VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

FB - vir, prosba o pomoc

https://forum.viry.cz:443/viewtopic.php?t=113738

Stránka 1 z 1

FB - vir, prosba o pomoc

Napsal: 26 črc 2011 18:13
od macik.cz
Ahojte, prosím o pomoc po stažení FB viru...
níže můj log
děkuji


Logfile of random's system information tool 1.09 (written by random/random)
Run by monika at 2011-07-26 19:03:13
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 72 GB (61%) free of 119 GB
Total RAM: 2926 MB (61% free)

HijackThis download failed

=========Mozilla firefox=========

ProfilePath - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\665my98i.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="

"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files (x86)\AVG\AVG10\Firefox4\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeploytk.dll
NPOFF12.DLL
nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\665my98i.default\extensions\
engine@conduit.com
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\665my98i.default\searchplugins\
bing.xml
conduit.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\avgssie.dll [2011-07-08 2274144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27 1250696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-12-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"Boingo Wi-Fi"=C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2010-08-27 2429]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-02-04 7350912]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-01-05 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"AVG_TRAY"=C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2011-04-18 2334560]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-10-11 14940040]
"Rainlendar2"=C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2010-07-11 2199040]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
FancyStart daemon.lnk - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
PHOTOfunSTUDIO 5.0 HD Edition.lnk - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-26 19:02:35 ----D---- C:\Program Files (x86)\trend micro
2011-07-26 19:02:33 ----D---- C:\rsit
2011-07-26 17:58:03 ----A---- C:\Windows\winlog-ids.txt
2011-07-26 17:58:03 ----A---- C:\Windows\winlog-dirs.txt
2011-07-21 11:28:56 ----A---- C:\Windows\SysWOW64\PICSDK2.dll
2011-07-21 11:28:56 ----A---- C:\Windows\SysWOW64\PICSDK.ini
2011-07-21 11:28:56 ----A---- C:\Windows\SysWOW64\PICSDK.dll
2011-07-21 11:28:56 ----A---- C:\Windows\SysWOW64\PICEntry.dll
2011-07-21 11:28:56 ----A---- C:\Windows\SysWOW64\EpPicPrt.dll
2011-07-21 11:28:56 ----A---- C:\Windows\SysWOW64\EPPICPrinterDB.dat
2011-07-21 11:28:56 ----A---- C:\Windows\SysWOW64\EPPICPresetData_IT.dat
2011-07-21 11:28:56 ----A---- C:\Windows\SysWOW64\EPPICPresetData_GE.dat
2011-07-21 11:28:55 ----A---- C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2011-07-21 11:28:55 ----A---- C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2011-07-21 11:28:55 ----A---- C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2011-07-21 11:28:55 ----A---- C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2011-07-21 11:28:55 ----A---- C:\Windows\SysWOW64\EPPICPresetData_DU.dat
2011-07-21 11:28:55 ----A---- C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2011-07-21 11:28:55 ----A---- C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2011-07-21 11:28:55 ----A---- C:\Windows\SysWOW64\EPPICPattern6.dat
2011-07-21 11:28:55 ----A---- C:\Windows\SysWOW64\EPPICPattern5.dat
2011-07-21 11:28:55 ----A---- C:\Windows\SysWOW64\EPPICPattern4.dat
2011-07-21 11:28:55 ----A---- C:\Windows\SysWOW64\EPPICPattern3.dat
2011-07-21 11:28:55 ----A---- C:\Windows\SysWOW64\EPPICPattern2.dat
2011-07-21 11:28:55 ----A---- C:\Windows\SysWOW64\EPPICPattern131.dat
2011-07-21 11:28:55 ----A---- C:\Windows\SysWOW64\EPPICPattern121.dat
2011-07-21 11:28:55 ----A---- C:\Windows\SysWOW64\EPPICPattern1.dat
2011-07-21 11:28:55 ----A---- C:\Windows\SysWOW64\EPPicMgr.dll
2011-07-21 11:28:49 ----D---- C:\ProgramData\Panasonic
2011-07-21 09:26:17 ----D---- C:\Program Files (x86)\Common Files\Adobe
2011-07-21 09:26:03 ----SHD---- C:\Config.Msi
2011-07-21 08:38:20 ----A---- C:\Windows\SysWOW64\GenSvcInst.exe
2011-07-21 08:38:20 ----A---- C:\Windows\SysWOW64\bgsvcgen.exe
2011-07-21 08:37:52 ----D---- C:\Program Files (x86)\Common Files\Panasonic
2011-07-21 08:37:30 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2011-07-16 18:29:54 ----A---- C:\Windows\SysWOW64\ConduitEngine.tmp
2011-07-16 18:28:30 ----D---- C:\Users\monika\AppData\Roaming\uTorrent
2011-07-14 08:28:49 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2011-07-14 08:28:48 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-14 08:28:47 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-14 08:28:46 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-14 08:28:46 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-14 08:28:46 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-14 08:28:46 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-14 08:28:46 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-14 08:28:46 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-14 08:28:29 ----A---- C:\Windows\SysWOW64\wow32.dll
2011-07-14 08:28:29 ----A---- C:\Windows\SysWOW64\setup16.exe
2011-07-14 08:28:29 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2011-07-14 08:28:29 ----A---- C:\Windows\SysWOW64\kernel32.dll
2011-07-14 08:28:29 ----A---- C:\Windows\SysWOW64\instnm.exe
2011-07-14 08:28:27 ----A---- C:\Windows\SysWOW64\user.exe
2011-06-29 10:44:50 ----A---- C:\Windows\SysWOW64\drvinst.exe
2011-06-29 10:44:50 ----A---- C:\Windows\SysWOW64\devrtl.dll
2011-06-29 10:44:50 ----A---- C:\Windows\SysWOW64\cfgmgr32.dll
2011-06-29 10:44:49 ----A---- C:\Windows\SysWOW64\devobj.dll
2011-06-29 10:44:44 ----A---- C:\Windows\SysWOW64\mssrch.dll
2011-06-29 10:44:43 ----A---- C:\Windows\SysWOW64\tquery.dll
2011-06-29 10:44:42 ----A---- C:\Windows\SysWOW64\SearchProtocolHost.exe
2011-06-29 10:44:42 ----A---- C:\Windows\SysWOW64\SearchIndexer.exe
2011-06-29 10:44:42 ----A---- C:\Windows\SysWOW64\mssph.dll
2011-06-29 10:44:40 ----A---- C:\Windows\SysWOW64\SearchFilterHost.exe
2011-06-29 10:44:40 ----A---- C:\Windows\SysWOW64\mssvp.dll
2011-06-29 10:44:40 ----A---- C:\Windows\SysWOW64\mssphtb.dll
2011-06-29 10:44:39 ----A---- C:\Windows\SysWOW64\msscntrs.dll

======List of files/folders modified in the last 1 month======

2011-07-26 19:02:35 ----RD---- C:\Program Files (x86)
2011-07-26 19:02:04 ----D---- C:\Windows\Temp
2011-07-26 18:04:07 ----A---- C:\Windows\SysWOW64\log.txt
2011-07-26 18:03:57 ----D---- C:\Users\monika\AppData\Roaming\Skype
2011-07-26 18:00:00 ----D---- C:\ProgramData\AVG10
2011-07-26 17:59:54 ----D---- C:\Windows
2011-07-26 17:55:50 ----D---- C:\Users\monika\AppData\Roaming\skypePM
2011-07-26 17:55:31 ----D---- C:\Windows\SysWOW64
2011-07-25 22:16:07 ----D---- C:\Windows\System32
2011-07-25 22:16:07 ----D---- C:\Windows\inf
2011-07-21 20:37:36 ----D---- C:\Windows\winsxs
2011-07-21 11:32:03 ----SHD---- C:\Windows\Installer
2011-07-21 11:31:26 ----SHD---- C:\System Volume Information
2011-07-21 11:28:56 ----HD---- C:\ProgramData
2011-07-21 11:28:41 ----RSD---- C:\Windows\Fonts
2011-07-21 09:26:18 ----D---- C:\ProgramData\Adobe
2011-07-21 09:26:17 ----D---- C:\Program Files (x86)\Common Files
2011-07-21 09:26:17 ----D---- C:\Program Files (x86)\Adobe
2011-07-21 08:39:34 ----RSD---- C:\Windows\assembly
2011-07-21 08:37:36 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-07-21 08:37:35 ----RD---- C:\Program Files
2011-07-21 08:37:30 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-07-21 08:30:21 ----D---- C:\ProgramData\Skype
2011-07-14 21:15:38 ----D---- C:\Windows\AppPatch
2011-07-14 21:15:34 ----D---- C:\Windows\SysWOW64\drivers
2011-07-14 13:39:10 ----D---- C:\ProgramData\Microsoft Help
2011-07-11 12:02:00 ----D---- C:\Program Files (x86)\Microsoft Office
2011-07-07 16:21:44 ----A---- C:\Windows\winamp.ini
2011-07-07 16:21:36 ----D---- C:\Users\monika\AppData\Roaming\vlc
2011-07-01 18:16:10 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys []
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys []
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys []
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys []
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys []
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys []
S1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys []
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys []
S1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys []
S1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
S2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
S3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys []
S3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys []
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys []
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys []
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys []
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
S3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys []
S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys []
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits); C:\Windows\system32\DRIVERS\JME.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys []
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys []
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe []
S2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
S2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]
S2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\SysWOW64\bgsvcgen.exe [2007-06-15 145504]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-02 864032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-10-01 262144]
S2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
S2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Re: FB - vir, prosba o pomoc

Napsal: 26 črc 2011 19:04
od Rudy
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: FB - vir, prosba o pomoc

Napsal: 26 črc 2011 20:03
od macik.cz
po provedení testu jsme získali tento log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verze databáze: 7035

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

26.7.2011 20:59:59
mbam-log-2011-07-26 (20-59-29).txt

Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 308166
Uplynulý čas: 35 minut, 33 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 2
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Re: FB - vir, prosba o pomoc

Napsal: 26 črc 2011 20:06
od Rudy
I když nález FB viru neodpovídá, obě nalezené položky smažte.

Re: FB - vir, prosba o pomoc

Napsal: 27 črc 2011 22:12
od macik.cz
AHoj, prosimtě, vymazali jsme vyhledané infikované soubory a počítač je pořád ve stejném stavu...jak mám pokračovat? :(

díky moc

Re: FB - vir, prosba o pomoc

Napsal: 28 črc 2011 10:43
od Rudy
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: FB - vir, prosba o pomoc

Napsal: 30 črc 2011 15:27
od macik.cz
Získaný log:

díky za pomoc

ComboFix 11-07-29.03 - monika 30.07.2011 16:12:38.1.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2926.2328 [GMT 2:00]
Spuštěný z: c:\users\monika\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\iun6002.exe
c:\windows\proc_list1.log
c:\windows\SysWow64\muzapp.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-30 )))))))))))))))))))))))))))))))
.
.
2011-07-30 14:17 . 2011-07-30 14:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-26 18:22 . 2011-07-26 18:22 -------- d-----w- c:\users\monika\AppData\Roaming\Malwarebytes
2011-07-26 18:21 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-26 18:21 . 2011-07-26 18:21 -------- d-----w- c:\programdata\Malwarebytes
2011-07-26 18:21 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 18:21 . 2011-07-26 18:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-26 17:02 . 2011-07-26 17:02 -------- d-----w- c:\program files (x86)\trend micro
2011-07-26 17:02 . 2011-07-26 17:02 -------- d-----w- C:\rsit
2011-07-21 09:28 . 2007-06-21 22:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll
2011-07-21 09:28 . 2006-10-30 22:10 120992 ----a-w- c:\windows\SysWow64\EpPicPrt.dll
2011-07-21 09:28 . 2006-10-19 22:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll
2011-07-21 09:28 . 2006-10-19 22:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll
2011-07-21 09:28 . 2006-10-30 22:10 71840 ----a-w- c:\windows\SysWow64\EPPicMgr.dll
2011-07-21 09:28 . 2011-07-21 09:28 -------- d-----w- c:\programdata\Panasonic
2011-07-21 09:28 . 2011-07-21 09:28 -------- d-----w- c:\users\monika\AppData\Local\Panasonic
2011-07-21 07:26 . 2011-07-21 07:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-07-21 06:38 . 2006-08-25 12:36 39208 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys
2011-07-21 06:38 . 2007-06-15 10:57 59488 ----a-w- c:\windows\SysWow64\GenSvcInst.exe
2011-07-21 06:38 . 2007-06-15 10:57 145504 ----a-w- c:\windows\SysWow64\bgsvcgen.exe
2011-07-21 06:37 . 2011-07-21 06:38 -------- d-----w- c:\program files (x86)\Common Files\Panasonic
2011-07-21 06:37 . 2011-07-21 06:37 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-07-21 06:37 . 2011-07-21 06:37 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-07-21 06:37 . 2011-07-21 06:37 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-07-16 16:29 . 2011-07-16 16:29 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-07-16 16:29 . 2011-07-16 16:52 -------- d-----w- c:\users\monika\AppData\Local\Conduit
2011-07-16 16:28 . 2011-07-16 16:53 -------- d-----w- c:\users\monika\AppData\Roaming\uTorrent
2011-07-01 16:16 . 2011-07-01 16:16 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-01 16:16 . 2011-07-01 16:16 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-03 05:57 . 2011-07-14 06:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 11:42 . 2011-06-29 08:44 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 08:44 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:40 . 2011-06-29 08:44 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:39 . 2011-06-29 08:44 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 08:44 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-22 20:46 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-22 20:46 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-04 05:25 . 2011-06-29 08:44 2315776 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 05:22 . 2011-06-29 08:44 2223616 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 05:22 . 2011-06-29 08:44 778752 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 05:22 . 2011-06-29 08:44 491520 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 05:22 . 2011-06-29 08:44 288256 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 05:22 . 2011-06-29 08:44 75264 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 05:19 . 2011-06-29 08:44 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 05:19 . 2011-06-29 08:44 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-04 05:19 . 2011-06-29 08:44 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:34 . 2011-06-29 08:44 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2011-05-04 04:32 . 2011-06-29 08:44 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2011-05-04 04:32 . 2011-06-29 08:44 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2011-05-04 04:32 . 2011-06-29 08:44 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2011-05-04 04:32 . 2011-06-29 08:44 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2011-05-04 04:32 . 2011-06-29 08:44 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2011-05-04 04:28 . 2011-06-29 08:44 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28 . 2011-06-29 08:44 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2011-05-04 04:28 . 2011-06-29 08:44 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2011-05-03 05:29 . 2011-06-14 21:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-14 21:21 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-05-01 21:10 . 2011-05-01 21:10 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-01 21:10 . 2011-05-01 21:10 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-01 21:10 . 2011-05-01 21:10 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-01 21:10 . 2011-05-01 21:10 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-01 21:10 . 2011-05-01 21:10 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-01 21:10 . 2011-05-01 21:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-01 21:10 . 2011-05-01 21:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-01 21:10 . 2011-05-01 21:10 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-01 21:10 . 2011-05-01 21:10 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-01 21:10 . 2011-05-01 21:10 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-01 21:10 . 2011-05-01 21:10 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-01 21:10 . 2011-05-01 21:10 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-01 21:10 . 2011-05-01 21:10 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-01 21:10 . 2011-05-01 21:10 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-01 21:10 . 2011-05-01 21:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-01 21:10 . 2011-05-01 21:10 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-01 21:10 . 2011-05-01 21:10 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-01 21:10 . 2011-05-01 21:10 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-01 21:10 . 2011-05-01 21:10 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-05-01 21:10 . 2011-05-01 21:10 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-01 21:10 . 2011-05-01 21:10 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-01 21:10 . 2011-05-01 21:10 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-01 21:10 . 2011-05-01 21:10 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-05-01 21:10 . 2011-05-01 21:10 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-01 21:10 . 2011-05-01 21:10 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-01 21:10 . 2011-05-01 21:10 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-01 21:10 . 2011-05-01 21:10 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-01 21:10 . 2011-05-01 21:10 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-01 21:10 . 2011-05-01 21:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-01 21:10 . 2011-05-01 21:10 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-01 21:10 . 2011-05-01 21:10 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-01 21:10 . 2011-05-01 21:10 448512 ----a-w- c:\windows\system32\html.iec
2011-05-01 21:10 . 2011-05-01 21:10 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-01 21:10 . 2011-05-01 21:10 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-01 21:10 . 2011-05-01 21:10 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-01 21:10 . 2011-05-01 21:10 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-01 21:10 . 2011-05-01 21:10 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-01 21:10 . 2011-05-01 21:10 603648 ----a-w- c:\windows\system32\vbscript.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2010-07-11 2199040]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-08-27 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-8-27 12862]
PHOTOfunSTUDIO 5.0 HD Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-7-21 172544]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-8-27 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\665my98i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-30 16:20:01
ComboFix-quarantined-files.txt 2011-07-30 14:20
.
Před spuštěním: Volných bajtů: 76 081 348 608
Po spuštění: Volných bajtů: 76 134 940 672
.
- - End Of File - - EAC5DE7B7957D1AA2A2579B920A16868

Re: FB - vir, prosba o pomoc

Napsal: 30 črc 2011 16:26
od Rudy
Několik položek bylo smazáno, zbytek logu vypadá čistý. Nastala nějaká změna?

Re: FB - vir, prosba o pomoc

Napsal: 30 črc 2011 16:47
od macik.cz
vůbec ne, je to pořád stejné :(

Re: FB - vir, prosba o pomoc

Napsal: 30 črc 2011 16:55
od macik.cz
počítač je ihned po spuštění v nouzovém režimu. V nápovědě se radí provést obnovení...mám to provést?
dík

Re: FB - vir, prosba o pomoc

Napsal: 30 črc 2011 17:19
od Rudy
Ano, zkuste obnovu systému k datu, kdy korektně fungoval.

Re: FB - vir, prosba o pomoc

Napsal: 31 črc 2011 09:34
od macik.cz
provedla jsem obnovení systému k datu 14 dnů před stažení viru a počítač je stále bezezměny-v nouzovém systému... :(

Re: FB - vir, prosba o pomoc

Napsal: 31 črc 2011 10:37
od Rudy
Pak nezbude, než oprava systému z instal. média. Vír (a nebyl to FB) patrně poškodil něco v systému.

Re: FB - vir, prosba o pomoc

Napsal: 31 črc 2011 20:42
od macik.cz
ok, i tak moc díky :)

Re: FB - vir, prosba o pomoc

Napsal: 31 črc 2011 20:52
od Rudy
Nemáte zač!
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz