VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Kontrola logu prosím

https://forum.viry.cz:443/viewtopic.php?t=116322

Stránka 1 z 1

Kontrola logu prosím

Napsal: 24 říj 2011 16:06
od Berry27
Zdravím může te mě překontrolovat log ? měl jsem v PC nakou havět možná ještě mám

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Destiny at 16:52:30 on 2011-10-24
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2047.899 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\sponsorkeyword\sponsorkeyword.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Opera\opera.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://search.qip.ru
uStart Page = hxxp://kr.yahoo.com/ilc101
uDefault_Page_URL = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearch Bar = hxxp://search.qip.ru/ie
uSearchAssistant = hxxp://search.qip.ru/ie
uURLSearchHooks: QIPBHO Class: {a55f9c95-2bb1-4ea2-bc77-dfaab78832ce} - c:\users\destiny\appdata\roaming\microsoft\internet explorer\qipsearchbar.dll
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
uURLSearchHooks: H - No File
uURLSearchHooks: Free Lunch Design TB Toolbar: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - c:\program files\free_lunch_design_tb\prxtbFree.dll
uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyAs.dll
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
mURLSearchHooks: H - No File
mURLSearchHooks: Free Lunch Design TB Toolbar: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - c:\program files\free_lunch_design_tb\prxtbFree.dll
mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyAs.dll
uWinlogon: Shell=explorer.exe,c:\users\destiny\appdata\roaming\ohydy.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: QipLI Class: {6b5863a0-c43f-4c0a-982b-cc0e9125783f} - c:\users\destiny\appdata\roaming\microsoft\internet explorer\qstatsrv.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Pomocná služba pro přihlášení ke službě Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyAs.dll
BHO: QIPBHO Class: {a55f9c95-2bb1-4ea2-bc77-dfaab78832ce} - c:\users\destiny\appdata\roaming\microsoft\internet explorer\qipsearchbar.dll
BHO: Free Lunch Design TB Toolbar: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - c:\program files\free_lunch_design_tb\prxtbFree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
TB: Free Lunch Design TB Toolbar: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - c:\program files\free_lunch_design_tb\prxtbFree.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyAs.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [sponsorkeyword] c:\program files\sponsorkeyword\sponsorkeyword.exe
uRun: [HKCU] c:\users\destiny\appdata\roaming\explorer\svchost.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [reset] regedit /s reset.reg
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{CE5DC67A-E697-486A-9A9F-CF7BCFFCBECD} : DhcpNameServer = 10.0.0.138
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\destiny\appdata\roaming\mozilla\firefox\profiles\4ym3zqdm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - component: c:\users\destiny\appdata\roaming\mozilla\firefox\profiles\4ym3zqdm.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - component: c:\users\destiny\appdata\roaming\mozilla\firefox\profiles\4ym3zqdm.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\users\destiny\appdata\roaming\mozilla\firefox\profiles\4ym3zqdm.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\users\destiny\appdata\roaming\mozilla\firefox\profiles\4ym3zqdm.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
FF - component: c:\users\destiny\appdata\roaming\mozilla\firefox\profiles\4ym3zqdm.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\destiny\appdata\roaming\mozilla\firefox\profiles\4ym3zqdm.default\extensions\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}\components\RadioWMPCore.dll
FF - component: c:\users\destiny\appdata\roaming\mozilla\firefox\profiles\4ym3zqdm.default\extensions\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\destiny\appdata\roaming\mozilla\firefox\profiles\4ym3zqdm.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\users\destiny\appdata\roaming\mozilla\firefox\profiles\4ym3zqdm.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: c:\users\destiny\appdata\roaming\mozilla\firefox\profiles\4ym3zqdm.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\users\destiny\appdata\roaming\mozilla\firefox\profiles\4ym3zqdm.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\destiny\appdata\roaming\mozilla\firefox\profiles\4ym3zqdm.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: QipCounter: QipCounter@qip.ru - %profile%\extensions\QipCounter@qip.ru
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Free Lunch Design TB Community Toolbar: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - %profile%\extensions\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: MyAshampoo Community Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - %profile%\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
regfile="regedit.exe" "%1"
.
=============== Created Last 30 ================
.
2011-10-24 14:49:07 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6c173860-ed3b-4a35-abb3-3f54c0e30c46}\offreg.dll
2011-10-23 17:12:59 -------- d-sh--w- C:\driver
2011-10-23 14:09:07 -------- d-----w- c:\programdata\Test Drive Unlimited
2011-10-18 04:31:16 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6c173860-ed3b-4a35-abb3-3f54c0e30c46}\mpengine.dll
2011-10-08 15:01:40 -------- d-----w- c:\program files\Procházky za měsíčního svitu
2011-10-08 09:35:54 -------- d-----w- c:\program files\sponsorkeyword
2011-10-08 09:35:50 -------- d-----w- c:\program files\CodiGirls KM
2011-09-30 14:59:22 -------- d-----w- c:\users\destiny\appdata\roaming\ultrastardx
2011-09-30 14:59:22 -------- d-----w- c:\program files\UltraStar Deluxe
2011-09-30 14:53:07 -------- d-----w- c:\users\destiny\zaloha
2011-09-30 11:42:33 -------- d-----w- c:\program files\MyAshampoo
2011-09-30 11:38:21 815104 ----a-w- c:\windows\system32\xvidcore.dll
2011-09-30 11:38:21 77824 ----a-w- c:\windows\system32\xvid.ax
2011-09-30 11:38:21 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2011-09-30 11:38:20 -------- d-----w- c:\program files\Xvid
2011-09-30 08:43:21 -------- d-----w- c:\program files\UltraStar
2011-09-30 08:31:43 737280 ----a-w- c:\windows\iun6002.exe
2011-09-30 08:28:37 -------- d-----w- c:\programdata\Recisio
2011-09-30 08:28:37 -------- d-----w- c:\program files\KaraFun
2011-09-25 15:27:26 -------- d-----w- c:\users\destiny\appdata\roaming\Aegisub
2011-09-25 15:23:37 -------- d-----w- c:\program files\Aegisub
2011-09-25 11:25:37 -------- d-----w- c:\program files\Media Player Classic - Home Cinema
2011-09-25 07:22:24 -------- d-----w- c:\program files\URUSoft
2011-09-24 15:03:30 -------- d-----w- c:\users\destiny\appdata\roaming\BSplayer PRO
2011-09-24 15:03:29 -------- d-----w- c:\program files\Webteh
.
==================== Find3M ====================
.
2011-08-22 13:35:18 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-22 13:35:18 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-22 13:20:56 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-22 13:19:57 234768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-08-03 01:31:54 311912 ----a-w- c:\windows\system32\nvStreaming.exe
.
============= FINISH: 16:54:41,13 ===============

Re: Kontrola logu prosím

Napsal: 24 říj 2011 17:46
od Rudy
Také zdravím!
Poprosím o log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: Kontrola logu prosím

Napsal: 25 říj 2011 11:55
od Berry27
tak tady je log z ComboFixu a děkuju

ComboFix 11-10-24.05 - Destiny 25.10.2011 12:41:17.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2047.1004 [GMT 2:00]
Spuštěný z: c:\users\Destiny\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\sponsorkeyword
c:\program files\sponsorkeyword\sponsorkeyword.exe
c:\program files\sponsorkeyword\sponsorkeyword_uninstall.exe
c:\users\Destiny\AppData\Roaming\Destinylog.dat
c:\users\Destiny\AppData\Roaming\explorer
c:\users\Destiny\AppData\Roaming\Microsoft\Internet Explorer\qsTAtsrv.dll
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-25 do 2011-10-25 )))))))))))))))))))))))))))))))
.
.
2011-10-25 10:51 . 2011-10-25 10:51 -------- d-----w- c:\users\Destiny\AppData\Local\temp
2011-10-25 10:51 . 2011-10-25 10:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-25 10:51 . 2011-10-25 10:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-25 04:47 . 2011-10-25 04:47 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C173860-ED3B-4A35-ABB3-3F54C0E30C46}\offreg.dll
2011-10-24 15:00 . 2011-10-24 15:00 -------- d-----w- C:\rsit
2011-10-24 15:00 . 2011-10-24 15:00 -------- d-----w- c:\program files\trend micro
2011-10-23 17:12 . 2011-10-23 17:13 -------- d-----w- C:\driver
2011-10-23 14:09 . 2011-10-23 14:25 -------- d-----w- c:\programdata\Test Drive Unlimited
2011-10-18 04:31 . 2011-09-21 07:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C173860-ED3B-4A35-ABB3-3F54C0E30C46}\mpengine.dll
2011-10-08 15:01 . 2011-10-08 15:03 -------- d-----w- c:\program files\Procházky za měsíčního svitu
2011-10-08 09:35 . 2011-10-08 09:35 -------- d-----w- c:\program files\CodiGirls KM
2011-09-30 14:59 . 2011-10-01 18:19 -------- d-----w- c:\users\Destiny\AppData\Roaming\ultrastardx
2011-09-30 14:59 . 2011-09-30 14:59 -------- d-----w- c:\program files\UltraStar Deluxe
2011-09-30 14:53 . 2011-09-30 15:00 -------- d-----w- c:\users\Destiny\zaloha
2011-09-30 11:42 . 2011-09-30 11:42 -------- d-----w- c:\program files\MyAshampoo
2011-09-30 11:38 . 2008-12-13 18:01 77824 ----a-w- c:\windows\system32\xvid.ax
2011-09-30 11:38 . 2008-12-04 19:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2011-09-30 11:38 . 2008-12-04 19:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2011-09-30 11:38 . 2011-09-30 11:38 -------- d-----w- c:\program files\Xvid
2011-09-30 08:43 . 2011-09-30 08:43 -------- d-----w- c:\program files\UltraStar
2011-09-30 08:28 . 2011-09-30 08:28 -------- d-----w- c:\program files\KaraFun
2011-09-30 08:28 . 2011-09-30 08:28 -------- d-----w- c:\programdata\Recisio
2011-09-25 15:27 . 2011-09-27 14:48 -------- d-----w- c:\users\Destiny\AppData\Roaming\Aegisub
2011-09-25 15:23 . 2011-09-25 15:23 -------- d-----w- c:\program files\Aegisub
2011-09-25 11:25 . 2011-09-25 11:25 -------- d-----w- c:\program files\Media Player Classic - Home Cinema
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-22 13:35 . 2010-03-26 22:00 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-22 13:35 . 2010-03-26 20:54 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-22 13:20 . 2010-03-26 20:54 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-22 13:19 . 2010-03-26 20:54 234768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-08-03 11:50 . 2011-09-24 14:33 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-03 11:50 . 2011-09-24 14:33 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-03 11:50 . 2011-09-24 14:33 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:50 . 2011-09-24 14:33 5404776 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:50 . 2011-09-24 14:33 2391656 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:50 . 2011-09-24 14:33 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:50 . 2011-09-24 14:33 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:50 . 2011-09-24 14:33 16595560 ----a-w- c:\windows\system32\nvoglv32.dll
2011-08-03 11:50 . 2011-09-24 14:33 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-03 11:50 . 2011-04-07 20:45 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-03 11:50 . 2011-04-07 20:45 599144 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-04-07 20:45 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2011-04-07 20:44 3730024 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-04-07 20:44 2558568 ----a-w- c:\windows\system32\nvsvc.dll
2011-08-03 11:50 . 2010-10-16 10:42 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-08-03 11:50 . 2010-08-27 22:16 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-08-03 11:50 . 2010-08-27 22:16 12636776 ----a-w- c:\windows\system32\nvd3dum.dll
2011-08-03 11:50 . 2010-08-27 22:16 2412136 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:50 . 2010-04-03 16:27 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 01:31 . 2011-08-03 01:31 311912 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{a5ae8924-4036-420f-b7f6-a47e4b8f692e}"= "c:\program files\Free_Lunch_Design_TB\prxtbFree.dll" [2011-01-17 175912]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyAs.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-06-03 16:24 2736736 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 15:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyAs.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Free_Lunch_Design_TB\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{a5ae8924-4036-420f-b7f6-a47e4b8f692e}"= "c:\program files\Free_Lunch_Design_TB\prxtbFree.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyAs.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{A5AE8924-4036-420F-B7F6-A47E4B8F692E}"= "c:\program files\Free_Lunch_Design_TB\prxtbFree.dll" [2011-01-17 175912]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyAs.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-01-27 395640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"="regedit" [X]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" silent loginmode=4
"QIP Internet Guardian"=c:\users\Destiny\AppData\Roaming\QipGuard\QipGuard.exe
"Infium"="c:\program files\QIP 2010\qip.exe" /autorun
"NCsoft Launcher"=c:\program files\NCSoft\Launcher\NCLauncher.exe /Minimized
"HKCU"=c:\users\Destiny\AppData\Roaming\explorer\svchost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 136176]
R3 cpuz130;cpuz130;c:\users\Destiny\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 136176]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-06 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-27 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-09 114984]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-09 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-09 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-09 96896]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-21 1957672]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-17 1044808]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-05-10 139368]
S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\Drivers\DB3G.sys [2005-04-24 13225]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-04-23 27632]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 19:58]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 19:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://kr.yahoo.com/ilc101
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\4ym3zqdm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: QipCounter: QipCounter@qip.ru - %profile%\extensions\QipCounter@qip.ru
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Free Lunch Design TB Community Toolbar: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - %profile%\extensions\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: MyAshampoo Community Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - %profile%\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-sponsorkeyword - c:\program files\sponsorkeyword\sponsorkeyword_uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1861966806-1999747004-3710373097-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*.'*.]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1861966806-1999747004-3710373097-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*.'*.\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1861966806-1999747004-3710373097-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€r*Ż@Clestib]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1861966806-1999747004-3710373097-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€r*Ż@Clestib\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1861966806-1999747004-3710373097-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*.'*.]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,44,65,73,74,69,6e,79,5c,44,65,73,6b,74,6f,
70,5c,4b,41,42,45,4c,4f,56,4b,41,20,43,5a,20,53,4b,20,52,55,53,20,45,4e,47,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1861966806-1999747004-3710373097-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**€r*Ż@Clestib]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,44,65,73,74,69,6e,79,5c,41,6e,69,6d,65,5c,
42,6c,65,61,63,68,5c,32,39,32,00,42,00,6c,00,65,00,f9,5a,ec,7d,2e,00,00,80,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1861966806-1999747004-3710373097-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a1,1f,b5,cf,19,ba,35,b9,95,87,5e,9a,44,20,a3,a4,0c,4f,fd,e9,08,01,84,
46,d2,90,e6,01,d5,60,82,1b,50,25,40,68,66,f5,a0,39,3e,a1,70,77,7f,4a,80,29,\
"??"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_USERS\S-1-5-21-1861966806-1999747004-3710373097-1000\Software\SecuROM\License information*]
"datasecu"=hex:7b,47,6a,c2,00,76,09,8c,ff,1a,e9,e8,bc,12,75,2e,ba,39,b7,cc,0c,
4d,4b,2d,cc,48,24,c7,d7,c0,0d,7b,d0,e7,35,b9,19,0c,62,d3,c4,9e,7c,ed,0d,e9,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\.eml\shellex]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.nws\shellex]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-10-25 12:53:50
ComboFix-quarantined-files.txt 2011-10-25 10:53
.
Před spuštěním: Volných bajtů: 56 058 257 408
Po spuštění: Volných bajtů: 60 032 684 032
.
- - End Of File - - E72E31441292AE0920700DA5C55D2EC9

Re: Kontrola logu prosím

Napsal: 25 říj 2011 18:40
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Firefox::
FF - ProfilePath - c:\users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\4ym3zqdm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT24750 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: QipCounter: QipCounter@qip.ru - %profile%\extensions\QipCounter@qip.ru
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Free Lunch Design TB Community Toolbar: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - %profile%\extensions\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: MyAshampoo Community Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - %profile%\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

RegLockDel::
[HKEY_USERS\S-1-5-21-1861966806-1999747004-3710373097-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*.'*.\OpenWithList]
[HKEY_USERS\S-1-5-21-1861966806-1999747004-3710373097-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€r*Ż@Clestib]
[HKEY_USERS\S-1-5-21-1861966806-1999747004-3710373097-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€r*Ż@Clestib\OpenWithList]
[HKEY_USERS\S-1-5-21-1861966806-1999747004-3710373097-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€r*Ż@Clestib\OpenWithList]
[HKEY_USERS\S-1-5-21-1861966806-1999747004-3710373097-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**€r*Ż@Clestib]
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Kontrola logu prosím

Napsal: 26 říj 2011 11:31
od Berry27
Děkuji za pomoc :)

Re: Kontrola logu prosím

Napsal: 26 říj 2011 17:09
od Rudy
Rád bych viděl log CF po posledním skenu.

Re: Kontrola logu prosím

Napsal: 27 říj 2011 13:25
od Berry27
jasně jen to ma moc znaku tak to dam odkazem..
http://berry.hys.cz/ostatni/log.txt

Re: Kontrola logu prosím

Napsal: 27 říj 2011 16:34
od Rudy
Pod "Ostatní výmazy" najdete smazané infikované položky. Zbytek logu vypadá čistý.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz