VIRY.CZ

ComboFix 11-08-05.01 - Roger 05.08.2011 19:09:10.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2048.1141 [GMT 2:00]
Spuštěný z: c:\users\Roger\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-05 do 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-05 17:32 . 2011-08-05 17:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-04 13:39 . 2011-08-04 13:39 -------- d-----w- c:\programdata\!SASCORE
2011-07-26 08:03 . 2011-07-26 08:03 -------- d-----w- c:\programdata\Nero
2011-07-26 08:03 . 2011-07-26 08:07 -------- d-----w- c:\program files\Common Files\Ahead
2011-07-26 08:03 . 2011-07-26 08:03 -------- d-----w- c:\program files\Nero
2011-07-25 12:22 . 2011-07-25 12:22 -------- d-----w- c:\program files\Wanadoo Edition
2011-07-25 10:15 . 2011-07-25 10:17 -------- d-----w- c:\program files\ICQ7.5
2011-07-25 09:41 . 2011-07-25 09:40 737280 ----a-w- c:\windows\iun6002.exe
2011-07-25 09:41 . 2011-07-25 09:41 -------- d-----w- c:\program files\Codec Pack - All In 1
2011-07-25 09:14 . 2011-07-25 09:14 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-07-25 08:59 . 2011-07-25 08:59 -------- d-----w- c:\program files\Adobe Media Player
2011-07-25 08:56 . 2011-07-25 08:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-07-23 16:35 . 2011-07-25 12:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-07-23 16:35 . 2011-07-25 08:22 -------- d-----w- c:\program files\ArcSoft
2011-07-23 15:55 . 2011-07-23 15:55 -------- d-sh--we c:\windows\system32\config\systemprofile\Soubory cookie
2011-07-23 15:55 . 2011-07-23 15:55 -------- d-sh--we c:\windows\system32\config\systemprofile\Data aplikací
2011-07-23 15:55 . 2011-07-25 08:26 -------- d-----w- c:\programdata\ArcSoft
2011-07-23 15:53 . 2011-07-25 08:23 -------- d-----w- c:\program files\Common Files\ArcSoft
2011-07-23 15:53 . 1995-08-01 02:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2011-07-23 15:52 . 2011-07-25 12:19 -------- d-----w- c:\program files\Common Files\InstallShield
2011-07-23 15:20 . 2011-07-23 15:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-23 15:19 . 2011-08-04 13:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-23 15:10 . 2009-06-22 16:58 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2011-07-23 09:40 . 2011-07-23 09:40 -------- d-----w- c:\program files\Webteh
2011-07-23 09:36 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-07-23 09:36 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-07-23 09:31 . 2011-07-23 09:31 -------- d-----w- c:\program files\Microsoft Works
2011-07-23 09:27 . 2011-07-23 09:27 -------- d-----w- c:\windows\PCHEALTH
2011-07-23 09:22 . 2011-07-23 09:22 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-07-23 09:21 . 2011-07-23 09:37 -------- d-----w- c:\programdata\Microsoft Help
2011-07-23 09:19 . 2011-07-23 09:19 -------- d-----r- C:\MSOCache
2011-07-23 09:15 . 2011-07-23 09:15 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-23 09:15 . 2011-07-23 09:15 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-07-23 09:15 . 2011-07-23 09:16 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-07-23 09:14 . 2011-07-24 09:29 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-07-22 14:59 . 2011-07-18 10:32 23376 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-07-22 14:59 . 2011-07-18 10:32 20816 ----a-w- c:\windows\system32\dopdfmi7.dll
2011-07-22 14:59 . 2010-02-05 13:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-07-22 14:58 . 2011-07-22 14:58 -------- d-----w- c:\program files\Softland
2011-07-22 14:56 . 2011-07-25 09:02 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-21 16:50 . 2010-12-17 05:56 545 ----a-w- c:\windows\UC.PIF
2011-07-21 16:50 . 2010-12-17 05:56 545 ----a-w- c:\windows\RAR.PIF
2011-07-21 16:50 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-07-21 16:50 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-07-21 16:50 . 2010-12-17 05:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-07-21 16:50 . 2010-12-17 05:56 545 ----a-w- c:\windows\LHA.PIF
2011-07-21 16:50 . 2010-12-17 05:56 545 ----a-w- c:\windows\ARJ.PIF
2011-07-21 16:50 . 2011-07-21 16:50 -------- d-----w- C:\totalcmd
2011-07-21 16:48 . 2011-07-21 16:48 -------- d-----w- c:\program files\PSPad editor
2011-07-21 16:42 . 2011-07-21 16:42 -------- d-----w- c:\program files\NETGATE
2011-07-21 16:34 . 2011-07-21 16:35 -------- d-----r- c:\program files\Skype
2011-07-21 16:34 . 2011-07-21 16:34 -------- d-----w- c:\programdata\Skype
2011-07-21 16:15 . 2011-07-21 16:15 -------- d-----w- c:\programdata\ESTsoft
2011-07-21 16:15 . 2011-07-21 16:15 -------- d-----w- c:\program files\ESTsoft
2011-07-21 16:08 . 2011-07-21 16:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-21 16:08 . 2011-07-21 16:08 -------- d-----w- c:\windows\system32\Macromed
2011-07-21 16:06 . 2011-07-21 16:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-07-21 16:06 . 2011-07-21 16:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-07-21 16:06 . 2011-07-21 16:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-07-21 16:06 . 2011-07-21 16:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-07-21 16:06 . 2011-07-21 16:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-07-21 16:06 . 2011-07-21 16:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-07-21 16:06 . 2011-07-21 16:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-07-21 16:05 . 2011-07-21 16:06 -------- d-----w- c:\program files\QuickTime
2011-07-21 16:05 . 2011-07-21 16:05 -------- d-----w- c:\programdata\Apple Computer
2011-07-21 16:02 . 2011-07-21 16:02 -------- d-----w- c:\program files\Common Files\Apple
2011-07-21 16:01 . 2011-07-21 16:01 -------- d-----w- c:\program files\Apple Software Update
2011-07-21 16:01 . 2011-07-21 16:01 -------- d-----w- c:\programdata\Apple
2011-07-21 15:02 . 2011-07-21 15:02 -------- d-----w- c:\programdata\NVIDIA
2011-07-21 14:56 . 2011-07-21 14:56 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-07-21 14:56 . 2011-07-21 14:57 -------- d-----w- c:\program files\NVIDIA Corporation
2011-07-21 14:13 . 2011-07-21 14:13 -------- d-----w- c:\windows\system32\SPReview
2011-07-21 14:11 . 2011-07-21 14:11 -------- d-----w- c:\windows\system32\EventProviders
2011-07-21 14:03 . 2010-11-20 12:32 5066752 ----a-w- c:\windows\system32\AuthFWSnapin.dll
2011-07-21 14:02 . 2010-11-20 12:36 1077248 ----a-w- c:\windows\system32\Narrator.exe
2011-07-21 14:01 . 2010-11-20 12:19 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-07-21 14:00 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-07-21 14:00 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-07-21 14:00 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-07-21 12:36 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-07-21 12:36 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-07-21 12:36 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-07-21 08:56 . 2011-07-20 23:10 -------- d-----w- c:\windows\Panther
2011-07-21 08:55 . 2011-07-21 14:49 -------- d-----w- C:\Boot
2011-07-21 08:55 . 2011-07-21 08:55 -------- d-----w- c:\windows\system32\OEM
2011-07-21 08:12 . 2011-07-21 08:26 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-21 08:12 . 2011-07-21 08:26 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-21 08:12 . 2011-07-21 08:12 -------- d-----w- c:\programdata\Avira
2011-07-21 08:12 . 2011-07-21 08:12 -------- d-----w- c:\program files\Avira
2011-07-21 07:40 . 2011-07-23 09:27 -------- d-----w- c:\program files\Microsoft.NET
2011-07-21 07:40 . 2011-07-30 15:34 -------- d-sh--w- c:\windows\Installer
2011-07-21 00:21 . 2011-07-21 00:21 -------- d-----w- c:\windows\system32\Wat
2011-07-20 23:44 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-07-20 23:41 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-07-20 23:38 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-07-20 23:37 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-07-20 23:37 . 2010-11-20 12:17 802304 ----a-w- c:\windows\system32\WFS.exe
2011-07-20 23:37 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-07-20 23:37 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-07-20 23:37 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-07-20 23:37 . 2010-11-20 12:18 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-07-20 23:37 . 2011-02-24 05:38 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-07-20 23:37 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-07-20 23:37 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-07-20 23:30 . 2011-06-20 06:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{381E4DD0-76CF-4367-B5CE-BC6CDD0591BF}\mpengine.dll
2011-07-20 23:30 . 2011-05-24 17:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-20 23:21 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-20 23:21 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-20 23:21 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-20 23:21 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-07-20 23:19 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-07-20 23:19 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-07-20 23:19 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll
2011-07-20 23:12 . 2011-07-20 23:12 -------- d-----w- c:\users\Roger
2011-07-20 23:10 . 2011-08-05 17:04 -------- d-----w- c:\windows\system32\wbem\Performance
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-21 14:27 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-21 09:17 . 2011-07-21 09:17 203776 ----a-w- c:\windows\system32\webcheck.dll
2011-06-16 04:30 . 2011-07-21 00:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-04 4599680]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-21 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-23 218688]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-08-04 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-08-04 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-04 123264]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\DRIVERS\3xHybrid.sys [2010-12-01 1141888]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1674607063-3798242019-837177424-1000Core.job
- c:\users\Roger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-21 00:17]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1674607063-3798242019-837177424-1000UA.job
- c:\users\Roger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-21 00:17]
.
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\1vymqyra.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-SpyEmergency - c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-05 19:41:41
ComboFix-quarantined-files.txt 2011-08-05 17:41
.
Před spuštěním: Volných bajtů: 131 664 293 888
Po spuštění: Volných bajtů: 132 848 685 056
.
- - End Of File - - 50CCC51B072F01F063533CF768A9C35F

Zdravím, jsi si vědom toho že ComboFix není dětská hračka s kterou si můžeš hrát kdy se ti zlíbí

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

VIRY.CZ

Prosím o kontrolu logu combo fix

Prosím o kontrolu logu combo fix

Re: Prosím o kontrolu logu combo fix