProgramData\TuneUp Software
2011-04-20 15:01:36 ----SHD---- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-20 11:22:38 ----D---- C:\Program Files\ComicRack
2011-04-19 20:45:07 ----D---- C:\Program Files\CyberLink
2011-04-15 00:49:10 ----D---- C:\Program Files\DAEMON Tools Lite
2011-04-14 23:57:58 ----A---- C:\Windows\system32\atmlib.dll
2011-04-14 23:57:58 ----A---- C:\Windows\system32\atmfd.dll
2011-04-14 23:57:55 ----A---- C:\Windows\system32\dnsapi.dll
2011-04-14 23:57:54 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-04-14 23:57:54 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-04-14 23:57:41 ----A---- C:\Windows\system32\mshtml.dll
2011-04-14 23:57:38 ----A---- C:\Windows\system32\ieframe.dll
2011-04-14 23:57:35 ----A---- C:\Windows\system32\urlmon.dll
2011-04-14 23:57:29 ----A---- C:\Windows\system32\wininet.dll
2011-04-14 23:57:29 ----A---- C:\Windows\system32\iedkcs32.dll
2011-04-14 23:57:28 ----A---- C:\Windows\system32\mstime.dll
2011-04-14 23:57:28 ----A---- C:\Windows\system32\msfeeds.dll
2011-04-14 23:57:28 ----A---- C:\Windows\system32\ieui.dll
2011-04-14 23:57:27 ----A---- C:\Windows\system32\mshtmled.dll
2011-04-14 23:57:27 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-04-14 23:57:27 ----A---- C:\Windows\system32\iertutil.dll
2011-04-14 23:57:27 ----A---- C:\Windows\system32\iepeers.dll
2011-04-14 23:57:26 ----A---- C:\Windows\system32\msfeedssync.exe
2011-04-14 23:57:26 ----A---- C:\Windows\system32\licmgr10.dll
2011-04-14 23:57:26 ----A---- C:\Windows\system32\jsproxy.dll
2011-04-14 23:57:21 ----A---- C:\Windows\system32\win32k.sys
2011-04-14 23:57:19 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-04-14 23:57:17 ----A---- C:\Windows\system32\inetcomm.dll
2011-04-14 23:57:15 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-04-14 23:57:15 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-04-14 23:57:15 ----A---- C:\Windows\system32\drivers\srv.sys
2011-04-14 23:57:11 ----A---- C:\Windows\system32\jscript.dll
2011-04-14 23:57:10 ----A---- C:\Windows\system32\vbscript.dll
2011-04-14 23:57:07 ----A---- C:\Windows\system32\EncDec.dll
2011-04-14 23:57:07 ----A---- C:\Windows\system32\CPFilters.dll
2011-04-14 23:57:06 ----A---- C:\Windows\system32\sbe.dll
2011-04-14 23:57:02 ----A---- C:\Windows\system32\mstscax.dll
2011-04-14 23:57:02 ----A---- C:\Windows\system32\mstsc.exe
2011-04-14 23:56:28 ----D---- C:\Program Files\Common Files\Java
2011-04-14 23:56:06 ----A---- C:\Windows\system32\javaws.exe
2011-04-14 23:56:06 ----A---- C:\Windows\system32\javaw.exe
2011-04-14 23:56:06 ----A---- C:\Windows\system32\java.exe
2011-04-14 23:55:56 ----A---- C:\Windows\system32\mfc42.dll
2011-04-14 23:55:55 ----A---- C:\Windows\system32\mfc42u.dll
2011-04-14 23:52:53 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-04-14 23:52:53 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-04-14 23:52:53 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-04-14 23:52:53 ----A---- C:\Windows\system32\drivers\bowser.sys

======List of files/folders modified in the last 1 months======

2011-04-30 11:53:30 ----D---- C:\Windows\Temp
2011-04-30 11:53:16 ----RD---- C:\Program Files
2011-04-30 11:51:01 ----D---- C:\Users\Flame\AppData\Roaming\uTorrent
2011-04-30 11:43:53 ----D---- C:\Windows\system32\config
2011-04-30 11:40:23 ----D---- C:\Windows
2011-04-30 11:26:53 ----D---- C:\Windows\Prefetch
2011-04-30 11:21:02 ----D---- C:\Windows\Tasks
2011-04-30 11:16:30 ----D---- C:\Windows\system32\Tasks
2011-04-30 10:44:06 ----D---- C:\Windows\System32
2011-04-29 07:24:01 ----D---- C:\Windows\inf
2011-04-29 07:24:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-29 01:35:34 ----SHD---- C:\System Volume Information
2011-04-27 21:32:47 ----D---- C:\Users\Flame\AppData\Roaming\Skype
2011-04-27 20:30:06 ----D---- C:\Users\Flame\AppData\Roaming\skypePM
2011-04-27 13:58:29 ----D---- C:\Program Files\Microsoft Games
2011-04-27 10:39:12 ----SD---- C:\Users\Flame\AppData\Roaming\Microsoft
2011-04-27 09:50:58 ----D---- C:\Windows\system32\wdi
2011-04-26 21:20:26 ----HD---- C:\Program Files\InstallShield Installation Information
2011-04-26 11:44:38 ----D---- C:\Windows\ModemLogs
2011-04-26 11:42:40 ----D---- C:\Windows\system32\drivers
2011-04-26 11:42:39 ----D---- C:\Windows\system32\DriverStore
2011-04-26 11:42:39 ----D---- C:\Windows\system32\catroot
2011-04-23 17:36:18 ----D---- C:\Program Files\LucasArts
2011-04-22 07:48:59 ----SHD---- C:\Windows\Installer
2011-04-22 06:45:29 ----D---- C:\Program Files\Microsoft Silverlight
2011-04-22 06:45:25 ----D---- C:\Program Files\Google
2011-04-20 15:01:46 ----HD---- C:\ProgramData
2011-04-20 11:46:40 ----D---- C:\STUDIJNÍ MATERIÁLY
2011-04-20 11:23:31 ----RSD---- C:\Windows\assembly
2011-04-19 19:02:54 ----D---- C:\Windows\SoftwareDistribution
2011-04-19 18:55:54 ----D---- C:\ProgramData\Google
2011-04-18 15:46:44 ----A---- C:\Windows\system32\MRT.exe
2011-04-15 07:26:40 ----D---- C:\Windows\Microsoft.NET
2011-04-15 00:44:34 ----D---- C:\Windows\winsxs
2011-04-15 00:42:48 ----D---- C:\Windows\system32\migration
2011-04-15 00:42:48 ----D---- C:\Program Files\Internet Explorer
2011-04-15 00:10:46 ----D---- C:\Windows\system32\catroot2
2011-04-15 00:10:33 ----D---- C:\ProgramData\Microsoft Help
2011-04-15 00:07:57 ----D---- C:\Windows\debug
2011-04-14 23:56:28 ----D---- C:\Program Files\Common Files
2011-04-14 23:55:56 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-01-08 431672]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-22 1172992]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-08-02 29168]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-08-27 5946368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2010-03-23 423424]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-27 245936]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 anaa3azx;anaa3azx; C:\Windows\system32\drivers\anaa3azx.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102912]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2010-07-30 18048]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2010-07-30 23040]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-07-30 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-07-30 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-02 81920]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-11-18 810144]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [2010-03-23 229458]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-07 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-11-18 33584]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-07 136176]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-08 1343400]

-----------------EOF-----------------

#2 Příspěvek od **stell** » 30 dub 2011 12:20

Stiahnes>>OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>>log po restarte vloz sem

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\Users\Flame\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
C:\Users\Flame\AppData\Local\Temp\Tdv.exe 
C:\Users\Flame\AppData\Roaming\svchost.exe
C:\Windows\Tgovaa.exe
C:\Windows\TEMP\5f5de7b.vbs
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GHWAUC6NNZ"=-
"UserHost"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"5f5de7b"=-

:Commands 
[CreateRestorePoint] 
[emptytemp] 
[start explorer]
[Reboot]

Bizzaro · #3 Příspěvek od **Bizzaro** » 30 dub 2011 12:32

Udělal jsem všechno podle návodu a tady je log:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Users\Flame\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll moved successfully.
C:\Users\Flame\AppData\Local\Temp\Tdv.exe moved successfully.
C:\Users\Flame\AppData\Roaming\svchost.exe moved successfully.
C:\Windows\Tgovaa.exe moved successfully.
C:\Windows\TEMP\5f5de7b.vbs moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GHWAUC6NNZ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\UserHost deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\5f5de7b deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Flame
->Temp folder emptied: 2004764 bytes
->Temporary Internet Files folder emptied: 10971224 bytes
->Java cache emptied: 433686 bytes
->Google Chrome cache emptied: 347861365 bytes
->Flash cache emptied: 24493 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12281494 bytes
RecycleBin emptied: 795762888 bytes

Total Files Cleaned = 1 115,00 mb

OTM by OldTimer - Version 3.1.17.2 log created on 04302011_132308

#4 Příspěvek od **stell** » 30 dub 2011 12:36

Otestuj na
www.virustotal.com
C:\Windows\system32\C_21027L.dll
link z testu vloz sem

Bizzaro · #5 Příspěvek od **Bizzaro** » 30 dub 2011 13:43

Když jsem se to pokusil poslat jako soubor, tak to nešlo, jelikož k tomu prý nemám oprávnění (což je divný, protože jsem správce PC a žádný jiný profil neexistuje) a když jsem to tam dal načíst jako URL, tak se to testuje už víc než hodinu, jen se chci zeptat, jestli to tak má být, nebo jestli je něco špatně..

#6 Příspěvek od **stell** » 30 dub 2011 13:47

Vykasli sa na to, pravdepodobne je to smejd,potom to zmazeme.
Stiahnes>>mbam-setup
Nainstalovat, aktualizovat, a spustit skan.
SpravitUplny sken, co najde daj zmazat,
Log vloz sem.
Podrobny Navod:
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

Bizzaro · #7 Příspěvek od **Bizzaro** » 30 dub 2011 14:45

Anti Malware log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6478

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30.4.2011 15:44:45
mbam-log-2011-04-30 (15-44-45).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 236731
Uplynulý čas: 34 minut, 44 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 5

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\GHWAUC6NNZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Qoobox\quarantine\C\program files\ESET\minodlogin\minodlogin.exe.vir (Riskware.KG) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\ESET\minodlogin\minodloginuninst.exe.vir (Riskware.KG) -> Quarantined and deleted successfully.
c:\_OTM\movedfiles\04302011_132308\C_Users\Flame\AppData\Local\Temp\Tdv.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\_OTM\movedfiles\04302011_132308\C_Users\Flame\AppData\Roaming\svchost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\_OTM\movedfiles\04302011_132308\c_windows\Tgovaa.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.

Bizzaro · #8 Příspěvek od **Bizzaro** » 30 dub 2011 14:46

ComboFix log:

ComboFix 11-04-29.03 - Flame 30.04.2011 14:54:41.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.1979.1059 [GMT 2:00]
Spuštěný z: c:\users\Flame\Downloads\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ESET\MiNODLogin
c:\program files\ESET\MiNODLogin\MiNODLogin.exe
c:\program files\ESET\MiNODLogin\MiNODLogin.jar
c:\program files\ESET\MiNODLogin\MiNODLoginLib.dll
c:\program files\ESET\MiNODLogin\MiNODLoginUninst.exe
c:\program files\ESET\MiNODLogin\servidores.xml
c:\users\Flame\AppData\Roaming\Local
c:\users\Flame\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Flame\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Flame\AppData\Roaming\Local\Temp\DDM\Settings\160028.avi.ddr
c:\users\Flame\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Flame\AppData\Roaming\Local\Temp\DDM\Settings\267975.avi.ddr
c:\users\Flame\AppData\Roaming\Local\Temp\DDM\Settings\268097.avi.ddr
c:\users\Flame\AppData\Roaming\Local\Temp\DDM\Settings\53839.avi.ddr
c:\users\Flame\AppData\Roaming\Local\Temp\DDM\Settings\87802.avi.ddr
c:\users\Flame\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Flame\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\160028.avi
c:\users\Flame\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\267975.avi.ddp
c:\users\Flame\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\268097.avi.ddp
c:\users\Flame\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\53839.avi
c:\users\Flame\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\87802.avi
c:\windows\system32\NSREG.DLL
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-28 do 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-30 13:04 . 2011-04-30 13:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-30 12:50 . 2011-04-30 12:50 -------- d-----w- c:\users\Flame\AppData\Roaming\Malwarebytes
2011-04-30 12:49 . 2011-04-30 12:49 -------- d-----w- c:\programdata\Malwarebytes
2011-04-30 12:49 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-30 12:49 . 2011-04-30 12:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-30 12:49 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-30 11:23 . 2011-04-30 11:23 -------- d-----w- C:\_OTM
2011-04-30 09:53 . 2011-04-30 09:53 -------- d-----w- c:\program files\trend micro
2011-04-30 09:53 . 2011-04-30 09:53 -------- d-----w- C:\rsit
2011-04-30 09:27 . 2011-04-30 09:27 -------- d-----w- c:\users\Flame\AppData\Local\ElevatedDiagnostics
2011-04-30 08:44 . 2011-04-30 08:44 135168 --sha-r- c:\windows\system32\C_21027L.dll
2011-04-27 06:40 . 2002-10-22 18:14 954368 ----a-w- c:\program files\Microsoft Games\Bombič\Bombic.exe
2011-04-27 06:40 . 2002-10-22 17:21 3334144 ----a-w- c:\program files\Microsoft Games\Bombič\data\gfx.dll
2011-04-27 06:40 . 2002-10-21 07:23 581632 ----a-w- c:\program files\Microsoft Games\Bombič\BLE.exe
2011-04-27 06:39 . 2009-11-05 21:06 22445318 ----a-w- c:\program files\Microsoft Games\Bulanci\bulanci.exe
2011-04-26 19:57 . 2011-04-26 20:01 -------- d-----w- c:\program files\Valve
2011-04-26 19:17 . 2003-09-03 00:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-04-26 19:17 . 2003-09-03 00:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-04-26 19:17 . 2003-09-03 00:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-04-26 19:17 . 2003-09-03 00:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-04-26 19:17 . 2003-09-03 00:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-04-26 19:17 . 2011-04-26 19:17 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-04-26 19:17 . 2011-04-26 19:17 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-04-26 09:44 . 2011-04-26 09:44 -------- d-----w- c:\users\Flame\AppData\Roaming\Telefónica Móviles
2011-04-26 09:42 . 2009-12-15 12:05 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-04-26 09:42 . 2009-12-15 12:05 198656 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-04-26 09:42 . 2009-12-15 12:05 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-04-26 09:42 . 2009-12-15 12:05 101120 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2011-04-26 09:42 . 2011-04-26 09:42 -------- d-----w- c:\program files\O2
2011-04-21 19:53 . 2003-09-03 00:23 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-04-21 19:53 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-04-21 19:53 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-04-21 19:53 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-04-21 19:53 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-04-21 19:53 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-04-21 19:53 . 2011-04-21 19:53 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-04-21 19:53 . 2011-04-21 19:53 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-04-20 13:02 . 2011-03-30 17:02 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-04-20 13:02 . 2011-03-30 16:57 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-04-20 13:02 . 2011-03-30 16:57 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-04-20 13:02 . 2011-04-20 13:02 -------- d-----w- c:\users\Flame\AppData\Roaming\TuneUp Software
2011-04-20 13:02 . 2011-04-22 05:48 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-04-20 13:01 . 2011-04-20 13:04 -------- d-----w- c:\programdata\TuneUp Software
2011-04-20 13:01 . 2011-04-20 13:01 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-20 09:22 . 2011-04-20 09:23 -------- d-----w- c:\program files\ComicRack
2011-04-19 18:45 . 2011-04-19 18:46 -------- d-----w- c:\program files\CyberLink
2011-04-19 13:48 . 2011-04-18 07:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D1B6030-C052-41A8-9A4B-45305F16BD0A}\mpengine.dll
2011-04-14 22:49 . 2011-04-14 22:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-04-14 21:56 . 2011-04-14 21:56 -------- d-----w- c:\program files\Common Files\Java
2011-04-14 21:55 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 21:55 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 21:52 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 21:52 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 21:52 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 21:52 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 22:45 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-03 05:45 . 2011-02-09 23:18 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 19:40 . 2011-01-24 15:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
------- Sigcheck -------
.
[-] 2011-01-08 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-30 399736]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-18 2219184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-10 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-10 151064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Flame\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 136176]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-08 1343400]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-02 81920]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-11-18 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-08-02 29168]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 19:01]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 19:01]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1126576445-3012744228-152360302-1001Core.job
- c:\users\Flame\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07 19:01]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1126576445-3012744228-152360302-1001UA.job
- c:\users\Flame\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07 19:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-MiNODLogin - c:\program files\ESET\MiNODLogin\MiNODLoginUninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2672)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\taskhost.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\CyberLink\YouCam\YCMMirage.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2011-04-30 15:08:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-30 13:08
.
Před spuštěním: Volných bajtů: 290 234 748 928
Po spuštění: Volných bajtů: 290 135 142 400
.
- - End Of File - - FECA5C56F77F1E4DD55316AF2DC65230

#9 Příspěvek od **stell** » 30 dub 2011 15:14

Odinstaluj, Nelegalny ESET.
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
File::
c:\windows\system32\C_21027L.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Aktualizovat ESET licenci.lnk
c:\program files\ESET\MiNODLogin\MiNODLogin.exe
FCOPY::
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll | c:\windows\System32\user32.dll
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

Nainstaluj FREE AVAST,

Bizzaro · #10 Příspěvek od **Bizzaro** » 30 dub 2011 15:43

Ačkoliv jsem rezidentní ochrany vypnul a ESET odinstaloval, ComboFix mi přesto napsal, ať to vypnu, ale počítač hlásí že je všechno vypnuté

ComboFix 11-04-29.03 - Flame 30.04.2011 16:32:19.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.1979.1296 [GMT 2:00]
Spuštěný z: c:\users\Flame\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Flame\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\program files\ESET\MiNODLogin\MiNODLogin.exe"
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Aktualizovat ESET licenci.lnk"
"c:\windows\system32\C_21027L.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Aktualizovat ESET licenci.lnk
c:\windows\system32\C_21027L.dll
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll --> c:\windows\System32\user32.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-28 do 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-30 14:37 . 2011-04-30 14:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-30 12:50 . 2011-04-30 12:50 -------- d-----w- c:\users\Flame\AppData\Roaming\Malwarebytes
2011-04-30 12:49 . 2011-04-30 12:49 -------- d-----w- c:\programdata\Malwarebytes
2011-04-30 12:49 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-30 12:49 . 2011-04-30 12:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-30 12:49 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-30 11:23 . 2011-04-30 11:23 -------- d-----w- C:\_OTM
2011-04-30 09:53 . 2011-04-30 09:53 -------- d-----w- c:\program files\trend micro
2011-04-30 09:53 . 2011-04-30 09:53 -------- d-----w- C:\rsit
2011-04-30 09:27 . 2011-04-30 09:27 -------- d-----w- c:\users\Flame\AppData\Local\ElevatedDiagnostics
2011-04-27 06:40 . 2002-10-22 18:14 954368 ----a-w- c:\program files\Microsoft Games\Bombič\Bombic.exe
2011-04-27 06:40 . 2002-10-22 17:21 3334144 ----a-w- c:\program files\Microsoft Games\Bombič\data\gfx.dll
2011-04-27 06:40 . 2002-10-21 07:23 581632 ----a-w- c:\program files\Microsoft Games\Bombič\BLE.exe
2011-04-27 06:39 . 2009-11-05 21:06 22445318 ----a-w- c:\program files\Microsoft Games\Bulanci\bulanci.exe
2011-04-26 19:57 . 2011-04-26 20:01 -------- d-----w- c:\program files\Valve
2011-04-26 19:17 . 2003-09-03 00:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-04-26 19:17 . 2003-09-03 00:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-04-26 19:17 . 2003-09-03 00:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-04-26 19:17 . 2003-09-03 00:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-04-26 19:17 . 2003-09-03 00:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-04-26 19:17 . 2011-04-26 19:17 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-04-26 19:17 . 2011-04-26 19:17 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-04-26 09:44 . 2011-04-26 09:44 -------- d-----w- c:\users\Flame\AppData\Roaming\Telefónica Móviles
2011-04-26 09:42 . 2009-12-15 12:05 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-04-26 09:42 . 2009-12-15 12:05 198656 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-04-26 09:42 . 2009-12-15 12:05 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-04-26 09:42 . 2009-12-15 12:05 101120 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2011-04-26 09:42 . 2011-04-26 09:42 -------- d-----w- c:\program files\O2
2011-04-21 19:53 . 2003-09-03 00:23 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-04-21 19:53 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-04-21 19:53 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-04-21 19:53 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-04-21 19:53 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-04-21 19:53 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-04-21 19:53 . 2011-04-21 19:53 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-04-21 19:53 . 2011-04-21 19:53 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-04-20 13:02 . 2011-03-30 17:02 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-04-20 13:02 . 2011-03-30 16:57 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-04-20 13:02 . 2011-03-30 16:57 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-04-20 13:02 . 2011-04-20 13:02 -------- d-----w- c:\users\Flame\AppData\Roaming\TuneUp Software
2011-04-20 13:02 . 2011-04-22 05:48 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-04-20 13:01 . 2011-04-20 13:04 -------- d-----w- c:\programdata\TuneUp Software
2011-04-20 13:01 . 2011-04-20 13:01 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-20 09:22 . 2011-04-20 09:23 -------- d-----w- c:\program files\ComicRack
2011-04-19 18:45 . 2011-04-19 18:46 -------- d-----w- c:\program files\CyberLink
2011-04-19 13:48 . 2011-04-18 07:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D1B6030-C052-41A8-9A4B-45305F16BD0A}\mpengine.dll
2011-04-14 22:49 . 2011-04-14 22:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-04-14 21:56 . 2011-04-14 21:56 -------- d-----w- c:\program files\Common Files\Java
2011-04-14 21:55 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 21:55 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 21:52 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 21:52 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 21:52 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 21:52 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 22:45 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-03 05:45 . 2011-02-09 23:18 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 19:40 . 2011-01-24 15:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-30 399736]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-10 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-10 151064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Flame\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 136176]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-08 1343400]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-02 81920]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-08-02 29168]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 19:01]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 19:01]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1126576445-3012744228-152360302-1001Core.job
- c:\users\Flame\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07 19:01]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1126576445-3012744228-152360302-1001UA.job
- c:\users\Flame\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07 19:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(436)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\program files\CyberLink\YouCam\YCMMirage.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2011-04-30 16:41:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-30 14:41
ComboFix2.txt 2011-04-30 13:08
.
Před spuštěním: Volných bajtů: 289 955 901 440
Po spuštění: Volných bajtů: 290 124 836 864
.
- - End Of File - - F8B0D134A46F11A2EA1C895EFB552759

#11 Příspěvek od **stell** » 30 dub 2011 15:51

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
SecCenter::
{77DEAFED-8149-104B-25A1-21771CA47CD1}
{4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
{CCBF4E09-A773-1FC5-1F11-1A056723366C}

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

Precisti pc CCleanerom:

Premenuj ikonu combofixu na uninstall
a spust>.combofix sa odinstaluje/

Nainstaluj Free AVAST a napis ako sa chova pc.

Bizzaro · #12 Příspěvek od **Bizzaro** » 30 dub 2011 16:11

ComboFix 11-04-29.04 - Flame 30.04.2011 16:58:13.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.1979.1218 [GMT 2:00]
Spuštěný z: c:\users\Flame\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Flame\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-28 do 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-30 15:03 . 2011-04-30 15:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-30 14:47 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-30 14:47 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-30 14:47 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-30 14:47 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-30 14:47 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-30 14:47 . 2011-04-18 17:13 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-30 14:47 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-04-30 14:47 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-30 14:47 . 2011-04-30 14:47 -------- d-----w- c:\programdata\AVAST Software
2011-04-30 14:47 . 2011-04-30 14:47 -------- d-----w- c:\program files\AVAST Software
2011-04-30 12:50 . 2011-04-30 12:50 -------- d-----w- c:\users\Flame\AppData\Roaming\Malwarebytes
2011-04-30 12:49 . 2011-04-30 12:49 -------- d-----w- c:\programdata\Malwarebytes
2011-04-30 12:49 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-30 12:49 . 2011-04-30 12:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-30 12:49 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-30 11:23 . 2011-04-30 11:23 -------- d-----w- C:\_OTM
2011-04-30 09:53 . 2011-04-30 09:53 -------- d-----w- c:\program files\trend micro
2011-04-30 09:53 . 2011-04-30 09:53 -------- d-----w- C:\rsit
2011-04-30 09:27 . 2011-04-30 09:27 -------- d-----w- c:\users\Flame\AppData\Local\ElevatedDiagnostics
2011-04-27 06:40 . 2002-10-22 18:14 954368 ----a-w- c:\program files\Microsoft Games\Bombič\Bombic.exe
2011-04-27 06:40 . 2002-10-22 17:21 3334144 ----a-w- c:\program files\Microsoft Games\Bombič\data\gfx.dll
2011-04-27 06:40 . 2002-10-21 07:23 581632 ----a-w- c:\program files\Microsoft Games\Bombič\BLE.exe
2011-04-27 06:39 . 2009-11-05 21:06 22445318 ----a-w- c:\program files\Microsoft Games\Bulanci\bulanci.exe
2011-04-26 19:57 . 2011-04-26 20:01 -------- d-----w- c:\program files\Valve
2011-04-26 19:17 . 2003-09-03 00:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-04-26 19:17 . 2003-09-03 00:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-04-26 19:17 . 2003-09-03 00:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-04-26 19:17 . 2003-09-03 00:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-04-26 19:17 . 2003-09-03 00:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-04-26 19:17 . 2011-04-26 19:17 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-04-26 19:17 . 2011-04-26 19:17 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-04-26 09:44 . 2011-04-26 09:44 -------- d-----w- c:\users\Flame\AppData\Roaming\Telefónica Móviles
2011-04-26 09:42 . 2009-12-15 12:05 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-04-26 09:42 . 2009-12-15 12:05 198656 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-04-26 09:42 . 2009-12-15 12:05 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-04-26 09:42 . 2009-12-15 12:05 101120 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2011-04-26 09:42 . 2011-04-26 09:42 -------- d-----w- c:\program files\O2
2011-04-21 19:53 . 2003-09-03 00:23 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-04-21 19:53 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-04-21 19:53 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-04-21 19:53 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-04-21 19:53 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-04-21 19:53 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-04-21 19:53 . 2011-04-21 19:53 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-04-21 19:53 . 2011-04-21 19:53 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-04-20 13:02 . 2011-03-30 17:02 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-04-20 13:02 . 2011-03-30 16:57 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-04-20 13:02 . 2011-03-30 16:57 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-04-20 13:02 . 2011-04-20 13:02 -------- d-----w- c:\users\Flame\AppData\Roaming\TuneUp Software
2011-04-20 13:02 . 2011-04-22 05:48 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-04-20 13:01 . 2011-04-20 13:04 -------- d-----w- c:\programdata\TuneUp Software
2011-04-20 13:01 . 2011-04-20 13:01 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-20 09:22 . 2011-04-20 09:23 -------- d-----w- c:\program files\ComicRack
2011-04-19 18:45 . 2011-04-19 18:46 -------- d-----w- c:\program files\CyberLink
2011-04-19 13:48 . 2011-04-18 07:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D1B6030-C052-41A8-9A4B-45305F16BD0A}\mpengine.dll
2011-04-14 22:49 . 2011-04-14 22:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-04-14 21:56 . 2011-04-14 21:56 -------- d-----w- c:\program files\Common Files\Java
2011-04-14 21:55 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 21:55 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 21:52 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 21:52 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 21:52 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 21:52 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-30 15:07 . 2011-04-30 15:07 0 ---ha-w- c:\users\Flame\AppData\Local\BITDAE3.tmp
2011-04-14 22:45 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-03 05:45 . 2011-02-09 23:18 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 19:40 . 2011-01-24 15:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-30 399736]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-10 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-10 151064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Flame\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 136176]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-08 1343400]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-02 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-08-02 29168]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 19:01]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 19:01]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1126576445-3012744228-152360302-1001Core.job
- c:\users\Flame\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07 19:01]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1126576445-3012744228-152360302-1001UA.job
- c:\users\Flame\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07 19:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3624)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\program files\CyberLink\YouCam\YCMMirage.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2011-04-30 17:10:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-30 15:10
ComboFix2.txt 2011-04-30 14:41
ComboFix3.txt 2011-04-30 13:08
.
Před spuštěním: Volných bajtů: 289 666 232 320
Po spuštění: Volných bajtů: 289 632 063 488
.
- - End Of File - - 7CD1F0CBC760F10DCD7CE7AB03D535F7

#13 Příspěvek od **stell** » 30 dub 2011 16:19

Precisti pc CCleanerom:

Premenuj ikonu combofixu na uninstall
a spust>.combofix sa odinstaluje/
a ked uz nemas problem s pc ,to je vsetko

Bizzaro · #14 Příspěvek od **Bizzaro** » 30 dub 2011 16:32

PC funguje skvěle, moc Ti děkuju

#15 Příspěvek od **stell** » 01 kvě 2011 07:52

Nemas zaco.

VIRY.CZ

Nefunkční Centrum zabezpečení Win7 32bit

Nefunkční Centrum zabezpečení Win7 32bit

Re: Nefunkční Centrum zabezpečení Win7 32bit

Re: Nefunkční Centrum zabezpečení Win7 32bit

Re: Nefunkční Centrum zabezpečení Win7 32bit

Re: Nefunkční Centrum zabezpečení Win7 32bit

Re: Nefunkční Centrum zabezpečení Win7 32bit

Re: Nefunkční Centrum zabezpečení Win7 32bit

Re: Nefunkční Centrum zabezpečení Win7 32bit

Re: Nefunkční Centrum zabezpečení Win7 32bit

Re: Nefunkční Centrum zabezpečení Win7 32bit

Re: Nefunkční Centrum zabezpečení Win7 32bit

Re: Nefunkční Centrum zabezpečení Win7 32bit

Re: Nefunkční Centrum zabezpečení Win7 32bit

Re: Nefunkční Centrum zabezpečení Win7 32bit

Re: Nefunkční Centrum zabezpečení Win7 32bit