VIRY.CZ

Ahoj, taky jsem "chytil" FB virus.
Prikladam log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by honzík at 2011-07-26 20:59:10
Microsoft Windows 7 Professional
System drive C: has 92 GB (63%) free of 148 GB
Total RAM: 3067 MB (64% free)

HijackThis download failed

=========Mozilla firefox=========

ProfilePath - C:\Users\honzík\AppData\Roaming\Mozilla\Firefox\Profiles\yeamjaot.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz"

"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"Cetrumcz@igeared"=C:\Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.76892]
"Description"=
"Path"=C:\Program Files\OnLive\FirefoxPlugin\npolgdet.dll

C:\Program Files\Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

C:\Program Files\Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Firefox\plugins\
npdeployJava1.dll
nppdf32.dll

C:\Program Files\Firefox\searchplugins\
Cetrumcz_igeared.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\honzík\AppData\Roaming\Mozilla\Firefox\Profiles\yeamjaot.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A}]
CentrumczToolbar BHO - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-03-26 1286448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
XfireXO Toolbar - C:\Program Files\XfireXO\tbXfir.dll [2010-06-13 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Trillian Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-10-30 1019336]
{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - XfireXO Toolbar - C:\Program Files\XfireXO\tbXfir.dll [2010-06-13 2734688]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Trillian Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]
{D5D47440-0750-463D-BAEF-A47D02414806} - Lišta Centrum.cz Toolbar - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-03-26 1286448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe -h []
"PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-14 1541416]
"RTBatteryMeter"=C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe [2003-01-16 49152]
"Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2008-04-16 536576]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-02-15 417792]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-28 13797920]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-05-25 1951112]
"VitaKeyPdtWzd"=C:\Program Files\Acer Bio Protection\PdtWzd.exe [2009-09-05 3570176]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-06 7600672]
"wxpdrv"=C:\Windows\services32.exe []
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-7-0\svchost.exe [2011-07-24 1174016]
"tray_ico1"=C:\Windows\update.tray-5-0\svchost.exe [2011-07-24 1174016]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-12-21 1483264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\Windows\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=C:\Program Files\Acer Bio Protection\PwdFilter

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"vidc.VP60"=vp6vfw.dll
"vidc.VP61"=vp6vfw.dll
"vidc.VP62"=vp6vfw.dll
"VIDC.XFR1"=xfcodec.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2011-07-24 22:16:11 ----D---- C:\rsit
2011-07-24 22:16:11 ----D---- C:\Program Files\trend micro
2011-07-24 22:11:28 ----D---- C:\Windows\av_ico
2011-07-24 22:09:53 ----HD---- C:\Windows\update.1
2011-07-24 22:09:47 ----HD---- C:\Windows\update.tray-7-0-lnk
2011-07-24 22:09:47 ----HD---- C:\Windows\update.tray-7-0
2011-07-24 22:09:47 ----HD---- C:\Windows\update.tray-5-0-lnk
2011-07-24 22:09:47 ----HD---- C:\Windows\update.tray-5-0
2011-07-24 21:58:18 ----A---- C:\Windows\winlog-ids.txt
2011-07-24 21:58:18 ----A---- C:\Windows\winlog-dirs.txt
2011-07-04 09:58:54 ----D---- C:\Program Files\Mozilla Firefox
2011-06-16 10:33:42 ----D---- C:\Windows\system32\RTCOM
2011-06-16 10:32:00 ----A---- C:\Windows\system32\drivers\RtkAcerM.dat
2011-06-16 10:31:58 ----A---- C:\Windows\system32\WavesLib.dll
2011-06-16 10:31:58 ----A---- C:\Windows\system32\SRSWOW.dll
2011-06-16 10:31:58 ----A---- C:\Windows\system32\SRSTSXT.dll
2011-06-16 10:31:58 ----A---- C:\Windows\system32\SRSTSHD.dll
2011-06-16 10:31:58 ----A---- C:\Windows\system32\SRSHP360.dll
2011-06-16 10:31:58 ----A---- C:\Windows\system32\RtkPgExt.dll
2011-06-16 10:31:58 ----A---- C:\Windows\system32\RtkCoInst.dll
2011-06-16 10:31:58 ----A---- C:\Windows\system32\RtkApoApi.dll
2011-06-16 10:31:58 ----A---- C:\Windows\system32\RtkAPO.dll
2011-06-16 10:31:58 ----A---- C:\Windows\system32\drivers\RTKVHDA.sys
2011-06-16 10:31:57 ----A---- C:\Windows\system32\RP3DHT32.dll
2011-06-16 10:31:57 ----A---- C:\Windows\system32\RP3DAA32.dll
2011-06-16 10:31:57 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2011-06-16 10:31:57 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2011-06-16 10:31:57 ----A---- C:\Windows\system32\MaxxAudioAPO.dll
2011-06-16 10:31:57 ----A---- C:\Windows\system32\FMAPO.dll
2011-06-16 10:31:56 ----D---- C:\Program Files\Realtek
2011-06-16 10:31:56 ----A---- C:\Windows\system32\AERTARen.dll
2011-06-16 10:31:56 ----A---- C:\Windows\system32\AERTACap.dll
2011-06-16 10:31:53 ----A---- C:\Windows\RtlExUpd.dll
2011-06-01 20:27:40 ----SHD---- C:\Config.Msi
2011-06-01 10:53:48 ----D---- C:\Program Files\LogMeIn Hamachi
2011-05-19 16:22:39 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-05-19 15:35:36 ----D---- C:\ProgramData\Symantec
2011-05-19 15:35:27 ----D---- C:\ProgramData\Norton
2011-05-19 15:35:26 ----D---- C:\ProgramData\NortonInstaller

======List of files/folders modified in the last 3 months======

2011-07-26 20:59:04 ----D---- C:\Windows\Temp
2011-07-26 19:27:10 ----D---- C:\Windows\Prefetch
2011-07-26 18:57:20 ----D---- C:\Windows\System32
2011-07-26 18:57:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-26 18:57:18 ----D---- C:\Windows\inf
2011-07-26 18:25:12 ----D---- C:\Program Files\Firefox
2011-07-25 22:09:07 ----D---- C:\Windows\system32\config
2011-07-25 21:57:51 ----SHD---- C:\System Volume Information
2011-07-24 22:16:11 ----RD---- C:\Program Files
2011-07-24 22:11:28 ----D---- C:\Windows
2011-07-24 22:09:53 ----HD---- C:\ProgramData
2011-07-24 22:08:22 ----D---- C:\Users\honzík\AppData\Roaming\ICQ
2011-07-19 10:46:48 ----D---- C:\Users\honzík\AppData\Roaming\AIMP
2011-07-17 22:13:35 ----D---- C:\Users\honzík\AppData\Roaming\Skype
2011-07-17 22:13:16 ----D---- C:\Users\honzík\AppData\Roaming\skypePM
2011-07-17 17:59:27 ----D---- C:\Windows\system32\catroot2
2011-07-04 09:58:55 ----SHD---- C:\Windows\Installer
2011-06-16 12:52:06 ----D---- C:\Users\honzík\AppData\Roaming\BatteryBar
2011-06-16 10:33:42 ----D---- C:\Windows\system32\drivers
2011-06-16 10:32:14 ----HD---- C:\Program Files\Temp
2011-06-16 10:32:10 ----D---- C:\Windows\system32\catroot
2011-06-16 10:32:06 ----D---- C:\Windows\system32\DriverStore
2011-06-16 10:31:56 ----HD---- C:\Program Files\InstallShield Installation Information
2011-06-16 10:29:39 ----D---- C:\Windows\Tasks
2011-06-12 18:52:22 ----D---- C:\Windows\system32\NDF
2011-06-11 12:12:21 ----D---- C:\Windows\system32\wdi
2011-06-09 10:15:28 ----D---- C:\Program Files\Common Files\Steam
2011-06-08 16:56:44 ----D---- C:\Windows\system32\wfp
2011-06-08 16:56:44 ----D---- C:\Windows\system32\wbem
2011-06-08 16:56:43 ----D---- C:\Windows\AppCompat
2011-06-08 16:56:42 ----D---- C:\Users\honzík\AppData\Roaming\GHISLER
2011-06-08 16:56:40 ----D---- C:\Program Files\Common Files
2011-06-08 16:56:40 ----D---- C:\Program Files\Acer Bio Protection
2011-06-08 16:56:38 ----D---- C:\Windows\registration
2011-06-01 15:44:01 ----D---- C:\Windows\winsxs
2011-05-27 11:01:30 ----D---- C:\Windows\system32\Tasks
2011-05-27 10:57:03 ----D---- C:\Users\honzík\AppData\Roaming\vlc
2011-05-27 10:57:00 ----D---- C:\Users\honzík\AppData\Roaming\dvdcss
2011-05-18 20:19:02 ----D---- C:\Windows\system32\Macromed
2011-05-14 18:43:03 ----D---- C:\Program Files\ICQ7.4

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-11-15 691696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2009-11-10 128888]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2009-11-10 29520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2009-11-10 74328]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-12 69632]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2008-01-03 5120]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-14 1035776]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-08-05 659328]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
R3 DynCal;Dynamic Calibration Service; C:\Windows\system32\drivers\Dyncal.sys [2005-09-26 8576]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-07-06 2657120]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-05-18 119256]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-04-30 64032]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-07-14 212656]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aa9paj7z;aa9paj7z; C:\Windows\system32\drivers\aa9paj7z.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2010-07-30 18048]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2010-07-30 23040]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-07-30 8192]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-07-30 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 XDva359;XDva359; \??\C:\Windows\system32\XDva359.sys []
S3 XDva361;XDva361; \??\C:\Windows\system32\XDva361.sys []
S3 XDva367;XDva367; \??\C:\Windows\system32\XDva367.sys []
S3 XDva380;XDva380; \??\C:\Windows\system32\XDva380.sys []
S3 XDva382;XDva382; \??\C:\Windows\system32\XDva382.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ATService;AuthenTec Fingerprint Service; C:\Program Files\Fingerprint Sensor\AtService.exe [2009-08-05 1807608]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 IGBASVC;EgisTec Service; C:\Program Files\Acer Bio Protection\BASVC.exe [2009-09-05 3449856]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-28 211488]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-07-24 1174016]
R2 XobniService;XobniService; C:\Program Files\Xobni\XobniService.exe [2010-08-12 56040]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-11-15 85096]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

Zdravim a pekny vecer preji

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

Aplikujte exeHelper by Raktor

Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Aplikujte RogueKiller

stell píše: pouzijes RogueKiller>.spustis>>stlac 2> [enter] log vloz sem
http://www.viry.cz/forum/viewtopic.php? ... 05#p981205

Jeste znovu RogueKiller ale nyni s moznosti 3 a pote jeste jednou s moznosti 4

RKill, eXeHelper i RogueKiller by mely udelat logy, vlozte mi je sem

RKILL log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 26.07.2011 at 21:10:08.
Operating System: Windows 7 Professional

Processes terminated by Rkill or while it was running:

C:\Users\HONZK~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\taskeng.exe

Rkill completed on 26.07.2011 at 21:10:13.

exehelper log

exeHelper by Raktor
Build 20100414
Run at 21:11:06 on 07/26/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

rogue volba 2

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: honzík [Admin rights]
Mode: Remove -- Date : 07/26/2011 21:12:31

Bad processes: 3
[SUSP PATH] PLFSetI.exe -- c:\windows\plfseti.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-7-0\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-5-0\svchost.exe -> KILLED

Registry Entries: 9
[SUSP PATH] HKLM\[...]\Run : PLFSetI (C:\Windows\PLFSetI.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\Windows\services32.exe) -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (cache.sh.cvut.cz:3128) -> NOT REMOVED, USE PROXYFIX
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:

Finished : << RKreport[1].txt >>
RKreport[1].txt

rogue volba 3
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: honzík [Admin rights]
Mode: HOSTSFix -- Date : 07/26/2011 21:12:59

Bad processes: 0

HOSTS File:

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

rogue volba 4

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: honzík [Admin rights]
Mode: ProxyFix -- Date : 07/26/2011 21:13:14

Bad processes: 0

Registry Entries: 1
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (cache.sh.cvut.cz:3128) -> DELETED

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Vyborne, jdeme dale

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Spusil jsem combofix, akorat mam nyni docela problem - nelze spustit vubec zadnej program, pise mi ze ukazuje na polozku registru urcenou k odstraneni (nebo neco v tom smyslu, pisu ted z jineho pocitace).

Log z combofixu

ComboFix 11-07-26.03 - honzík 26.07.2011 21:25:15.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3067.1988 [GMT 2:00]
Spuštěný z: c:\users\honzÝk\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\windows\proc_list1.log
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.tray-5-0\svchost.exe
c:\windows\update.tray-7-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
c:\windows\system32\Drivers\atapi.sys . . . je infikován!!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 19:31 . 2011-07-26 19:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-24 20:16 . 2011-07-24 20:16 -------- d-----w- C:\rsit
2011-07-24 20:16 . 2011-07-24 20:16 -------- d-----w- c:\program files\trend micro
2011-07-24 20:11 . 2011-07-24 20:11 -------- d-----w- c:\windows\av_ico
2011-07-24 20:09 . 2011-07-26 19:31 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-24 20:09 . 2011-07-26 19:31 -------- d--h--w- c:\windows\update.tray-5-0
2011-07-24 20:09 . 2011-07-24 20:09 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-24 20:09 . 2011-07-24 20:09 -------- d--h--w- c:\windows\update.tray-5-0-lnk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\XfireXO\tbXfir.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 18:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-04-16 536576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 13797920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-09-05 3570176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]
R3 XDva361;XDva361;c:\windows\system32\XDva361.sys [x]
R3 XDva367;XDva367;c:\windows\system32\XDva367.sys [x]
R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]
R3 XDva382;XDva382;c:\windows\system32\XDva382.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-15 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-11-10 128888]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-11-10 29520]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-08-05 1807608]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-09-05 3449856]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-03 5120]
S2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2010-08-11 56040]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-08-05 659328]
S3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [2005-09-26 8576]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 119256]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-04-30 64032]
.
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
FF - ProfilePath - c:\users\honzík\AppData\Roaming\Mozilla\Firefox\Profiles\yeamjaot.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-5-0\svchost.exe
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-avast5 - c:\program files\Alwil Software\Avast5\aswRunDll.exe
AddRemove-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(592)
c:\program files\Acer Bio Protection\PwdFilter.DLL
.
- - - - - - - > 'Explorer.exe'(2068)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Acer Bio Protection\CompPtcVUI.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\users\HONZK~1\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 21:37:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 19:37
.
Před spuštěním: Volných bajtů: 105 678 774 272
Po spuštění: Volných bajtů: 105 241 190 400
.
- - End Of File - - 0A7C99B731943B375F3182FC893B9207

Restartujte PC a melo by se dat do poradku...

Ja mezitim napisu docistovaci skript

Restart pomohl, uz muzu spoustet

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Restore::
c:\windows\system32\Drivers\atapi.sys

Folder::
c:\windows\av_ico
c:\windows\update.tray-7-0
c:\windows\update.tray-5-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-5-0-lnk
c:\program files\Ask.com
c:\program files\XfireXO
c:\program files\ICQ6Toolbar
C:\Program Files\DAEMON Tools Toolbar

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"=-
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"=-
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"PC Suite Tray"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

Driver::
XDva359
XDva361
XDva367
XDva380
XDva382
ICQ Service

DDS::
uStart Page = hxxp://start.icq.com/

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Combofix log

ComboFix 11-07-26.03 - honzík 26.07.2011 21:58:41.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3067.2311 [GMT 2:00]
Spuštěný z: c:\users\honzÝk\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\honzÝk\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 20:05 . 2011-07-26 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-24 20:16 . 2011-07-24 20:16 -------- d-----w- C:\rsit
2011-07-24 20:16 . 2011-07-24 20:16 -------- d-----w- c:\program files\trend micro
2011-07-24 20:11 . 2011-07-24 20:11 -------- d-----w- c:\windows\av_ico
2011-07-24 20:09 . 2011-07-26 19:31 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-24 20:09 . 2011-07-26 19:31 -------- d--h--w- c:\windows\update.tray-5-0
2011-07-24 20:09 . 2011-07-24 20:09 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-24 20:09 . 2011-07-24 20:09 -------- d--h--w- c:\windows\update.tray-5-0-lnk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\XfireXO\tbXfir.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 18:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-04-16 536576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 13797920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-09-05 3570176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]
R3 XDva361;XDva361;c:\windows\system32\XDva361.sys [x]
R3 XDva367;XDva367;c:\windows\system32\XDva367.sys [x]
R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]
R3 XDva382;XDva382;c:\windows\system32\XDva382.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-15 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-11-10 128888]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-11-10 29520]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-08-05 1807608]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-09-05 3449856]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-03 5120]
S2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2010-08-11 56040]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-08-05 659328]
S3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [2005-09-26 8576]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 119256]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-04-30 64032]
.
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
FF - ProfilePath - c:\users\honzík\AppData\Roaming\Mozilla\Firefox\Profiles\yeamjaot.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(584)
c:\program files\Acer Bio Protection\PwdFilter.DLL
.
Celkový čas: 2011-07-26 22:06:59
ComboFix-quarantined-files.txt 2011-07-26 20:06
ComboFix2.txt 2011-07-26 19:37
.
Před spuštěním: Volných bajtů: 105 341 583 360
Po spuštění: Volných bajtů: 105 282 703 360
.
- - End Of File - - E8D73AAC33B7386B8056484A18E0EA63

Nejak se nam nic neprovedlo

Zkusime to jinak

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

c:\windows\system32\Drivers\atapi.sys
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Send File
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"=-
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"=-
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"PC Suite Tray"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

:services
XDva359
XDva361
XDva367
XDva380
XDva382
ICQ Service

:files
c:\windows\av_ico
c:\windows\update.tray-7-0
c:\windows\update.tray-5-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-5-0-lnk
c:\program files\Ask.com
c:\program files\XfireXO
c:\program files\ICQ6Toolbar
C:\Program Files\DAEMON Tools Toolbar
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

OTM pri praci prestal pracovat a musel byt ukoncenej... Mam spustit stejny skript znovu?

Opakujte postup v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

V nouzovem rezimu se opet seknul...

VirusTotal:

http://www.virustotal.com/file-scan/rep ... 1311710699

Otevrete si poznamkovy blok

Start->spustit->notepad
Vlozte text nize

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"=-
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"=-
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"PC Suite Tray"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

Soubor ulozte jako oprava.reg
Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
Zavrit notepad
Presunte soubor oprava.reg primo na disk c:\ tak aby nebyl v zadne slozce

Stahnete Avenger (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

Kód: Vybrat vše

Folders to delete:
c:\windows\av_ico
c:\windows\update.tray-7-0
c:\windows\update.tray-5-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-5-0-lnk
c:\program files\Ask.com
c:\program files\XfireXO
c:\program files\ICQ6Toolbar
C:\Program Files\DAEMON Tools Toolbar

Drivers to delete:
XDva359
XDva361
XDva367
XDva380
XDva382
ICQ Service

Programs to launch on reboot:
c:\oprava.reg

Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt

Avenger log

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "c:\windows\av_ico" deleted successfully.
Folder "c:\windows\update.tray-7-0" deleted successfully.
Folder "c:\windows\update.tray-5-0" deleted successfully.
Folder "c:\windows\update.tray-7-0-lnk" deleted successfully.
Folder "c:\windows\update.tray-5-0-lnk" deleted successfully.
Folder "c:\program files\Ask.com" deleted successfully.
Folder "c:\program files\XfireXO" deleted successfully.
Folder "c:\program files\ICQ6Toolbar" deleted successfully.
Folder "C:\Program Files\DAEMON Tools Toolbar" deleted successfully.
Driver "XDva359" deleted successfully.
Driver "XDva361" deleted successfully.
Driver "XDva367" deleted successfully.
Driver "XDva380" deleted successfully.
Driver "XDva382" deleted successfully.
Driver "ICQ Service" deleted successfully.
Program "c:\oprava.reg" successfully queued to run on reboot.

Completed script processing.

*******************

Finished! Terminate.

VIRY.CZ

Facebook virus :)

Facebook virus :)

Re: Facebook virus :)

Re: Facebook virus :)

Re: Facebook virus :)

Re: Facebook virus :)

Re: Facebook virus :)

Re: Facebook virus :)

Re: Facebook virus :)

Re: Facebook virus :)

Re: Facebook virus :)

Re: Facebook virus :)

Re: Facebook virus :)

Re: Facebook virus :)

Re: Facebook virus :)

Re: Facebook virus :)