VIRY.CZ

ComboFix 11-11-02.03 - Kubwais 03.11.2011 1:22.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3067.1687 [GMT 1:00]
Spuštěný z: c:\users\Kubwais\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\IsUn0405.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\SysWow64\CF22841.exe
c:\windows\Temp\4963878.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-03 do 2011-11-03 )))))))))))))))))))))))))))))))
.
.
2011-11-03 00:27 . 2011-11-03 00:27 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-11-03 00:27 . 2011-11-03 00:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-02 23:53 . 2011-11-02 23:53 8704 ----a-w- c:\windows\system32\drivers\PROCEXP90.SYS
2011-11-02 23:45 . 2011-11-02 23:45 -------- d--h--w- c:\windows\update.tray-7-0
2011-11-02 23:45 . 2011-11-02 23:45 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-11-02 23:42 . 2011-09-06 21:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-02 23:42 . 2011-09-06 21:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-02 23:42 . 2011-09-06 21:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-02 23:42 . 2011-09-06 21:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-02 23:42 . 2011-09-06 21:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-02 23:42 . 2011-09-06 21:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-02 23:42 . 2011-09-06 21:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-02 23:40 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-02 23:40 . 2011-09-06 21:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-02 23:23 . 2011-11-02 23:23 -------- d-----w- c:\program files (x86)\AMD APP
2011-11-02 22:20 . 2011-11-02 22:20 -------- d-----w- c:\users\Kubwais\AppData\Roaming\URSoft
2011-11-02 22:20 . 2011-11-02 23:22 -------- d-----w- c:\program files (x86)\Your Uninstaller 2010
2011-10-30 15:58 . 2011-10-30 15:58 -------- d-----w- c:\program files\trend micro
2011-10-30 15:58 . 2011-10-30 15:58 -------- d-----w- C:\rsit
2011-10-30 14:36 . 2011-10-30 14:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-30 14:36 . 2011-10-30 14:36 -------- d-----w- c:\users\Kubwais\AppData\Roaming\SUPERAntiSpyware.com
2011-10-30 11:13 . 2011-10-30 11:13 -------- d-----w- C:\ATI
2011-10-30 11:06 . 2011-11-02 23:53 -------- d-----w- c:\windows\ufa
2011-10-30 11:05 . 2011-11-02 23:53 246272 ----a-w- c:\windows\unrar.exe
2011-10-30 11:01 . 2011-11-02 22:50 -------- d--h--w- c:\windows\update.tray-2-0
2011-10-30 11:01 . 2011-11-02 22:50 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-10-28 14:31 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00F79807-52E9-49BD-B55E-57AA4FBAD39A}\mpengine.dll
2011-10-26 19:11 . 2011-10-26 19:11 -------- d-----w- c:\programdata\Sony Corporation
2011-10-26 19:11 . 2011-10-26 19:11 -------- d-----w- c:\program files (x86)\Sony
2011-10-24 21:06 . 2011-10-26 18:19 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2011-10-24 21:06 . 2011-10-26 18:19 88 --sh--r- c:\programdata\615E8FABC3.sys
2011-10-24 21:01 . 2011-10-24 21:01 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2011-10-24 20:59 . 2011-10-24 20:59 -------- d-----w- c:\program files (x86)\Common Files\Corel
2011-10-24 20:59 . 2011-10-24 20:59 -------- d-----w- c:\program files (x86)\Corel
2011-10-24 02:25 . 2011-10-24 02:25 -------- d-----w- c:\windows\system32\Macromed
2011-10-23 21:09 . 2011-10-23 21:15 -------- d-----w- c:\program files (x86)\ICQ7.6
2011-10-19 17:44 . 2011-11-02 23:24 -------- d-----w- c:\users\Kubwais\AppData\Local\Facebook
2011-10-13 19:10 . 2011-10-13 19:21 -------- d-----w- c:\users\Kubwais\AppData\Local\Seznam.cz
2011-10-13 19:08 . 2011-10-13 19:09 -------- d-----w- c:\program files (x86)\Seznam.cz
2011-10-13 18:27 . 2011-10-13 18:27 -------- d-----w- c:\users\Kubwais\AppData\Local\Babylon
2011-10-13 18:27 . 2011-10-13 18:27 -------- d-----w- c:\users\Kubwais\AppData\Roaming\Babylon
2011-10-13 18:27 . 2011-10-13 18:27 -------- d-----w- c:\programdata\Babylon
2011-10-13 18:27 . 2011-10-13 19:51 -------- d-----w- c:\program files\Expresso
2011-10-12 11:32 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 11:32 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 11:32 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 11:32 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 11:32 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 11:32 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 11:32 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-12 11:32 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 11:32 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-02 23:09 . 2011-05-13 21:40 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 03:06 . 2010-05-26 15:33 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-24 19:19 . 2011-08-24 19:19 56320 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-08-24 19:18 . 2011-08-24 19:18 13601280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-08-24 19:17 . 2011-08-24 19:17 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files (x86)\Seznam.cz\toolbar\toolbar.dll" [2011-09-27 188960]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-03-23 399736]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"PCSpeedUp"="c:\program files (x86)\Zrychleni Pocitace\PCSpeedUp.lnk" [2011-10-03 2430]
"Facebook Update"="c:\users\Kubwais\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-19 137536]
"ICQ"="c:\program files (x86)\ICQ7.6\ICQ.exe" [2011-10-23 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Camera Assistant Software"="c:\program files (x86)\Camera Assistant Software for Toshiba\traybar.exe" [2009-07-27 424496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"tray_ico0"="c:\windows\update.tray-2-0\svchost.exe" [2011-10-30 1109504]
"tray_ico1"="c:\windows\update.tray-7-0\svchost.exe" [2011-10-30 1109504]
.
c:\users\Kubwais\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files (x86)\Secunia\PSI\psi.exe [2010-7-21 965176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-29 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-09-27 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [x]
S3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-179869348-808994521-3457015576-1000Core.job
- c:\users\Kubwais\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 17:44]
.
2011-10-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-179869348-808994521-3457015576-1000UA.job
- c:\users\Kubwais\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 17:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
"combofix"="c:\combofix\CF28334.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&utm_medium=generic
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\users\Kubwais\AppData\Local\Seznam.cz\listicka.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 10.10.0.10 192.168.0.1
FF - ProfilePath - c:\users\Kubwais\AppData\Roaming\Mozilla\Firefox\Profiles\pyy768of.default\
FF - prefs.js: browser.search.defaulturl - hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=aacc2ea500000000000000238b80fb94&tlver=1.4.35.10&affID=100815
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-wxpdrv - c:\windows\services32.exe
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Wow6432Node-HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
SafeBoot-wxpdrivers
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShA64.dll
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
AddRemove-avast - c:\program files\AVAST Software\Avast\aswRunDll.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2011-11-03 01:35:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-03 00:35
.
Před spuštěním: Volných bajtů: 20 791 693 312
Po spuštění: Volných bajtů: 20 565 512 192
.
- - End Of File - - F487C144BC470BEE9BE569FDAB433167

Zdravím,
v pravidlech by ses dočetl, že začínáme logem RSIT a v doporučení zdejších poradců, že ComboFix se používá až na jejich pokyn.

RSIT už mi netřeba - máš FBvirus, takže pokračuj

stáhni a spusť http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
dej volbu 2 - vytvořený log sem zkopíruj

opakuj s volbou 3 a 4 (logy mi dej)

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované adresáře:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych rád viděl

dobrý den omlouvám se za nedodržení postupu . polepším se zatím ten první log

RogueKiller V6.1.6 [11/01/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Kubwais [Admin rights]
Mode: Remove -- Date : 11/04/2011 13:29:14

Bad processes: 14
[SVCHOST] svchost.exe -- C:\Windows\update.tray-2-0\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.tray-7-0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] sysdriver32.exe -- C:\Windows\sysdriver32.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- C:\Windows\update.5.0\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.5.0\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SERVICE] srvsysdriver32 -- C:\Windows\sysdriver32.exe srv -> STOPPED
[SERVICE] srviecheck -- C:\Windows\update.2\svchost.exe srv -> STOPPED
[SERVICE] srvbtcclient -- C:\Windows\update.5.0\svchost.exe srv -> STOPPED

Registry Entries: 11
[SUSP PATH] HKCU\[...]\Run : Facebook Update ("C:\Users\Kubwais\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\Windows\sysdriver32.exe srv) -> DELETED
[SUSP PATH] FacebookUpdateTaskUserS-1-5-21-179869348-808994521-3457015576-1000UA.job : C:\Users\Kubwais\AppData\Local\Facebook\Update\FacebookUpdate.exe -> DELETED
[SUSP PATH] FacebookUpdateTaskUserS-1-5-21-179869348-808994521-3457015576-1000Core.job : C:\Users\Kubwais\AppData\Local\Facebook\Update\FacebookUpdate.exe -> DELETED
[SUSP PATH] FacebookUpdateTaskUserS-1-5-21-179869348-808994521-3457015576-1000Core.job : C:\Users\Kubwais\AppData\Local\Facebook\Update\FacebookUpdate.exe -> DELETED
[SUSP PATH] FacebookUpdateTaskUserS-1-5-21-179869348-808994521-3457015576-1000UA.job : C:\Users\Kubwais\AppData\Local\Facebook\Update\FacebookUpdate.exe -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()

Particular Files / Folders:

Driver: [NOT LOADED]

HOSTS File:
127.0.0.1 localhost
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
127.0.0.1 fr-fr.facebook.com
127.0.0.1 fy-nl.facebook.com
[...]

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verze databáze: 8083

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

4.11.2011 15:13:35
mbam-log-2011-11-04 (15-13-35).txt

Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 342670
Uplynulý čas: 39 minut, 48 sekund

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče v registru: 3
Infikované hodnoty v registru: 10
Infikované datové položky v registru: 3
Infikované složky: 1
Infikované soubory: 48

Infikované procesy v paměti:
c:\Windows\ufa\ufa.exe (PUP.BitMiner) -> 5340 -> Unloaded process successfully.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Agent) -> Value: tray_ico0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Agent) -> Value: tray_ico1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4891328.exe (Trojan.Agent) -> Value: 4891328.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6295650.exe (Trojan.Agent) -> Value: 6295650.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\222531.exe (Trojan.Dropper.H) -> Value: 222531.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9222725.exe (Trojan.Agent) -> Value: 9222725.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

Infikované soubory:
c:\Windows\ufa\ufa.exe (PUP.BitMiner) -> Quarantined and deleted successfully.
c:\Windows\update.tray-2-0\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Kubwais\AppData\Local\Temp\4891328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\temp\6295650.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\temp\222531.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.
c:\Users\Kubwais\AppData\Local\Temp\9222725.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\install\windows loader.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\services32.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\sysdriver32.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\sysdriver32_.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\update.1\svchost.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\update.2\svchost.exe.vir (Trojan.Dropper.H) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\update.5.0\svchost.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Kubwais\Desktop\rk_quarantine\svchost.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Kubwais\Desktop\rk_quarantine\sysdriver32.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\53020141\X (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\53020141\X (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Windows\temp\333_myunrar2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\temp\5236062.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\update.2\svchost.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\update.tray-2-0-lnk\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.tray-7-0-lnk\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\install\cyberlink.powerdvd.ultra.v8.0.1730 cz\keygen\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
d:\install\tuneup.utilities.2010.v9.0.2020.2.incl.keymaker\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
d:\install\tuneup.utilities.2010.v9.0.2020.2.incl.keymaker\keygen.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
d:\install\zoner photo studio 11.0.1.3\Crack\zoner.photo.studio.v11.0.1.3.enterprise.czech-patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
d:\Swsetup\new windows 7 activator [2010] [blaze69]\new windows 7 activator [2010]\7loader release 5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\Swsetup\new windows 7 activator [2010] [blaze69]\new windows 7 activator [2010]\removewat.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.
c:\Windows\temp\1665090.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\temp\2947006.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

RogueKiller V6.1.6 [11/01/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Kubwais [Admin rights]
Mode: HOSTSFix -- Date : 11/04/2011 15:19:47

Bad processes: 0

Driver: [NOT LOADED]

HOSTS File:
127.0.0.1 localhost
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
127.0.0.1 fr-fr.facebook.com
127.0.0.1 fy-nl.facebook.com
[...]

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

RogueKiller V6.1.6 [11/01/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Kubwais [Admin rights]
Mode: ProxyFix -- Date : 11/04/2011 15:20:52

Bad processes: 0

Driver: [NOT LOADED]

Registry Entries: 0

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

Udělej mi nov ComboFix - připravím script na dočištění

ComboFix 11-11-04.03 - Kubwais 04.11.2011 19:14:53.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3067.1931 [GMT 1:00]
Spuštěný z: c:\users\Kubwais\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\consrv.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-04 do 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-04 18:20 . 2011-11-04 18:20 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-11-04 18:20 . 2011-11-04 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-04 14:50 . 2011-11-04 15:03 -------- d-----w- c:\programdata\AVAST Software
2011-11-04 14:50 . 2011-11-04 14:50 -------- d-----w- c:\program files\AVAST Software
2011-11-04 12:59 . 2011-11-04 12:59 -------- d-----w- c:\users\Kubwais\AppData\Roaming\Malwarebytes
2011-11-04 12:58 . 2011-11-04 12:58 -------- d-----w- c:\programdata\Malwarebytes
2011-11-04 12:58 . 2011-11-04 12:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-04 12:58 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-02 23:53 . 2011-11-02 23:53 8704 ----a-w- c:\windows\system32\drivers\PROCEXP90.SYS
2011-11-02 23:45 . 2011-11-04 14:13 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-11-02 23:45 . 2011-11-04 14:13 -------- d--h--w- c:\windows\update.tray-7-0
2011-11-02 23:42 . 2011-09-06 21:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-02 23:23 . 2011-11-02 23:23 -------- d-----w- c:\program files (x86)\AMD APP
2011-11-02 22:20 . 2011-11-02 22:20 -------- d-----w- c:\users\Kubwais\AppData\Roaming\URSoft
2011-11-02 22:20 . 2011-11-02 23:22 -------- d-----w- c:\program files (x86)\Your Uninstaller 2010
2011-10-30 15:58 . 2011-10-30 15:58 -------- d-----w- c:\program files\trend micro
2011-10-30 15:58 . 2011-10-30 15:58 -------- d-----w- C:\rsit
2011-10-30 14:36 . 2011-10-30 14:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-30 14:36 . 2011-10-30 14:36 -------- d-----w- c:\users\Kubwais\AppData\Roaming\SUPERAntiSpyware.com
2011-10-30 11:13 . 2011-10-30 11:13 -------- d-----w- C:\ATI
2011-10-30 11:06 . 2011-11-04 14:13 -------- d-----w- c:\windows\ufa
2011-10-30 11:05 . 2011-11-03 00:45 246272 ----a-w- c:\windows\unrar.exe
2011-10-30 11:01 . 2011-11-04 14:13 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-10-30 11:01 . 2011-11-04 14:13 -------- d--h--w- c:\windows\update.tray-2-0
2011-10-28 14:31 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00F79807-52E9-49BD-B55E-57AA4FBAD39A}\mpengine.dll
2011-10-26 19:11 . 2011-10-26 19:11 -------- d-----w- c:\programdata\Sony Corporation
2011-10-26 19:11 . 2011-10-26 19:11 -------- d-----w- c:\program files (x86)\Sony
2011-10-24 21:06 . 2011-10-26 18:19 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2011-10-24 21:06 . 2011-10-26 18:19 88 --sh--r- c:\programdata\615E8FABC3.sys
2011-10-24 21:01 . 2011-10-24 21:01 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2011-10-24 20:59 . 2011-10-24 20:59 -------- d-----w- c:\program files (x86)\Common Files\Corel
2011-10-24 20:59 . 2011-10-24 20:59 -------- d-----w- c:\program files (x86)\Corel
2011-10-24 02:25 . 2011-10-24 02:25 -------- d-----w- c:\windows\system32\Macromed
2011-10-23 21:09 . 2011-10-23 21:15 -------- d-----w- c:\program files (x86)\ICQ7.6
2011-10-19 17:44 . 2011-11-02 23:24 -------- d-----w- c:\users\Kubwais\AppData\Local\Facebook
2011-10-13 19:10 . 2011-10-13 19:21 -------- d-----w- c:\users\Kubwais\AppData\Local\Seznam.cz
2011-10-13 19:08 . 2011-10-13 19:09 -------- d-----w- c:\program files (x86)\Seznam.cz
2011-10-13 18:27 . 2011-10-13 18:27 -------- d-----w- c:\users\Kubwais\AppData\Local\Babylon
2011-10-13 18:27 . 2011-10-13 18:27 -------- d-----w- c:\users\Kubwais\AppData\Roaming\Babylon
2011-10-13 18:27 . 2011-10-13 18:27 -------- d-----w- c:\programdata\Babylon
2011-10-13 18:27 . 2011-10-13 19:51 -------- d-----w- c:\program files\Expresso
2011-10-12 11:32 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 11:32 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 11:32 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 11:32 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 11:32 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 11:32 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 11:32 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-12 11:32 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 11:32 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-02 23:09 . 2011-05-13 21:40 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 03:06 . 2010-05-26 15:33 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-24 19:19 . 2011-08-24 19:19 56320 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-08-24 19:18 . 2011-08-24 19:18 13601280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-08-24 19:17 . 2011-08-24 19:17 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-03_00.29.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-11-03 00:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-04 18:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-03 00:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-04 18:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-04 18:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-03 00:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-12 09:01 . 2011-11-04 15:12 43320 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-04 15:12 42754 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-11 23:04 . 2011-11-04 15:12 12416 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-179869348-808994521-3457015576-1000_UserData.bin
- 2009-07-14 05:30 . 2011-11-02 23:49 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-11-04 15:12 86016 c:\windows\system32\DriverStore\infpub.dat
- 2010-03-11 10:57 . 2011-11-02 23:22 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-11 10:57 . 2011-11-04 18:02 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-04 18:03 . 2011-11-04 18:03 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-07-14 04:54 . 2011-11-04 18:03 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-04 18:03 . 2011-11-04 18:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2011-08-15 10:04 . 2011-08-20 22:17 16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2011-08-15 10:04 . 2011-11-04 18:02 16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2011-11-02 23:23 . 2011-11-03 01:03 88102 c:\windows\Installer\{4A35302C-A6D3-DDE5-38BA-55E7BABA9670}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
- 2011-11-02 23:23 . 2011-11-02 23:23 88102 c:\windows\Installer\{4A35302C-A6D3-DDE5-38BA-55E7BABA9670}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
- 2011-11-02 23:23 . 2011-11-02 23:23 88102 c:\windows\Installer\{4A35302C-A6D3-DDE5-38BA-55E7BABA9670}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-11-02 23:23 . 2011-11-03 01:03 88102 c:\windows\Installer\{4A35302C-A6D3-DDE5-38BA-55E7BABA9670}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
- 2011-11-02 23:23 . 2011-11-02 23:23 88102 c:\windows\Installer\{4A35302C-A6D3-DDE5-38BA-55E7BABA9670}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-11-02 23:23 . 2011-11-03 01:03 88102 c:\windows\Installer\{4A35302C-A6D3-DDE5-38BA-55E7BABA9670}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
- 2011-11-02 23:23 . 2011-11-02 23:23 88102 c:\windows\Installer\{4A35302C-A6D3-DDE5-38BA-55E7BABA9670}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-11-02 23:23 . 2011-11-03 01:03 88102 c:\windows\Installer\{4A35302C-A6D3-DDE5-38BA-55E7BABA9670}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-11-02 23:23 . 2011-11-03 01:03 88102 c:\windows\Installer\{4A35302C-A6D3-DDE5-38BA-55E7BABA9670}\ARPPRODUCTICON.exe
- 2011-11-02 23:23 . 2011-11-02 23:23 88102 c:\windows\Installer\{4A35302C-A6D3-DDE5-38BA-55E7BABA9670}\ARPPRODUCTICON.exe
- 2011-11-03 00:29 . 2011-11-03 00:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-04 18:21 . 2011-11-04 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-04 18:21 . 2011-11-04 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-03 00:29 . 2011-11-03 00:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-03-13 18:22 . 2011-11-03 00:29 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-13 18:22 . 2011-11-04 18:21 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-11 21:32 . 2011-11-04 12:24 519180 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:30 . 2011-11-04 15:12 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-11-02 23:49 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-11-04 15:12 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-11-02 23:49 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:12 . 2011-11-03 00:29 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-11-02 23:22 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-11 10:57 . 2011-11-04 18:05 262144 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 05:01 . 2011-11-04 18:20 479488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-03 00:28 479488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-27 11:35 . 2011-11-04 18:20 6041312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-179869348-808994521-3457015576-1000-8192.dat
- 2011-03-27 11:35 . 2011-11-02 22:43 6041312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-179869348-808994521-3457015576-1000-8192.dat
- 2011-03-27 11:35 . 2011-11-03 00:28 4764674 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-179869348-808994521-3457015576-1000-12288.dat
+ 2011-03-27 11:35 . 2011-11-04 15:09 4764674 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-179869348-808994521-3457015576-1000-12288.dat
+ 2011-11-02 23:44 . 2011-11-04 18:20 3286204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-08-25 20:55 . 2011-08-25 20:55 6771712 c:\windows\Installer\1ee90a.msi
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files (x86)\Seznam.cz\toolbar\toolbar.dll" [2011-09-27 188960]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-03-23 399736]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"PCSpeedUp"="c:\program files (x86)\Zrychleni Pocitace\PCSpeedUp.lnk" [2011-10-03 2430]
"ICQ"="c:\program files (x86)\ICQ7.6\ICQ.exe" [2011-10-23 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Camera Assistant Software"="c:\program files (x86)\Camera Assistant Software for Toshiba\traybar.exe" [2009-07-27 424496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-29 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1029 /KBD:2 /wow /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-09-27 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [x]
S3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [BU]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
"combofix"="c:\combofix\CF29146.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&utm_medium=generic
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\users\Kubwais\AppData\Local\Seznam.cz\listicka.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 194.228.41.65
FF - ProfilePath - c:\users\Kubwais\AppData\Roaming\Mozilla\Firefox\Profiles\pyy768of.default\
FF - prefs.js: browser.search.defaulturl - hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=aacc2ea500000000000000238b80fb94&tlver=1.4.35.10&affID=100815
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2011-11-04 19:28:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-04 18:28
ComboFix2.txt 2011-11-03 00:35
.
Před spuštěním: Volných bajtů: 25 611 280 384
Po spuštění: Volných bajtů: 25 636 495 360
.
- - End Of File - - 646909B42D4DBAEF6D5B9DF8B6573435

Pokud nemáš ComboFix na ploše, přesuň jej tam.
Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript

Kód: Vybrat vše

KillAll::

Folder::
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0
c:\windows\ufa
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0

File::
c:\windows\unrar.exe
c:\programdata\615E8FABC3.sys
c:\windows\system32\DRIVERS\ehdrv.sys
c:\windows\system32\DRIVERS\eamonm.sys
c:\windows\system32\DRIVERS\epfwwfpr.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=-
"Adobe ARM"=-
"DivXUpdate"=-
"QuickTime Task"=-
"Malwarebytes' Anti-Malware"=-
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-

Driver::
ehdrv
eamonm
epfwwfpr

ComboFix 11-11-04.04 - Kubwais 04.11.2011 20:29:14.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3067.1703 [GMT 1:00]
Spuštěný z: c:\users\Kubwais\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Kubwais\Desktop\CFscript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\615E8FABC3.sys"
"c:\windows\system32\DRIVERS\eamonm.sys"
"c:\windows\system32\DRIVERS\ehdrv.sys"
"c:\windows\system32\DRIVERS\epfwwfpr.sys"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\615E8FABC3.sys
c:\windows\system32\DRIVERS\eamonm.sys
c:\windows\system32\DRIVERS\ehdrv.sys
c:\windows\system32\DRIVERS\epfwwfpr.sys
c:\windows\ufa
c:\windows\unrar.exe
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EAMONM
-------\Legacy_EHDRV
-------\Legacy_EPFWWFPR
-------\Service_eamonm
-------\Service_ehdrv
-------\Service_epfwwfpr
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-04 do 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-04 19:33 . 2011-11-04 19:33 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-11-04 19:33 . 2011-11-04 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-04 14:50 . 2011-11-04 15:03 -------- d-----w- c:\programdata\AVAST Software
2011-11-04 14:50 . 2011-11-04 14:50 -------- d-----w- c:\program files\AVAST Software
2011-11-04 12:59 . 2011-11-04 12:59 -------- d-----w- c:\users\Kubwais\AppData\Roaming\Malwarebytes
2011-11-04 12:58 . 2011-11-04 12:58 -------- d-----w- c:\programdata\Malwarebytes
2011-11-04 12:58 . 2011-11-04 12:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-04 12:58 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-02 23:53 . 2011-11-02 23:53 8704 ----a-w- c:\windows\system32\drivers\PROCEXP90.SYS
2011-11-02 23:42 . 2011-09-06 21:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-02 23:23 . 2011-11-02 23:23 -------- d-----w- c:\program files (x86)\AMD APP
2011-11-02 22:20 . 2011-11-02 22:20 -------- d-----w- c:\users\Kubwais\AppData\Roaming\URSoft
2011-11-02 22:20 . 2011-11-02 23:22 -------- d-----w- c:\program files (x86)\Your Uninstaller 2010
2011-10-30 15:58 . 2011-10-30 15:58 -------- d-----w- c:\program files\trend micro
2011-10-30 15:58 . 2011-10-30 15:58 -------- d-----w- C:\rsit
2011-10-30 14:36 . 2011-10-30 14:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-30 14:36 . 2011-10-30 14:36 -------- d-----w- c:\users\Kubwais\AppData\Roaming\SUPERAntiSpyware.com
2011-10-30 11:13 . 2011-10-30 11:13 -------- d-----w- C:\ATI
2011-10-28 14:31 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00F79807-52E9-49BD-B55E-57AA4FBAD39A}\mpengine.dll
2011-10-26 19:11 . 2011-10-26 19:11 -------- d-----w- c:\programdata\Sony Corporation
2011-10-26 19:11 . 2011-10-26 19:11 -------- d-----w- c:\program files (x86)\Sony
2011-10-24 21:06 . 2011-10-26 18:19 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2011-10-24 21:01 . 2011-10-24 21:01 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2011-10-24 20:59 . 2011-10-24 20:59 -------- d-----w- c:\program files (x86)\Common Files\Corel
2011-10-24 20:59 . 2011-10-24 20:59 -------- d-----w- c:\program files (x86)\Corel
2011-10-24 02:25 . 2011-10-24 02:25 -------- d-----w- c:\windows\system32\Macromed
2011-10-23 21:09 . 2011-10-23 21:15 -------- d-----w- c:\program files (x86)\ICQ7.6
2011-10-19 17:44 . 2011-11-02 23:24 -------- d-----w- c:\users\Kubwais\AppData\Local\Facebook
2011-10-13 19:10 . 2011-10-13 19:21 -------- d-----w- c:\users\Kubwais\AppData\Local\Seznam.cz
2011-10-13 19:08 . 2011-10-13 19:09 -------- d-----w- c:\program files (x86)\Seznam.cz
2011-10-13 18:27 . 2011-10-13 18:27 -------- d-----w- c:\users\Kubwais\AppData\Local\Babylon
2011-10-13 18:27 . 2011-10-13 18:27 -------- d-----w- c:\users\Kubwais\AppData\Roaming\Babylon
2011-10-13 18:27 . 2011-10-13 18:27 -------- d-----w- c:\programdata\Babylon
2011-10-13 18:27 . 2011-10-13 19:51 -------- d-----w- c:\program files\Expresso
2011-10-12 11:32 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 11:32 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 11:32 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 11:32 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 11:32 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 11:32 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 11:32 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-12 11:32 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 11:32 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-02 23:09 . 2011-05-13 21:40 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 03:06 . 2010-05-26 15:33 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-24 19:19 . 2011-08-24 19:19 56320 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-08-24 19:18 . 2011-08-24 19:18 13601280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-08-24 19:17 . 2011-08-24 19:17 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-04_18.22.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-11-04 18:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-04 19:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-04 19:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-04 18:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-04 18:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-04 19:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-11-04 18:24 42786 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-11 23:04 . 2011-11-04 18:24 12452 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-179869348-808994521-3457015576-1000_UserData.bin
+ 2009-07-14 05:30 . 2011-11-04 18:24 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-11-04 15:12 86016 c:\windows\system32\DriverStore\infpub.dat
- 2011-11-04 18:21 . 2011-11-04 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-04 19:35 . 2011-11-04 19:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-04 19:35 . 2011-11-04 19:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-04 18:21 . 2011-11-04 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-13 18:22 . 2011-11-04 19:35 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-03-13 18:22 . 2011-11-04 18:21 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:30 . 2011-11-04 15:12 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-11-04 18:24 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-11-04 18:24 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-11-04 15:12 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2011-11-04 18:20 479488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-04 19:34 479488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-03-27 11:35 . 2011-11-04 18:20 6041312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-179869348-808994521-3457015576-1000-8192.dat
+ 2011-03-27 11:35 . 2011-11-04 19:34 6041312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-179869348-808994521-3457015576-1000-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files (x86)\Seznam.cz\toolbar\toolbar.dll" [2011-09-27 188960]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-03-23 399736]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"PCSpeedUp"="c:\program files (x86)\Zrychleni Pocitace\PCSpeedUp.lnk" [2011-10-03 2430]
"ICQ"="c:\program files (x86)\ICQ7.6\ICQ.exe" [2011-10-23 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Camera Assistant Software"="c:\program files (x86)\Camera Assistant Software for Toshiba\traybar.exe" [2009-07-27 424496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-29 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1029 /KBD:2 /wow /dir:C:\Program
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-09-27 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [x]
S3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [BU]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
"combofix"="c:\combofix\CF10828.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&utm_medium=generic
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\users\Kubwais\AppData\Local\Seznam.cz\listicka.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 194.228.41.65
FF - ProfilePath - c:\users\Kubwais\AppData\Roaming\Mozilla\Firefox\Profiles\pyy768of.default\
FF - prefs.js: browser.search.defaulturl - hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=aacc2ea500000000000000238b80fb94&tlver=1.4.35.10&affID=100815
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2011-11-04 20:40:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-04 19:40
ComboFix2.txt 2011-11-04 18:28
ComboFix3.txt 2011-11-03 00:35
.
Před spuštěním: Volných bajtů: 25 720 700 928
Po spuštění: Volných bajtů: 25 414 959 104
.
- - End Of File - - 74C16307F00531C99D5A2BE9FD869EDB

zdá se, že máš čisto
a jestli už nenacházíš nic podivného, tak po sobě uklidím

ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

Stáhni a spusť T-cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe)

Vypni Obnovení systému -> restartuj -> zapni Obnovení systému http://www.viry.cz/forum/viewtopic.php?t=47040

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština

Kdyby něco z návodu nefungovalo, pokračuj dalším krokem.

Avast mohl být virem napaden. V tom případě použij http://files.avast.com/files/eng/aswclear.exe a nainstaluj znovu.

Po provedení všech úkonů mi napiš jak ti PC funguje

na mé straně je obdiv nicméně následující vykonám a napíšu. mám jen dotaz řešil jsem problem s mpc_miner_cuda.exe některý z tvých kolegu mi po vyčištění oznámil že jde o legitimní soubor mineru tam bylo víc a dnes jsme je odstranili. jen jestli je třeba to řešit když ho někde zahlídnu

Buď bez obav, tento "rpcminer" patřil k FBviru a MBAM a ComboFix ho mají na blacklistu

Skvělá práce děkuji za spolupráci vše funguje

Nemáš zač - rádo se stalo a jsme tady i příště

VIRY.CZ

dobrý den prosím o kontrolu logu

dobrý den prosím o kontrolu logu

Re: dobrý den prosím o kontrolu logu

Re: dobrý den prosím o kontrolu logu

Re: dobrý den prosím o kontrolu logu

Re: dobrý den prosím o kontrolu logu

Re: dobrý den prosím o kontrolu logu

Re: dobrý den prosím o kontrolu logu

Re: dobrý den prosím o kontrolu logu

Re: dobrý den prosím o kontrolu logu

Re: dobrý den prosím o kontrolu logu

Re: dobrý den prosím o kontrolu logu

Re: dobrý den prosím o kontrolu logu

Re: dobrý den prosím o kontrolu logu

Re: dobrý den prosím o kontrolu logu

Re: dobrý den prosím o kontrolu logu