VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

firefox - proxy server

https://forum.viry.cz:443/viewtopic.php?t=120320

Stránka 1 z 1

firefox - proxy server

Napsal: 11 bře 2012 20:02
od tominator
zdravím!
přítelkyně má poslední dobou nějaké problémy s compem, aktuálně jí u firefoxu naskočila hláška, že se kvůli proxy serveru nedá připojit na internet. vypnul jsem v nastavení firefoxu přístup přes proxy a už jede, nicméně bych řekl, že jsem odstranil následek a ne příčinu. vzhledem k tomu, že si myslím, že tam toho má víc, respektive, že avira ji pořád nachází nějaké viry v ...appdata/roaming..., tak bych se chtěl obrátit na Vás s prosbou o pomoc.

log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by lenka at 2012-03-11 19:18:30
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 24 GB (8%) free of 305 GB
Total RAM: 3066 MB (59% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\lenka\AppData\Roaming\Mozilla\Firefox\Profiles\agpqbu1s.default

prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1, {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198, toolbar@ask.com:3.12.1.100005, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=14]
"Description"=Google Updater
"Path"=C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\lenka\AppData\Roaming\Mozilla\Firefox\Profiles\agpqbu1s.default\extensions\
toolbar@ask.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-02 192112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-10 1003576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-02 192112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-06-02 3563520]
""= []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-09-23 258512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"CF3.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\D12E\CF3.exe []
"06B.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\667E\06B.exe []
"8DC.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\E5AE\8DC.exe []
"38C.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\F59E\38C.exe []
"BFB.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\05BE\BFB.exe []
"6B1.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\A5AE\6B1.exe []
"76B.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\E5CE\76B.exe []
"810.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\260E\810.exe []
"BD3.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\75BE\BD3.exe []
"CCC.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\85CE\CCC.exe []
"7C7.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\85CE\7C7.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-18 39408]
"1D3.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\55BE\1D3.exe []
"729.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\E5DE\729.exe []
"208.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\B65E\208.exe []
"509.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\55DE\509.exe []
"091.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\55DE\091.exe []
"734.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\95DE\734.exe []
"08D.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\C5BE\08D.exe []
"4A6.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\15BE\4A6.exe []
"5CA.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\05DE\5CA.exe []
"3C2.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\E5DE\3C2.exe []
"FAB.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\759E\FAB.exe []
"6A4.exe"=C:\Users\lenka\AppData\Roaming\Microsoft\858E\6A4.exe []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-03-11 19:18:30 ----D---- C:\rsit
2012-03-11 19:18:30 ----D---- C:\Program Files\trend micro
2012-02-26 14:55:13 ----SHD---- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-25 18:46:37 ----D---- C:\ProgramData\WinZip
2012-02-25 18:46:34 ----D---- C:\Program Files\WinZip
2012-02-14 21:46:50 ----A---- C:\Windows\system32\msvcrt.dll
2012-02-14 21:46:47 ----A---- C:\Windows\system32\win32k.sys
2012-02-14 21:46:17 ----A---- C:\Windows\system32\XpsPrint.dll
2012-02-14 21:45:54 ----A---- C:\Windows\system32\wininet.dll
2012-02-14 21:45:54 ----A---- C:\Windows\system32\urlmon.dll
2012-02-14 21:45:54 ----A---- C:\Windows\system32\iertutil.dll
2012-02-14 21:45:52 ----A---- C:\Windows\system32\url.dll
2012-02-14 21:45:51 ----A---- C:\Windows\system32\mshtml.dll
2012-02-14 21:45:51 ----A---- C:\Windows\system32\jsproxy.dll
2012-02-14 21:45:50 ----A---- C:\Windows\system32\ieframe.dll
2012-02-14 21:45:48 ----A---- C:\Windows\system32\msfeeds.dll
2012-02-14 21:45:47 ----A---- C:\Windows\system32\mstime.dll
2012-02-14 21:45:46 ----A---- C:\Windows\system32\iedkcs32.dll
2012-02-14 21:45:45 ----A---- C:\Windows\system32\occache.dll
2012-02-14 21:45:45 ----A---- C:\Windows\system32\ieUnatt.exe
2012-02-14 21:45:45 ----A---- C:\Windows\system32\ieui.dll
2012-02-14 21:45:44 ----A---- C:\Windows\system32\mshtmled.dll
2012-02-14 21:45:44 ----A---- C:\Windows\system32\msfeedsbs.dll
2012-02-14 21:45:44 ----A---- C:\Windows\system32\licmgr10.dll
2012-02-14 21:45:44 ----A---- C:\Windows\system32\iesysprep.dll
2012-02-14 21:45:44 ----A---- C:\Windows\system32\iesetup.dll
2012-02-14 21:45:44 ----A---- C:\Windows\system32\iernonce.dll
2012-02-14 21:45:44 ----A---- C:\Windows\system32\iepeers.dll
2012-02-14 21:45:44 ----A---- C:\Windows\system32\ie4uinit.exe
2012-02-14 21:45:43 ----A---- C:\Windows\system32\msfeedssync.exe
2012-02-14 10:23:42 ----D---- C:\Program Files\Windows Portable Devices
2012-02-14 08:53:48 ----A---- C:\Windows\system32\UIRibbonRes.dll
2012-02-14 08:53:48 ----A---- C:\Windows\system32\UIAnimation.dll
2012-02-14 08:53:47 ----A---- C:\Windows\system32\UIRibbon.dll
2012-02-14 08:52:29 ----A---- C:\Windows\system32\WMPhoto.dll
2012-02-14 08:52:27 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2012-02-14 08:52:27 ----A---- C:\Windows\system32\WindowsCodecs.dll
2012-02-14 08:52:27 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2012-02-14 08:52:27 ----A---- C:\Windows\system32\dxdiagn.dll
2012-02-14 08:52:27 ----A---- C:\Windows\system32\dxdiag.exe
2012-02-14 08:52:25 ----A---- C:\Windows\system32\d3d11.dll
2012-02-14 08:51:25 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2012-02-14 08:51:25 ----A---- C:\Windows\system32\wpdbusenum.dll
2012-02-14 08:51:25 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2012-02-14 08:51:22 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2012-02-14 08:51:21 ----A---- C:\Windows\system32\WpdMtpUS.dll
2012-02-14 08:51:21 ----A---- C:\Windows\system32\WpdConns.dll
2012-02-14 08:51:21 ----A---- C:\Windows\system32\drivers\WpdUsb.sys
2012-02-14 08:51:20 ----A---- C:\Windows\system32\WPDSp.dll
2012-02-14 08:51:20 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2012-02-14 08:51:20 ----A---- C:\Windows\system32\wpdshext.dll
2012-02-14 08:51:20 ----A---- C:\Windows\system32\WpdMtp.dll
2012-02-14 08:51:20 ----A---- C:\Windows\system32\wpd_ci.dll
2012-02-14 08:51:20 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2012-02-14 08:51:20 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2012-02-14 08:51:20 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2012-02-14 08:51:20 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2012-02-14 07:42:40 ----A---- C:\Windows\system32\winmm.dll
2012-02-14 07:42:40 ----A---- C:\Windows\system32\mciseq.dll
2012-02-14 07:42:38 ----A---- C:\Windows\system32\psisdecd.dll
2012-02-14 07:42:36 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-02-14 07:42:36 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-02-14 07:42:33 ----A---- C:\Windows\system32\ntdll.dll
2012-02-14 07:42:26 ----A---- C:\Windows\system32\XpsRasterService.dll
2012-02-14 07:42:26 ----A---- C:\Windows\system32\MFH264Dec.dll
2012-02-14 07:42:26 ----A---- C:\Windows\system32\dxgi.dll
2012-02-14 07:42:25 ----A---- C:\Windows\system32\MFHEAACdec.dll
2012-02-14 07:42:25 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2012-02-14 07:42:24 ----A---- C:\Windows\system32\mfreadwrite.dll
2012-02-14 07:42:24 ----A---- C:\Windows\system32\mfmp4src.dll
2012-02-14 07:42:23 ----A---- C:\Windows\system32\mf.dll
2012-02-14 07:42:23 ----A---- C:\Windows\system32\cdd.dll
2012-02-14 07:42:22 ----A---- C:\Windows\system32\stobject.dll
2012-02-14 07:42:22 ----A---- C:\Windows\system32\shdocvw.dll
2012-02-14 07:42:22 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2012-02-14 07:42:22 ----A---- C:\Windows\system32\mfplat.dll
2012-02-14 07:42:20 ----A---- C:\Windows\system32\mfps.dll
2012-02-14 07:42:19 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2012-02-14 07:42:06 ----A---- C:\Windows\system32\EncDec.dll
2012-02-14 07:41:48 ----A---- C:\Windows\system32\vbscript.dll
2012-02-14 07:41:44 ----A---- C:\Windows\system32\d3d10warp.dll
2012-02-14 07:41:44 ----A---- C:\Windows\system32\d3d10_1.dll
2012-02-14 07:41:44 ----A---- C:\Windows\system32\d2d1.dll
2012-02-14 07:41:43 ----A---- C:\Windows\system32\FntCache.dll
2012-02-14 07:41:43 ----A---- C:\Windows\system32\DWrite.dll
2012-02-14 07:41:43 ----A---- C:\Windows\system32\d3d10level9.dll
2012-02-14 07:41:43 ----A---- C:\Windows\system32\d3d10core.dll
2012-02-14 07:41:43 ----A---- C:\Windows\system32\d3d10_1core.dll
2012-02-14 07:41:43 ----A---- C:\Windows\system32\d3d10.dll
2012-02-14 07:41:42 ----A---- C:\Windows\system32\xpsservices.dll
2012-02-14 07:41:42 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2012-02-14 07:41:42 ----A---- C:\Windows\system32\OpcServices.dll
2012-02-14 07:41:28 ----A---- C:\Windows\system32\packager.dll
2012-02-14 07:41:27 ----A---- C:\Windows\system32\winsrv.dll
2012-02-14 07:41:08 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-02-14 07:41:00 ----A---- C:\Windows\system32\jscript.dll
2012-02-14 07:40:41 ----A---- C:\Windows\system32\csrsrv.dll
2012-02-14 07:40:39 ----A---- C:\Windows\system32\quartz.dll
2012-02-14 07:40:39 ----A---- C:\Windows\system32\qdvd.dll
2012-02-14 07:40:36 ----A---- C:\Windows\system32\winhttp.dll
2012-02-14 07:40:36 ----A---- C:\Windows\system32\schannel.dll
2012-02-14 07:40:36 ----A---- C:\Windows\system32\secur32.dll
2012-02-14 07:40:36 ----A---- C:\Windows\system32\lsasrv.dll
2012-02-14 07:40:36 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-02-14 07:40:35 ----A---- C:\Windows\system32\lsass.exe
2012-02-14 07:40:31 ----A---- C:\Windows\system32\tzres.dll
2012-02-14 07:40:21 ----A---- C:\Windows\system32\UIAutomationCore.dll
2012-02-14 07:40:21 ----A---- C:\Windows\system32\oleaccrc.dll
2012-02-14 07:40:21 ----A---- C:\Windows\system32\oleacc.dll
2012-02-14 07:40:20 ----A---- C:\Windows\system32\oleaut32.dll
2012-02-14 07:40:12 ----A---- C:\Windows\system32\xmllite.dll
2012-02-14 07:31:44 ----A---- C:\Windows\system32\msshsq.dll
2012-02-14 07:09:45 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-02-14 07:09:45 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-02-14 00:08:51 ----D---- C:\Users\lenka\AppData\Roaming\Avira
2012-02-14 00:07:54 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2012-02-14 00:07:52 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2012-02-14 00:07:52 ----A---- C:\Windows\system32\drivers\avipbb.sys
2012-02-14 00:07:52 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2012-02-14 00:07:48 ----D---- C:\ProgramData\Avira
2012-02-14 00:07:48 ----D---- C:\Program Files\Avira
2012-02-13 23:46:35 ----D---- C:\Windows\system32\eu-ES
2012-02-13 23:46:35 ----D---- C:\Windows\system32\ca-ES
2012-02-13 23:46:33 ----D---- C:\Windows\system32\vi-VN
2012-02-13 23:19:10 ----D---- C:\Windows\system32\EventProviders
2012-02-13 23:05:12 ----A---- C:\Windows\system32\mshtmler.dll
2012-02-13 23:05:12 ----A---- C:\Windows\system32\icardie.dll
2012-02-13 23:05:12 ----A---- C:\Windows\system32\admparse.dll
2012-02-13 23:05:11 ----A---- C:\Windows\system32\msls31.dll
2012-02-13 23:05:11 ----A---- C:\Windows\system32\imgutil.dll
2012-02-13 23:05:11 ----A---- C:\Windows\system32\ieakeng.dll
2012-02-13 23:05:11 ----A---- C:\Windows\system32\dxtmsft.dll
2012-02-13 23:05:11 ----A---- C:\Windows\system32\corpol.dll
2012-02-13 23:05:10 ----A---- C:\Windows\system32\inseng.dll
2012-02-13 23:05:10 ----A---- C:\Windows\system32\ieaksie.dll
2012-02-13 23:05:10 ----A---- C:\Windows\system32\dxtrans.dll
2012-02-13 23:05:09 ----A---- C:\Windows\system32\WinFXDocObj.exe
2012-02-13 23:05:09 ----A---- C:\Windows\system32\wextract.exe
2012-02-13 23:05:09 ----A---- C:\Windows\system32\webcheck.dll
2012-02-13 23:05:09 ----A---- C:\Windows\system32\msrating.dll
2012-02-13 23:05:09 ----A---- C:\Windows\system32\ieakui.dll
2012-02-13 23:05:08 ----A---- C:\Windows\system32\pngfilt.dll
2012-02-13 23:05:08 ----A---- C:\Windows\system32\ieapfltr.dll
2012-02-13 23:05:08 ----A---- C:\Windows\system32\advpack.dll
2012-02-13 23:05:07 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2012-02-13 23:05:07 ----A---- C:\Windows\system32\mshta.exe
2012-02-13 23:05:07 ----A---- C:\Windows\system32\iexpress.exe
2012-02-13 23:05:07 ----A---- C:\Windows\system32\ieapfltr.dat
2012-02-13 23:05:06 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2012-02-13 23:05:06 ----A---- C:\Windows\system32\SetDepNx.exe
2012-02-13 23:05:06 ----A---- C:\Windows\system32\PDMSetup.exe

======List of files/folders modified in the last 1 month======

2012-03-11 19:18:30 ----RD---- C:\Program Files
2012-03-11 19:18:27 ----D---- C:\Windows\Temp
2012-03-11 19:04:02 ----D---- C:\Users\lenka\AppData\Roaming\Skype
2012-03-11 18:49:34 ----D---- C:\Users\lenka\AppData\Roaming\ECB72
2012-03-11 17:58:53 ----D---- C:\Windows\System32
2012-03-11 17:58:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-11 17:50:32 ----SHD---- C:\System Volume Information
2012-03-11 17:36:13 ----D---- C:\Windows\Prefetch
2012-03-11 17:23:44 ----D---- C:\Users\lenka\AppData\Roaming\72D93
2012-03-08 17:15:36 ----D---- C:\Windows\system32\catroot2
2012-03-07 18:26:24 ----SD---- C:\Users\lenka\AppData\Roaming\Microsoft
2012-03-04 12:53:05 ----SHD---- C:\Windows\Installer
2012-03-04 12:53:05 ----SHD---- C:\Config.Msi
2012-02-27 21:21:49 ----D---- C:\Windows\system32\Tasks
2012-02-26 15:38:49 ----RD---- C:\Users
2012-02-26 15:28:40 ----SHD---- C:\Boot
2012-02-26 15:28:40 ----D---- C:\Windows\system32\config
2012-02-26 15:25:22 ----AD---- C:\Windows
2012-02-26 15:04:44 ----D---- C:\Windows\Tasks
2012-02-26 14:55:37 ----D---- C:\ProgramData\TuneUp Software
2012-02-26 14:55:36 ----D---- C:\Users\lenka\AppData\Roaming\TuneUp Software
2012-02-26 14:55:13 ----HD---- C:\ProgramData
2012-02-26 13:14:13 ----D---- C:\Program Files\72D93
2012-02-26 10:15:51 ----A---- C:\Users\lenka\AppData\Roaming\svc2dll.exe.vir
2012-02-25 18:58:34 ----RSD---- C:\Windows\Fonts
2012-02-23 20:41:29 ----D---- C:\Program Files\Mozilla Firefox
2012-02-15 15:10:03 ----D---- C:\Program Files\LP
2012-02-15 10:05:15 ----D---- C:\Windows\Microsoft.NET
2012-02-15 10:04:48 ----RSD---- C:\Windows\assembly
2012-02-15 09:49:09 ----D---- C:\Users\lenka\AppData\Roaming\GHISLER
2012-02-15 09:44:21 ----D---- C:\Windows\winsxs
2012-02-15 09:24:08 ----D---- C:\Windows\system32\catroot
2012-02-15 09:18:35 ----D---- C:\Windows\system32\migration
2012-02-15 09:18:35 ----D---- C:\Program Files\Windows Mail
2012-02-15 09:18:35 ----D---- C:\Program Files\Internet Explorer
2012-02-15 03:22:16 ----D---- C:\Windows\system32\drivers
2012-02-15 03:22:16 ----A---- C:\Windows\system32\MRT.INI
2012-02-15 03:13:56 ----A---- C:\Windows\system32\mrt.exe
2012-02-15 03:11:32 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-14 10:44:08 ----D---- C:\Windows\rescache
2012-02-14 10:23:44 ----D---- C:\Windows\system32\cs-CZ
2012-02-14 10:23:43 ----D---- C:\Windows\system32\drivers\cs-CZ
2012-02-14 10:23:42 ----D---- C:\Windows\system32\wbem
2012-02-14 10:23:37 ----D---- C:\Windows\system32\zh-TW
2012-02-14 10:23:37 ----D---- C:\Windows\system32\uk-UA
2012-02-14 10:23:37 ----D---- C:\Windows\system32\tr-TR
2012-02-14 10:23:37 ----D---- C:\Windows\system32\sr-Latn-CS
2012-02-14 10:23:37 ----D---- C:\Windows\system32\sl-SI
2012-02-14 10:23:37 ----D---- C:\Windows\system32\sk-SK
2012-02-14 10:23:37 ----D---- C:\Windows\system32\ro-RO
2012-02-14 10:23:37 ----D---- C:\Windows\system32\pt-PT
2012-02-14 10:23:37 ----D---- C:\Windows\system32\pt-BR
2012-02-14 10:23:37 ----D---- C:\Windows\system32\nl-NL
2012-02-14 10:23:37 ----D---- C:\Windows\system32\nb-NO
2012-02-14 10:23:37 ----D---- C:\Windows\system32\lv-LV
2012-02-14 10:23:37 ----D---- C:\Windows\system32\lt-LT
2012-02-14 10:23:37 ----D---- C:\Windows\system32\ja-JP
2012-02-14 10:23:37 ----D---- C:\Windows\system32\it-IT
2012-02-14 10:23:37 ----D---- C:\Windows\system32\hr-HR
2012-02-14 10:23:37 ----D---- C:\Windows\system32\fr-FR
2012-02-14 10:23:37 ----D---- C:\Windows\system32\fi-FI
2012-02-14 10:23:37 ----D---- C:\Windows\system32\en-US
2012-02-14 10:23:37 ----D---- C:\Windows\system32\el-GR
2012-02-14 10:23:37 ----D---- C:\Windows\system32\de-DE
2012-02-14 10:23:36 ----D---- C:\Windows\system32\th-TH
2012-02-14 10:23:36 ----D---- C:\Windows\system32\sv-SE
2012-02-14 10:23:36 ----D---- C:\Windows\system32\pl-PL
2012-02-14 10:23:36 ----D---- C:\Windows\system32\ko-KR
2012-02-14 10:23:36 ----D---- C:\Windows\system32\hu-HU
2012-02-14 10:23:36 ----D---- C:\Windows\system32\he-IL
2012-02-14 10:23:36 ----D---- C:\Windows\system32\et-EE
2012-02-14 10:23:36 ----D---- C:\Windows\system32\da-DK
2012-02-14 10:23:36 ----D---- C:\Windows\system32\bg-BG
2012-02-14 10:23:36 ----D---- C:\Windows\system32\ar-SA
2012-02-14 10:23:35 ----D---- C:\Windows\system32\zh-HK
2012-02-14 10:23:35 ----D---- C:\Windows\system32\zh-CN
2012-02-14 10:23:35 ----D---- C:\Windows\system32\ru-RU
2012-02-14 10:23:35 ----D---- C:\Windows\system32\es-ES
2012-02-14 10:23:25 ----D---- C:\Windows\ehome
2012-02-14 10:23:19 ----D---- C:\Program Files\Common Files\System
2012-02-14 10:23:13 ----D---- C:\Windows\inf
2012-02-14 10:02:59 ----D---- C:\Windows\system32\drivers\UMDF
2012-02-14 07:58:12 ----D---- C:\Windows\system32\drivers\etc
2012-02-14 00:14:12 ----D---- C:\ProgramData\Easybits GO
2012-02-13 23:50:31 ----D---- C:\Program Files\Windows Calendar
2012-02-13 23:50:30 ----D---- C:\Program Files\Movie Maker
2012-02-13 23:50:29 ----D---- C:\Program Files\Windows Sidebar
2012-02-13 23:50:28 ----D---- C:\Program Files\Windows Photo Gallery
2012-02-13 23:50:28 ----D---- C:\Program Files\Windows Media Player
2012-02-13 23:50:28 ----D---- C:\Program Files\Windows Journal
2012-02-13 23:50:28 ----D---- C:\Program Files\Windows Collaboration
2012-02-13 23:50:23 ----D---- C:\Windows\servicing
2012-02-13 23:50:23 ----D---- C:\Program Files\Windows Defender
2012-02-13 23:50:05 ----D---- C:\Windows\IME
2012-02-13 23:50:04 ----D---- C:\Windows\system32\XPSViewer
2012-02-13 23:50:03 ----D---- C:\Windows\system32\oobe
2012-02-13 23:50:01 ----D---- C:\Windows\system32\AdvancedInstallers
2012-02-13 23:50:00 ----D---- C:\Windows\system32\setup
2012-02-13 23:50:00 ----D---- C:\Windows\system32\cs
2012-02-13 23:49:53 ----D---- C:\Windows\system32\SLUI
2012-02-13 23:49:51 ----D---- C:\Windows\system32\manifeststore
2012-02-13 23:49:45 ----D---- C:\Windows\system32\migwiz
2012-02-13 23:48:46 ----D---- C:\Windows\AppPatch
2012-02-13 23:46:33 ----D---- C:\Windows\system32\Boot
2012-02-13 23:36:28 ----A---- C:\Windows\fonts\GlobalUserInterface.CompositeFont
2012-02-13 23:20:51 ----D---- C:\ProgramData\avg8
2012-02-13 23:08:48 ----D---- C:\Windows\PolicyDefinitions
2012-02-13 23:08:10 ----D---- C:\Program Files\Microsoft Office
2012-02-13 23:04:37 ----D---- C:\ProgramData\Microsoft Help
2012-02-13 23:03:13 ----D---- C:\Program Files\Common Files\microsoft shared
2012-02-13 07:10:08 ----A---- C:\Users\lenka\AppData\Roaming\java.exe.vir

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-07-09 45200]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-12-10 691696]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2012-03-02 137416]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-09-15 74640]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-07-04 3847168]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-06-02 1207288]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-05-06 379904]
S3 .rassstp;.rassstp; \* []
S3 al6lrn3p;al6lrn3p; C:\Windows\system32\drivers\al6lrn3p.sys []
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2008-06-02 18424]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-02-28 73728]
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-09-23 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-07-03 692224]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\system32\nlssrv32.exe [2011-05-17 66560]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe [2008-05-06 221239]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-06-02 24064]
S2 Adobe Direct CVS Service;Adobe Direct CVS Service; C:\Windows\system32\svc2dll.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1ca2039616d9299;Služba Google Update (gupdate1ca2039616d9299); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-18 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-10-06 194104]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-12-12 655624]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-18 133104]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------


predem diky za pomoc!
tom

Re: firefox - proxy server

Napsal: 11 bře 2012 20:43
od Rudy
Také zdravím!
Něco tam určitě bude. Dejte log ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: firefox - proxy server

Napsal: 12 bře 2012 00:17
od tominator
log z ComboFixu :


ComboFix 12-03-11.01 - lenka 11.03.2012 23:56:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3066.2241 [GMT 1:00]
Spuštěný z: c:\users\lenka\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\15EE\209E.tmp
c:\program files\LP\15EE\73CB.tmp
c:\program files\LP\15EE\818F.tmp.vir
c:\program files\LP\251E\AA52.tmp
c:\program files\LP\858E\A4D.exe.vir
c:\users\lenka\AppData\Local\svc2dll.exe.vir
c:\users\lenka\AppData\Roaming\firefox.exe.vir
c:\users\lenka\AppData\Roaming\java.exe.vir
c:\users\lenka\AppData\Roaming\Photoshop.exe.vir
c:\users\lenka\AppData\Roaming\svc2dll.exe.vir
c:\users\lenka\AppData\Roaming\WINWORD.EXE.vir
c:\users\lenka\AppData\Roaming\wmplayer.exe.vir
c:\users\lenka\uidsave.dat
c:\windows\logboot_26.02.2012.tureg.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\svc2dll.dat
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Adobe Direct CVS Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-11 do 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-11 18:18 . 2012-03-11 18:18 -------- d-----w- C:\rsit
2012-03-11 18:18 . 2012-03-11 18:18 -------- d-----w- c:\program files\trend micro
2012-03-05 16:27 . 2012-03-05 16:27 141 ----a-w- c:\users\lenka\AppData\Roaming\Microsoft\C5BE\bl95628_64.bat
2012-02-26 18:38 . 2012-02-26 18:38 279552 ----a-w- c:\users\lenka\AppData\Roaming\Microsoft\667E\241.exe
2012-02-26 14:38 . 2012-02-26 14:39 -------- d-----w- c:\users\New Folder
2012-02-26 14:31 . 2012-02-26 14:31 282624 ----a-w- c:\users\lenka\AppData\Roaming\Microsoft\667E\438.exe
2012-02-26 13:55 . 2012-02-26 13:55 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-26 13:47 . 2012-02-26 13:48 282112 ----a-w- c:\users\lenka\AppData\Roaming\Microsoft\A6CE\4AC.exe
2012-02-26 09:14 . 2012-02-26 09:14 282112 ----a-w- c:\users\lenka\AppData\Roaming\Microsoft\16DE\B98.exe
2012-02-25 17:48 . 2012-02-25 17:48 -------- d-----w- c:\users\lenka\AppData\Local\WinZip
2012-02-25 17:46 . 2012-02-25 17:48 -------- d-----w- c:\programdata\WinZip
2012-02-14 20:46 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 20:46 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 20:46 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-14 20:46 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-14 09:23 . 2012-02-14 09:23 -------- d-----w- c:\program files\Windows Portable Devices
2012-02-14 07:53 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-02-14 07:53 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-02-14 07:53 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-02-14 07:52 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-02-14 07:52 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-02-14 07:52 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-02-14 07:52 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-02-14 07:52 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-02-14 07:52 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-02-14 07:52 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-02-14 06:42 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-02-14 06:41 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2012-02-14 06:40 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2012-02-14 06:39 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-02-14 06:31 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-02-14 06:09 . 2012-02-14 09:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-14 06:09 . 2012-02-14 06:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-13 23:08 . 2012-02-13 23:08 -------- d-----w- c:\users\lenka\AppData\Roaming\Avira
2012-02-13 23:07 . 2012-03-02 20:20 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-13 23:07 . 2011-09-15 22:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-13 23:07 . 2011-09-15 22:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-13 23:07 . 2012-02-13 23:07 -------- d-----w- c:\programdata\Avira
2012-02-13 23:07 . 2012-02-13 23:07 -------- d-----w- c:\program files\Avira
2012-02-13 22:46 . 2012-02-13 22:50 -------- d-----w- c:\windows\system32\ca-ES
2012-02-13 22:46 . 2012-02-13 22:50 -------- d-----w- c:\windows\system32\eu-ES
2012-02-13 22:46 . 2012-02-13 22:49 -------- d-----w- c:\windows\system32\vi-VN
2012-02-13 22:19 . 2012-02-13 22:19 -------- d-----w- c:\windows\system32\EventProviders
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 04:10 . 2009-10-03 06:02 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-22 16:12 . 2012-01-22 16:12 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C65FE8D-508A-480C-AC79-21811B6A7C1A}\offreg.dll
2012-01-20 21:07 . 2012-01-20 21:07 119296 ----a-w- c:\windows\system32\svc2dll.exe.vir
2012-01-06 04:19 . 2012-01-20 21:16 6557240 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C65FE8D-508A-480C-AC79-21811B6A7C1A}\mpengine.dll
2012-02-23 19:41 . 2011-06-21 19:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 19:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 3563520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3294189275-477037899-281635177-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-02-28 73728]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-07 21:07]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-18 19:23]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-18 19:23]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:52283
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\lenka\AppData\Roaming\Mozilla\Firefox\Profiles\agpqbu1s.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52283
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-CF3.exe - c:\users\lenka\AppData\Roaming\Microsoft\D12E\CF3.exe
HKCU-Run-06B.exe - c:\users\lenka\AppData\Roaming\Microsoft\667E\06B.exe
HKCU-Run-8DC.exe - c:\users\lenka\AppData\Roaming\Microsoft\E5AE\8DC.exe
HKCU-Run-38C.exe - c:\users\lenka\AppData\Roaming\Microsoft\F59E\38C.exe
HKCU-Run-BFB.exe - c:\users\lenka\AppData\Roaming\Microsoft\05BE\BFB.exe
HKCU-Run-6B1.exe - c:\users\lenka\AppData\Roaming\Microsoft\A5AE\6B1.exe
HKCU-Run-76B.exe - c:\users\lenka\AppData\Roaming\Microsoft\E5CE\76B.exe
HKCU-Run-810.exe - c:\users\lenka\AppData\Roaming\Microsoft\260E\810.exe
HKCU-Run-BD3.exe - c:\users\lenka\AppData\Roaming\Microsoft\75BE\BD3.exe
HKCU-Run-CCC.exe - c:\users\lenka\AppData\Roaming\Microsoft\85CE\CCC.exe
HKCU-Run-7C7.exe - c:\users\lenka\AppData\Roaming\Microsoft\85CE\7C7.exe
HKCU-Run-1D3.exe - c:\users\lenka\AppData\Roaming\Microsoft\55BE\1D3.exe
HKCU-Run-729.exe - c:\users\lenka\AppData\Roaming\Microsoft\E5DE\729.exe
HKCU-Run-208.exe - c:\users\lenka\AppData\Roaming\Microsoft\B65E\208.exe
HKCU-Run-509.exe - c:\users\lenka\AppData\Roaming\Microsoft\55DE\509.exe
HKCU-Run-091.exe - c:\users\lenka\AppData\Roaming\Microsoft\55DE\091.exe
HKCU-Run-734.exe - c:\users\lenka\AppData\Roaming\Microsoft\95DE\734.exe
HKCU-Run-08D.exe - c:\users\lenka\AppData\Roaming\Microsoft\C5BE\08D.exe
HKCU-Run-4A6.exe - c:\users\lenka\AppData\Roaming\Microsoft\15BE\4A6.exe
HKCU-Run-5CA.exe - c:\users\lenka\AppData\Roaming\Microsoft\05DE\5CA.exe
HKCU-Run-3C2.exe - c:\users\lenka\AppData\Roaming\Microsoft\E5DE\3C2.exe
HKCU-Run-FAB.exe - c:\users\lenka\AppData\Roaming\Microsoft\759E\FAB.exe
HKCU-Run-6A4.exe - c:\users\lenka\AppData\Roaming\Microsoft\858E\6A4.exe
AddRemove-Game Organizer - c:\programdata\Easybits GO\EasyBitsGO.exe
.
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\.rassstp]
"ImagePath"="\*"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3812)
c:\program files\WinSCP\DragExt.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\System32\lpksetup.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nlssrv32.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-03-12 00:15:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-11 23:14
.
Před spuštěním: Volných bajtů: 24 495 357 952
Po spuštění: Volných bajtů: 23 297 855 488
.
- - End Of File - - 0E41ACB2378A56C26EC03A9E270FB795

Re: firefox - proxy server

Napsal: 12 bře 2012 18:20
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Folder::
c:\program files\Ask.com
c:\program files\Google\GoogleToolbarNotifier
c:\program files\Google\Common\Google Updater
c:\program files\Google\Update

Collect::
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-

Firefox::
FF - ProfilePath - c:\users\lenka\AppData\Roaming\Mozilla\Firefox\Profiles\agpqbu1s.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52283
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: firefox - proxy server

Napsal: 12 bře 2012 21:51
od tominator
log z combofixu:


ComboFix 12-03-11.01 - lenka 12.03.2012 21:26:18.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3066.2247 [GMT 1:00]
Spuštěný z: c:\users\lenka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\lenka\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\windows\Tasks\Google Software Updater.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Google\Common\Google Updater
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Google\GoogleToolbarNotifier
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\gth.dll
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\gtn.dll
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\Readme.url
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.99\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.99\goopdate.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.99\psmachine.dll
c:\program files\Google\Update\1.3.21.99\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.99\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\17.0.963.66\chrome_updater.exe
c:\program files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe
c:\program files\Google\Update\Download\{DAF830A7-B5DC-437F-80AC-53C06237E635}\chrome_updater.exe
c:\program files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.3.2614.234\GoogleToolbarInstaller_updater_signed.exe
c:\program files\Google\Update\Download\{F7398016-4E33-4DF9-985E-4173AAE211D5}\GoogleUpdateSetup.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate1ca2039616d9299
-------\Service_gupdatem
-------\Service_gupdate1ca2039616d9299
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-12 do 2012-03-12 )))))))))))))))))))))))))))))))
.
.
2012-03-12 20:33 . 2012-03-12 20:37 -------- d-----w- c:\users\lenka\AppData\Local\temp
2012-03-11 18:18 . 2012-03-11 18:18 -------- d-----w- C:\rsit
2012-03-11 18:18 . 2012-03-11 18:18 -------- d-----w- c:\program files\trend micro
2012-03-05 16:27 . 2012-03-05 16:27 141 ----a-w- c:\users\lenka\AppData\Roaming\Microsoft\C5BE\bl95628_64.bat
2012-02-26 14:38 . 2012-03-11 23:15 -------- d-----w- c:\users\New Folder
2012-02-26 13:55 . 2012-02-26 13:55 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-25 17:48 . 2012-02-25 17:48 -------- d-----w- c:\users\lenka\AppData\Local\WinZip
2012-02-25 17:46 . 2012-02-25 17:48 -------- d-----w- c:\programdata\WinZip
2012-02-14 20:46 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 20:46 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 20:46 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-14 20:46 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-14 09:23 . 2012-02-14 09:23 -------- d-----w- c:\program files\Windows Portable Devices
2012-02-14 07:53 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-02-14 07:53 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-02-14 07:53 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-02-14 07:52 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-02-14 07:52 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-02-14 07:52 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-02-14 07:52 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-02-14 07:52 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-02-14 07:52 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-02-14 07:52 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-02-14 06:42 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-02-14 06:41 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2012-02-14 06:40 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2012-02-14 06:39 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-02-14 06:31 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-02-14 06:09 . 2012-02-14 09:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-14 06:09 . 2012-02-14 06:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-13 23:08 . 2012-02-13 23:08 -------- d-----w- c:\users\lenka\AppData\Roaming\Avira
2012-02-13 23:07 . 2012-03-02 20:20 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-13 23:07 . 2011-09-15 22:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-13 23:07 . 2011-09-15 22:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-13 23:07 . 2012-02-13 23:07 -------- d-----w- c:\programdata\Avira
2012-02-13 23:07 . 2012-02-13 23:07 -------- d-----w- c:\program files\Avira
2012-02-13 22:46 . 2012-02-13 22:50 -------- d-----w- c:\windows\system32\ca-ES
2012-02-13 22:46 . 2012-02-13 22:50 -------- d-----w- c:\windows\system32\eu-ES
2012-02-13 22:46 . 2012-02-13 22:49 -------- d-----w- c:\windows\system32\vi-VN
2012-02-13 22:19 . 2012-02-13 22:19 -------- d-----w- c:\windows\system32\EventProviders
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 04:10 . 2009-10-03 06:02 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-22 16:12 . 2012-01-22 16:12 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C65FE8D-508A-480C-AC79-21811B6A7C1A}\offreg.dll
2012-01-20 21:07 . 2012-01-20 21:07 119296 ----a-w- c:\windows\system32\svc2dll.exe.vir
2012-01-06 04:19 . 2012-01-20 21:16 6557240 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C65FE8D-508A-480C-AC79-21811B6A7C1A}\mpengine.dll
2012-02-23 19:41 . 2011-06-21 19:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 3563520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3294189275-477037899-281635177-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-02-28 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:52283
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\lenka\AppData\Roaming\Mozilla\Firefox\Profiles\agpqbu1s.default\
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\.rassstp]
"ImagePath"="\*"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2264)
c:\program files\WinSCP\DragExt.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\System32\lpksetup.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nlssrv32.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\avira\antivir desktop\ipmGui.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2012-03-12 21:45:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-12 20:45
ComboFix2.txt 2012-03-11 23:15
.
Před spuštěním: Volných bajtů: 23 247 163 392
Po spuštění: Volných bajtů: 24 790 700 032
.
- - End Of File - - 9D4AF7EC1C530E9896D2B192833716D0
Nahr nˇ probŘhlo ŁspŘçnŘ

Re: firefox - proxy server

Napsal: 12 bře 2012 22:21
od Rudy
Smazáno. Nastala nějaká změna?

Re: firefox - proxy server

Napsal: 12 bře 2012 22:42
od tominator
pred tim dochazelo k tomu, ze kdyz se zadala do prohlizece nejaka prima adresa, napr. seznam.cz, tak nejdriv nabehla nejaka uplne jina stranka (nevim presne jaka) a az napodruhe zadani to preslo na seznam. tohle uz se nedeje (uz od vcerejska). kdyz jsem nicmene ted do firefoxu zase zadal pripojeni pres proxy server (dle nastaveni, co tam byla predtim, nez jsem vypnul proxy), tak firefox zase nejede.
avira porad hlasi, ze nachazi nejake viry.

tak nevim :)

Re: firefox - proxy server

Napsal: 12 bře 2012 23:00
od Rudy
Kde Avira nachází ty viry?

Re: firefox - proxy server

Napsal: 12 bře 2012 23:21
od tominator
dnes 21:52
Begin scan in 'C:\Program Files\72D93\lvvm.exe.vir'
C:\Program Files\72D93\lvvm.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen5 back-door program
[NOTE] The file was moved to the quarantine directory under the name '4af1cc7b.qua'.

dnes 19:00
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\16DE\B98.exe'
C:\Users\lenka\AppData\Roaming\Microsoft\16DE\B98.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4abd92f9.qua'.
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\667E\241.exe'
C:\Users\lenka\AppData\Roaming\Microsoft\667E\241.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5233bd51.qua'.
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\A6CE\4AC.exe'
C:\Users\lenka\AppData\Roaming\Microsoft\A6CE\4AC.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0042e7ae.qua'.

dnes 18:39
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\15DE\514.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\15DE\514.exe.vir
[DETECTION] Is the TR/Kazy.53796.2 Trojan
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\165E\2EC.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\165E\2EC.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.1069 back-door program
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\165E\347.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\165E\347.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen5 back-door program
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\165E\A9A.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\165E\A9A.exe.vir
[DETECTION] Is the TR/Kazy.53796.2 Trojan
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\166E\3FC.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\166E\3FC.exe.vir
[DETECTION] Is the TR/Offend.KD.532572 Trojan
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\167E\97B.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\167E\97B.exe.vir
[DETECTION] Is the TR/Offend.KD.532572 Trojan
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\251E\C1E.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\251E\C1E.exe.vir
[DETECTION] Is the TR/Offend.KD.532572 Trojan
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\26AE\134.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\26AE\134.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.SD.3 back-door program
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\365E\4DE.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\365E\4DE.exe.vir
[DETECTION] Is the TR/Kazy.53796.2 Trojan
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\365E\A87.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\365E\A87.exe.vir
[DETECTION] Is the TR/Kazy.53796.2 Trojan
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\451E\91D.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\451E\91D.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.SD.3 back-door program
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\565E\3E.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\565E\3E.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.1188 back-door program
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\565E\556.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\565E\556.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.483 back-door program
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\565E\C39.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\565E\C39.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.961 back-door program
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\661E\B76.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\661E\B76.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.110 back-door program
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\667E\438.exe'
C:\Users\lenka\AppData\Roaming\Microsoft\667E\438.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen8 Trojan
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\703E\442.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\703E\442.exe.vir
[DETECTION] Is the TR/Kazy.53773.9 Trojan
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\759E\3B1.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\759E\3B1.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.SD.3 back-door program
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\75BE\1FC0.exe'
C:\Users\lenka\AppData\Roaming\Microsoft\75BE\1FC0.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.1376 back-door program
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\858E\A4D.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\858E\A4D.exe.vir
[DETECTION] Is the TR/Kazy.53796.2 Trojan
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\A51E\84F.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\A51E\84F.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.483 back-door program
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\B67E\62D8.exe'
C:\Users\lenka\AppData\Roaming\Microsoft\B67E\62D8.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.B.28 back-door program
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\B67E\B98.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\B67E\B98.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.204 back-door program
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\C3EE\2EF.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\C3EE\2EF.exe.vir
[DETECTION] Is the TR/Kazy.53773.9 Trojan
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\D66E\F0E.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\D66E\F0E.exe.vir
[DETECTION] Is the TR/Offend.KD.532572 Trojan
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\E58E\1035.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\E58E\1035.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.1080 back-door program
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\E58E\36C.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\E58E\36C.exe.vir
[DETECTION] Is the TR/Kazy.53796.2 Trojan
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\E7BE\6C9.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\E7BE\6C9.exe.vir
[DETECTION] Is the TR/Offend.KD.532572 Trojan
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\F06E\34E.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\F06E\34E.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.961 back-door program

Beginning disinfection:
C:\Users\lenka\AppData\Roaming\Microsoft\F06E\34E.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.961 back-door program
[NOTE] The file was moved to the quarantine directory under the name '4a2d9b1d.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\E7BE\6C9.exe.vir
[DETECTION] Is the TR/Offend.KD.532572 Trojan
[NOTE] The file was moved to the quarantine directory under the name '528eb489.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\E58E\36C.exe.vir
[DETECTION] Is the TR/Kazy.53796.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '00e7ee5c.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\E58E\1035.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.1080 back-door program
[NOTE] The file was moved to the quarantine directory under the name '66e0a194.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\D66E\F0E.exe.vir
[DETECTION] Is the TR/Offend.KD.532572 Trojan
[NOTE] The file was moved to the quarantine directory under the name '23568cab.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\C3EE\2EF.exe.vir
[DETECTION] Is the TR/Kazy.53773.9 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5c4abef1.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\B67E\B98.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.204 back-door program
[NOTE] The file was moved to the quarantine directory under the name '10c0928f.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\B67E\62D8.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.B.28 back-door program
[NOTE] The file was moved to the quarantine directory under the name '6cecd2d6.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\A51E\84F.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.483 back-door program
[NOTE] The file was moved to the quarantine directory under the name '41b0fd99.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\858E\A4D.exe.vir
[DETECTION] Is the TR/Kazy.53796.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '58dec603.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\75BE\1FC0.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.1376 back-door program
[NOTE] The file was moved to the quarantine directory under the name '3481ea0d.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\759E\3B1.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.SD.3 back-door program
[NOTE] The file was moved to the quarantine directory under the name '4516d394.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\703E\442.exe.vir
[DETECTION] Is the TR/Kazy.53773.9 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4b13e361.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\667E\438.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0e3c9a22.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\661E\B76.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.110 back-door program
[NOTE] The file was moved to the quarantine directory under the name '07359e85.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\565E\C39.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.961 back-door program
[NOTE] The file was moved to the quarantine directory under the name '5f7787e0.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\565E\556.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.483 back-door program
[NOTE] The file was moved to the quarantine directory under the name '7380fe22.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\565E\3E.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.1188 back-door program
[NOTE] The file was moved to the quarantine directory under the name '4d669ec8.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\451E\91D.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.SD.3 back-door program
[NOTE] The file was moved to the quarantine directory under the name '2e46b587.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\365E\A87.exe.vir
[DETECTION] Is the TR/Kazy.53796.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '08b9f595.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\365E\4DE.exe.vir
[DETECTION] Is the TR/Kazy.53796.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '3a1b8e0c.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\26AE\134.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.SD.3 back-door program
[NOTE] The file was moved to the quarantine directory under the name '306fa543.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\251E\C1E.exe.vir
[DETECTION] Is the TR/Offend.KD.532572 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0f0dc104.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\167E\97B.exe.vir
[DETECTION] Is the TR/Offend.KD.532572 Trojan
[NOTE] The file was moved to the quarantine directory under the name '7122cd2c.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\166E\3FC.exe.vir
[DETECTION] Is the TR/Offend.KD.532572 Trojan
[NOTE] The file was moved to the quarantine directory under the name '245bc9d6.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\165E\A9A.exe.vir
[DETECTION] Is the TR/Kazy.53796.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '29f3b8c9.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\165E\347.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen5 back-door program
[NOTE] The file was moved to the quarantine directory under the name '35a4acc5.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\165E\2EC.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.1069 back-door program
[NOTE] The file was moved to the quarantine directory under the name '0443e13a.qua'.
C:\Users\lenka\AppData\Roaming\Microsoft\15DE\514.exe.vir
[DETECTION] Is the TR/Kazy.53796.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '6826f530.qua'.

dnes 17:21
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\26AE\134.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\26AE\134.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.SD.3 back-door program
Begin scan in 'C:\Users\lenka\AppData\Roaming\Microsoft\565E\556.exe.vir'
C:\Users\lenka\AppData\Roaming\Microsoft\565E\556.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.483 back-door program

Beginning disinfection:
C:\Users\lenka\AppData\Roaming\Microsoft\565E\556.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.483 back-door program
[WARNING] The file was ignored!
C:\Users\lenka\AppData\Roaming\Microsoft\26AE\134.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.SD.3 back-door program
[WARNING] The file was ignored!

Re: firefox - proxy server

Napsal: 13 bře 2012 18:02
od Rudy
Pokud je AV nesmazal, udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

Re: firefox - proxy server

Napsal: 13 bře 2012 20:30
od tominator
zatim to vypada, ze avira uz nic dalsiho nenasla. az se neco ukaze, dal bych vedet.
zatim diky moc!
tom

Re: firefox - proxy server

Napsal: 13 bře 2012 21:12
od Rudy
Nemáte zač!
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz