VIRY.CZ

předem moc děkuji

ComboFix 11-07-25.02 - lubos 25.07.2011 22:14:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3066.1389 [GMT 2:00]
Spuštěný z: c:\users\lubos\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\lubos\AppData\Roaming\inst.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-25 do 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 20:28 . 2011-07-25 20:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-23 13:19 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D090055-9207-47DD-BBBF-6AF0FC21D888}\mpengine.dll
2011-07-21 12:25 . 2011-07-21 12:25 -------- d-----w- c:\programdata\WindowsSearch
2011-07-21 11:37 . 2011-07-23 23:07 -------- d-----w- c:\users\lubos\AppData\Local\Minibar
2011-07-21 11:34 . 2011-07-21 11:34 -------- d-----w- c:\program files\b4ficons
2011-07-21 11:34 . 2011-07-23 19:09 -------- d-----w- c:\program files\Burn4Free
2011-07-21 09:51 . 2011-07-21 09:51 -------- d-----w- c:\program files\MyAshampoo
2011-07-21 09:50 . 2011-07-21 09:50 -------- d-----w- c:\program files\Ashampoo
2011-07-20 10:36 . 2011-07-25 20:05 -------- d-----w- c:\program files\Zrychleni Pocitace
2011-07-20 10:36 . 2011-07-21 09:04 -------- d-----w- c:\users\lubos\AppData\Roaming\Broad Intelligence
2011-07-20 10:36 . 2011-07-20 11:43 -------- d-----w- c:\users\lubos\AppData\Local\OpenCandy
2011-07-20 10:36 . 2011-07-20 10:36 -------- d-----w- c:\users\lubos\AppData\Roaming\OpenCandy
2011-07-20 09:47 . 2007-08-31 16:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2011-07-20 09:47 . 2003-01-26 11:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-07-15 14:05 . 2011-07-15 14:05 -------- d-----w- c:\users\lubos\AppData\Roaming\Canneverbe Limited
2011-07-15 13:29 . 2011-07-15 13:29 -------- d-----w- c:\programdata\Canneverbe Limited
2011-07-15 10:06 . 2011-07-20 11:15 -------- d-----w- c:\program files\Opera
2011-07-13 02:41 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 02:41 . 2009-06-17 13:23 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 02:41 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 02:41 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 02:41 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-04 07:24 . 2011-07-04 07:24 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-04 07:24 . 2011-07-04 07:24 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-29 16:03 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 09:38 . 2011-06-29 09:38 0 ---ha-w- c:\users\lubos\AppData\Local\BIT4FF8.tmp
2011-06-27 18:08 . 2011-06-27 18:08 -------- d-----w- c:\users\lubos\AppData\Roaming\Telefónica Móviles
2011-06-27 18:07 . 2009-12-15 12:05 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-06-27 18:07 . 2009-12-15 12:05 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-06-27 18:07 . 2009-12-15 12:05 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-06-27 18:07 . 2009-12-15 12:05 101120 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2011-06-27 18:06 . 2011-06-27 18:06 -------- d-----w- c:\program files\O2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2010-09-09 02:11 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-06-04 14:04 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-05-20 13:46 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-06-04 14:05 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-06-04 14:05 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-06-04 14:05 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-06-04 14:05 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-06-04 14:05 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-27 16:52 . 2010-06-08 09:48 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-06-08 17:40 . 2011-06-08 17:40 161792 ----a-w- c:\windows\system32\msls31.dll
2011-06-08 17:40 . 2011-06-08 17:40 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-06-08 17:40 . 2011-06-08 17:40 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-08 17:40 . 2011-06-08 17:40 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-08 17:40 . 2011-06-08 17:40 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-08 17:40 . 2011-06-08 17:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-08 17:40 . 2011-06-08 17:40 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-06-08 17:40 . 2011-06-08 17:40 367104 ----a-w- c:\windows\system32\html.iec
2011-06-08 17:40 . 2011-06-08 17:40 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-06-08 17:40 . 2011-06-08 17:40 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-08 17:40 . 2011-06-08 17:40 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-08 17:40 . 2011-06-08 17:40 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-06-08 17:40 . 2011-06-08 17:40 152064 ----a-w- c:\windows\system32\wextract.exe
2011-06-08 17:40 . 2011-06-08 17:40 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-06-08 17:40 . 2011-06-08 17:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-08 17:40 . 2011-06-08 17:40 11776 ----a-w- c:\windows\system32\mshta.exe
2011-06-08 17:40 . 2011-06-08 17:40 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-08 17:40 . 2011-06-08 17:40 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-06-08 17:40 . 2011-06-08 17:40 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-24 17:14 . 2010-07-05 10:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-02 17:16 . 2011-06-16 19:18 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-16 19:18 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-16 19:18 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-16 19:18 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-16 19:18 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-16 19:18 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-18 08:03 . 2009-01-07 19:24 74330 ----a-w- c:\program files\Uninstall.exe
2011-07-04 07:24 . 2011-03-25 10:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-10 19:15 . 2010-06-05 02:07 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2009-12-31 09:53 2349080 ----a-w- c:\program files\MyAshampoo\tbMyAs.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\toolbar\toolbar.dll" [2011-03-10 183808]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{34AB3C4C-DA1A-4067-96F4-31452C7CFE65}"= "c:\program files\Seznam.cz\listicka.dll" [2011-03-15 2201600]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{34ab3c4c-da1a-4067-96f4-31452c7cfe65}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-02-09 395640]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 ActivityMon2;asam;c:\windows\system32\asam\svchost.exe [2011-01-14 185856]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 PCSpeedUpService;PCSpeedUp Service;c:\program files\Zrychleni Pocitace\PCSpeedUpService.exe [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-06 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-04-08 43736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bigseekpro.com/burn4free/{108FEDF9- ... 844B006F1A}
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://www.bigseekpro.com/burn4free/{108FEDF9- ... 844B006F1A}
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} -
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
TCP: DhcpNameServer = 82.114.192.15 82.114.192.6
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
FF - ProfilePath - c:\users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\pl31k3lv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Searchrise
FF - prefs.js: browser.startup.homepage - hxxp://searchrise.com?hl=cs&fh=
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/burn4 ... 006F1A}?q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Nektra OEAPI - (no file)
HKCU-Run-OEXPRESS - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-Burn4Free DB Toolbar - c:\program files\Burn4Free DB Toolbar\UninstallToolbar.exe
AddRemove-Burn4Free DVD Burning_is1 - c:\program files\Burn4Free\unins000.exe
AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\12.0.742.112\Installer\setup.exe
AddRemove-Google Desktop - c:\program files\Google\Google Desktop Search\GoogleDesktopSetup.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_EAA6E347FFC35CC8.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-25 22:29
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-465257137-3806693963-3011938715-1003\Software\SecuROM\License information*]
"datasecu"=hex:be,fe,cc,e9,30,75,4d,82,80,ab,e8,79,2d,be,c3,55,2f,11,a9,fc,29,
35,c3,b7,33,6a,ab,2f,b3,e8,68,87,70,82,df,a5,f9,02,92,46,0e,b2,5c,2e,84,dc,\
"rkeysecu"=hex:d7,fa,03,3f,70,5e,88,dd,54,bd,85,d7,d2,3d,58,a4
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-07-25 22:33:44
ComboFix-quarantined-files.txt 2011-07-25 20:33
.
Před spuštěním: Volných bajtů: 16 778 625 024
Po spuštění: Volných bajtů: 16 470 700 032
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - EE4A902700D29B1E33311ED5A0FBC178

Zdravim a pekny vecer preji

ComboFix na preventivku je fakt silny nastroj, navic to neni detska hracka - vizte nize

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_USERS\S-1-5-21-465257137-3806693963-3011938715-1003\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

Folder::
c:\program files\uTorrentBar

File::
c:\program files\MyAshampoo\tbMyAs.dll

Driver::
gupdate
gupdatem

DDS::
uStart Page = hxxp://www.bigseekpro.com/burn4free/{108FEDF9-DFD1-422B-BAB6-C6844B006F1A}
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://www.bigseekpro.com/burn4free/{108FEDF9-DFD1-422B-BAB6-C6844B006F1A}
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

Firefox::
FF - ProfilePath - c:\users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\pl31k3lv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Searchrise
FF - prefs.js: browser.startup.homepage - hxxp://searchrise.com?hl=cs&fh=
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/burn4free/{108FEDF9-DFD1-422B-BAB6-C6844B006F1A}?q=

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
"DAEMON Tools Lite"=-
"WMPNSCFG"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"=-

FixCSet::

AtJob::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Dobrý den,
moc děkuji, snad jsem to udělala dobře

tady je log

ComboFix 11-07-25.02 - lubos 26.07.2011 11:04:30.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3066.1793 [GMT 2:00]
Spuštěný z: c:\users\lubos\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\lubos\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\MyAshampoo\tbMyAs.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\uTorrentBar
c:\program files\uTorrentBar\GottenAppsContextMenu.xml
c:\program files\uTorrentBar\INSTALL.LOG
c:\program files\uTorrentBar\OtherAppsContextMenu.xml
c:\program files\uTorrentBar\SharedAppsContextMenu.xml
c:\program files\uTorrentBar\tbuTor.dll
c:\program files\uTorrentBar\toolbar.cfg
c:\program files\uTorrentBar\ToolbarContextMenu.xml
c:\program files\uTorrentBar\UNWISE.EXE
c:\program files\uTorrentBar\uTorrentBarToolbarHelper.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 09:16 . 2011-07-26 09:21 -------- d-----w- c:\users\lubos\AppData\Local\temp
2011-07-26 09:16 . 2011-07-26 09:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-26 07:01 . 2011-07-26 09:01 -------- d-----w- C:\32788R22FWJFW
2011-07-26 06:33 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FE51044-926D-4AB3-9922-A6204BC022C3}\mpengine.dll
2011-07-21 12:25 . 2011-07-21 12:25 -------- d-----w- c:\programdata\WindowsSearch
2011-07-21 11:37 . 2011-07-23 23:07 -------- d-----w- c:\users\lubos\AppData\Local\Minibar
2011-07-21 11:34 . 2011-07-21 11:34 -------- d-----w- c:\program files\b4ficons
2011-07-21 11:34 . 2011-07-23 19:09 -------- d-----w- c:\program files\Burn4Free
2011-07-21 09:51 . 2011-07-21 09:51 -------- d-----w- c:\program files\MyAshampoo
2011-07-21 09:50 . 2011-07-21 09:50 -------- d-----w- c:\program files\Ashampoo
2011-07-20 10:36 . 2011-07-25 20:05 -------- d-----w- c:\program files\Zrychleni Pocitace
2011-07-20 10:36 . 2011-07-21 09:04 -------- d-----w- c:\users\lubos\AppData\Roaming\Broad Intelligence
2011-07-20 10:36 . 2011-07-20 11:43 -------- d-----w- c:\users\lubos\AppData\Local\OpenCandy
2011-07-20 10:36 . 2011-07-20 10:36 -------- d-----w- c:\users\lubos\AppData\Roaming\OpenCandy
2011-07-20 09:47 . 2007-08-31 16:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2011-07-20 09:47 . 2003-01-26 11:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-07-15 14:05 . 2011-07-15 14:05 -------- d-----w- c:\users\lubos\AppData\Roaming\Canneverbe Limited
2011-07-15 13:29 . 2011-07-15 13:29 -------- d-----w- c:\programdata\Canneverbe Limited
2011-07-15 10:06 . 2011-07-20 11:15 -------- d-----w- c:\program files\Opera
2011-07-13 02:41 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 02:41 . 2009-06-17 13:23 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 02:41 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 02:41 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 02:41 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-04 07:24 . 2011-07-04 07:24 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-04 07:24 . 2011-07-04 07:24 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-29 16:03 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 09:38 . 2011-06-29 09:38 0 ---ha-w- c:\users\lubos\AppData\Local\BIT4FF8.tmp
2011-06-27 18:08 . 2011-06-27 18:08 -------- d-----w- c:\users\lubos\AppData\Roaming\Telefónica Móviles
2011-06-27 18:07 . 2009-12-15 12:05 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-06-27 18:07 . 2009-12-15 12:05 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-06-27 18:07 . 2009-12-15 12:05 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-06-27 18:07 . 2009-12-15 12:05 101120 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2011-06-27 18:06 . 2011-06-27 18:06 -------- d-----w- c:\program files\O2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2010-09-09 02:11 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-06-04 14:04 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-05-20 13:46 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-06-04 14:05 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-06-04 14:05 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-06-04 14:05 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-06-04 14:05 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-06-04 14:05 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-27 16:52 . 2010-06-08 09:48 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-06-08 17:40 . 2011-06-08 17:40 161792 ----a-w- c:\windows\system32\msls31.dll
2011-06-08 17:40 . 2011-06-08 17:40 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-06-08 17:40 . 2011-06-08 17:40 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-08 17:40 . 2011-06-08 17:40 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-08 17:40 . 2011-06-08 17:40 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-08 17:40 . 2011-06-08 17:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-08 17:40 . 2011-06-08 17:40 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-06-08 17:40 . 2011-06-08 17:40 367104 ----a-w- c:\windows\system32\html.iec
2011-06-08 17:40 . 2011-06-08 17:40 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-06-08 17:40 . 2011-06-08 17:40 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-08 17:40 . 2011-06-08 17:40 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-08 17:40 . 2011-06-08 17:40 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-06-08 17:40 . 2011-06-08 17:40 152064 ----a-w- c:\windows\system32\wextract.exe
2011-06-08 17:40 . 2011-06-08 17:40 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-06-08 17:40 . 2011-06-08 17:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-08 17:40 . 2011-06-08 17:40 11776 ----a-w- c:\windows\system32\mshta.exe
2011-06-08 17:40 . 2011-06-08 17:40 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-08 17:40 . 2011-06-08 17:40 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-06-08 17:40 . 2011-06-08 17:40 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-24 17:14 . 2010-07-05 10:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-02 17:16 . 2011-06-16 19:18 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-16 19:18 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-16 19:18 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-16 19:18 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-16 19:18 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-16 19:18 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-18 08:03 . 2009-01-07 19:24 74330 ----a-w- c:\program files\Uninstall.exe
2011-07-04 07:24 . 2011-03-25 10:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-10 19:15 . 2010-06-05 02:07 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\toolbar\toolbar.dll" [2011-03-10 183808]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{34AB3C4C-DA1A-4067-96F4-31452C7CFE65}"= "c:\program files\Seznam.cz\listicka.dll" [2011-03-15 2201600]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{34ab3c4c-da1a-4067-96f4-31452c7cfe65}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 PCSpeedUpService;PCSpeedUp Service;c:\program files\Zrychleni Pocitace\PCSpeedUpService.exe [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-06 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 ActivityMon2;asam;c:\windows\system32\asam\svchost.exe [2011-01-14 185856]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-04-08 43736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} -
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
TCP: DhcpNameServer = 82.114.192.15 82.114.192.6
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
FF - ProfilePath - c:\users\lubos\AppData\Roaming\Mozilla\Firefox\Profiles\pl31k3lv.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-uTorrentBar Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 11:20
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-465257137-3806693963-3011938715-1003\Software\SecuROM\License information*]
"datasecu"=hex:be,fe,cc,e9,30,75,4d,82,80,ab,e8,79,2d,be,c3,55,2f,11,a9,fc,29,
35,c3,b7,33,6a,ab,2f,b3,e8,68,87,70,82,df,a5,f9,02,92,46,0e,b2,5c,2e,84,dc,\
"rkeysecu"=hex:d7,fa,03,3f,70,5e,88,dd,54,bd,85,d7,d2,3d,58,a4
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(904)
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\asam\rundll32.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 11:29:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 09:29
ComboFix2.txt 2011-07-25 20:33
.
Před spuštěním: Volných bajtů: 16 188 194 816
Po spuštění: Volných bajtů: 15 607 951 360
.
- - End Of File - - FC66F84954153DEAD3BB195530734230

Ano je to spravne

Jak se chova PC

super, ještě jednou díky moc !!!

zatím dobrý,

On se nám PC vypínal, často sekal a pak i nechtěl naskočit, házelo to tady tabulky. Projeli jsme to antivirákem, našel nějaký 2 havěti, tak to manžel nějakým způsobem odstranil a něco s tím tady prováděl, ale nebylo to ono. Vzhledem k tomu, že manžel je laik s velkým L a zajímají ho jen hry, tak to pak tady s naším PC vypadá a nezbývá nic jinýho, než abych se to naučila všechno obsluhovat já

můžu se zeptat, jestli tam něco bylo ještě ?

Ještě jednou moc díky a budu se tady u vás na stránkách vzdělávat, abych byla v obraze

Tak jeste uklidime

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /UninstallA
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Nejaka ta havet tam opravdu byla a pak taky hodne zbytecnosti

mě ten combofix odinstalovat nejde

můžete mi prosím napsat přesnou cestu, asi dělám něco špatně

děkuji moc N.

Prejmenujte tedy ikonu ComboFix na Uninstall a spustte

Všechno je udělané dle Vašeho návodu a mělo by to být už OK. CCleaner budu používat jednou týdně , jak jste psal a jdu nastudovat zbytek věcí, co tady najdu na Vašem serveru. Ještě jednou moc, moc děkuji

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

VIRY.CZ

Prosím o preventivní kontrolu logu

Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu