VIRY.CZ

Zdravím,
nevím, do které jiné sekce bych to napsal, tak to zkusím tady.

Jedná se o problém s přílišnou konzumací dat skrz naší IP adresu.
Náš poskytovatel internetu nám zpomalil rychlost D/U, prý z důvodu, že jsme překročili limit.
Bydlíme v bytě 3+1, aktivně jsou připojené 4 MAC adresy. Všechny dohromady stáhly nebo natáhly kolem 40 gb dat. Provider nám nicméně dal přístup k našemu výpisu a aktuální konzumaci dat a tam je něco přes 200 GB.

Nenapadá mě nic jiného, než nějaká forma viru. Jelikož při kontrole routeru to nenašlo žádnou cizí adresu, jež by se nabourala na naše wifi ani app who is on my wifi nic nenašla. Jen naše známe adresy.

Měl by někdo nějakou radu, návod, jak bych teoreticky mohl zjistit, kde dochází k takovému úniku dat? Npříklad teď nikdo nic nestahuje a jen 2 počítače brouzdají po str. a zmizelo 1 GB během asi půl hodiny.

Díky předem za jakoukoliv pomoc.

Také zdravím!
Poprosím o log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Děkuji za radu, ale myslím si, že problém nebude v mém PC, jelikož mi traffic counter ukazoval 10,2 GB, ale spíš jsem potřeboval vědět nějakou app, která by dokázala sledovat dané adresy a odpozorovat průtok dat. Nicméně níže je log z Conbofix.

ComboFix 12-03-29.02 - rekoj 666 29.03.2012 21:41:29.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3887.2054 [GMT 2:00]
Spuštěný z: c:\users\rekoj 666\Desktop\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-28 do 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2074-05-07 17:38 . 2006-11-21 19:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-03-29 19:39 . 2012-03-29 19:39 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45BC44C3-B13C-4A0C-A39C-A3D8338052F2}\offreg.dll
2012-03-29 16:46 . 2012-03-29 16:46 -------- d-----w- c:\program files (x86)\IO3O LLC
2012-03-27 16:00 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45BC44C3-B13C-4A0C-A39C-A3D8338052F2}\mpengine.dll
2012-03-24 16:03 . 2012-03-24 16:03 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-24 16:03 . 2012-03-24 16:03 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-17 10:06 . 2012-03-17 10:06 -------- d-----w- c:\program files (x86)\SopCast
2012-03-15 16:45 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 16:45 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 16:45 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 21:33 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 21:33 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 21:33 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 21:33 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 21:33 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 21:33 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 21:32 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 21:32 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 21:32 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 21:32 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-12 11:55 . 2012-03-12 11:55 -------- d-----w- c:\program files (x86)\Common Files\Lingea Shared
2012-03-12 11:55 . 2012-03-12 11:55 -------- d-----w- c:\program files (x86)\Lingea
2012-03-07 18:18 . 2012-03-07 18:18 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-09-16 06:37 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 10:44 . 2012-02-16 21:57 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 21:57 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 3372856]
"Facebook Update"="c:\users\rekoj 666\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-19 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-03-06 563736]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-01-19 11266048]
"estar"="c:\system.sav\Util\HideDOS.EXE" [2006-11-28 77824]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\rekoj 666\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Lingea Update Center.lnk - c:\program files (x86)\Common Files\Lingea Shared\luc.exe [2012-3-12 275736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoRun MyWifi.lnk - c:\windows\Installer\{770AF65C-9677-46A2-8FDE-AECF7CCFF331}\_D7CD87D8729436F512A5A2.exe [2012-3-29 9662]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-04-05 103992]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-03-17 36864]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files (x86)\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-03-25 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-03-06 635416]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3449663549-1643857791-2925034261-1002Core.job
- c:\users\rekoj 666\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 16:59]
.
2012-03-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3449663549-1643857791-2925034261-1002UA.job
- c:\users\rekoj 666\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 16:59]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3449663549-1643857791-2925034261-1002Core.job
- c:\users\rekoj 666\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-22 20:48]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3449663549-1643857791-2925034261-1002UA.job
- c:\users\rekoj 666\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-22 20:48]
.
2012-03-25 c:\windows\Tasks\HPCeeScheduleForrekoj 666.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2012-03-08 c:\windows\Tasks\HPCeeScheduleForREKOJ666-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-04-05 1691192]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Stáhnout Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dlall.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\rekoj 666\AppData\Roaming\Mozilla\Firefox\Profiles\10gnojg4.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2012-03-29 21:56:34
ComboFix-quarantined-files.txt 2012-03-29 19:56
.
Před spuštěním: Volných bajtů: 126 549 340 160
Po spuštění: Volných bajtů: 126 312 448 000
.
- - End Of File - - F4BA1D0A6B5E784BF8B9231E228A665F

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\users\rekoj 666\AppData\Local\Facebook\Update

File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3449663549-1643857791-2925034261-1002Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3449663549-1643857791-2925034261-1002UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3449663549-1643857791-2925034261-1002Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3449663549-1643857791-2925034261-1002UA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Omlouvám se, ale někam mi zmizel exe soubor. Přetáhl jsem txt na ikonu combofixu, ale byl to jen installer a spustil se znova celý combofix. Nejsem si jist, jestli to nemělo trvat jen minutu. A nebo jsem z toho jelen. Každopádně můj pocit z toho, že se nám někdo naboural do wifi je větší, jelikož mi dnes tech. podpora providera řekla, že se z naší Ip adresy o půl 6 ráno stahovalo rychlostí 4mbit/s po delší dobu, přitom všechny PC byly vypnuté. Nevíte o nějaké aplikaci na monitoring přenosu dat? Díky za pomoc.

Pokud přetáhnete skript nad ikonu CF a pustíte, proběhne normální rutina jako při prvním skenu, jen CF bude mazat, nebo opravovat to, co je ve skriptu. Na závěr obdržíte nový log.

Zde tedy log:

ComboFix 12-03-29.02 - rekoj 666 30.03.2012 18:46:00.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3887.2066 [GMT 2:00]
Spuštěný z: c:\users\rekoj 666\Desktop\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\rekoj 666\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3449663549-1643857791-2925034261-1002Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3449663549-1643857791-2925034261-1002UA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3449663549-1643857791-2925034261-1002Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3449663549-1643857791-2925034261-1002UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\rekoj 666\AppData\Local\Facebook\Update
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdateHelper.msi
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdate.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ar.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bg.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bn.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ca.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_cs.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_da.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_de.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_el.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en-GB.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es-419.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_et.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fa.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fi.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fil.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fr.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_gu.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hi.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hr.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hu.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_id.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_is.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_it.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_iw.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ja.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_kn.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ko.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lt.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lv.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ml.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_mr.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ms.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_nl.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_no.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_or.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pl.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-BR.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-PT.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ro.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ru.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sk.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sl.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sr.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sv.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ta.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_te.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_th.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_tr.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_uk.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ur.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_vi.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-CN.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-TW.dll
c:\users\rekoj 666\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\windows\TEMP\ACLM\HP.ActiveCheckLocalMode.UpdateEngine.UpdateManager_1aa22367-96c0-4f93-a00c-1dfc4bfac276\HP.ActiveCheckLocalMode.Ccl.dll
c:\windows\TEMP\ACLM\HP.ActiveCheckLocalMode.UpdateEngine.UpdateManager_1aa22367-96c0-4f93-a00c-1dfc4bfac276\HP.ActiveCheckLocalMode.SharedObjects.dll
c:\windows\TEMP\ACLM\HP.ActiveCheckLocalMode.UpdateEngine.UpdateManager_1aa22367-96c0-4f93-a00c-1dfc4bfac276\HP.ActiveCheckLocalMode.UpdateEngine.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-28 do 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2074-05-07 17:38 . 2006-11-21 19:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-03-29 16:46 . 2012-03-29 16:46 -------- d-----w- c:\program files (x86)\IO3O LLC
2012-03-24 16:03 . 2012-03-24 16:03 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-24 16:03 . 2012-03-24 16:03 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-17 10:06 . 2012-03-17 10:06 -------- d-----w- c:\program files (x86)\SopCast
2012-03-15 16:45 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 16:45 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 16:45 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 21:33 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 21:33 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 21:33 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 21:33 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 21:33 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 21:33 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 21:32 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 21:32 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 21:32 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 21:32 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-12 11:55 . 2012-03-12 11:55 -------- d-----w- c:\program files (x86)\Common Files\Lingea Shared
2012-03-12 11:55 . 2012-03-12 11:55 -------- d-----w- c:\program files (x86)\Lingea
2012-03-07 18:18 . 2012-03-07 18:18 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-09-16 06:37 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 10:44 . 2012-02-16 21:57 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 21:57 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-29_19.52.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-03-29 16:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-30 16:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-29 16:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-30 16:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-29 16:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-30 16:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-26 17:22 . 2012-03-30 16:59 59702 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-30 16:59 51884 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-15 17:15 . 2012-03-30 16:59 18338 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3449663549-1643857791-2925034261-1002_UserData.bin
- 2010-09-15 17:49 . 2012-03-28 21:00 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-09-15 17:49 . 2012-03-30 16:56 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-03-29 16:21 . 2012-03-29 16:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-30 16:57 . 2012-03-30 16:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-29 16:21 . 2012-03-29 16:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-30 16:57 . 2012-03-30 16:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-03-29 16:28 619704 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-30 16:37 619704 c:\windows\system32\perfh009.dat
- 2010-05-26 18:03 . 2012-03-29 16:28 636572 c:\windows\system32\perfh005.dat
+ 2010-05-26 18:03 . 2012-03-30 16:37 636572 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-03-30 16:37 108024 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-29 16:28 108024 c:\windows\system32\perfc009.dat
+ 2010-05-26 18:03 . 2012-03-30 16:37 124082 c:\windows\system32\perfc005.dat
- 2010-05-26 18:03 . 2012-03-29 16:28 124082 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2012-03-30 16:56 425920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-28 21:00 425920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-05-26 18:14 . 2012-03-28 21:00 6672848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-05-26 18:14 . 2012-03-30 16:56 6672848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-10 21:44 . 2012-03-30 16:56 27541131 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3449663549-1643857791-2925034261-1002-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 3372856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-03-06 563736]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-01-19 11266048]
"estar"="c:\system.sav\Util\HideDOS.EXE" [2006-11-28 77824]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\rekoj 666\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Lingea Update Center.lnk - c:\program files (x86)\Common Files\Lingea Shared\luc.exe [2012-3-12 275736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoRun MyWifi.lnk - c:\windows\Installer\{770AF65C-9677-46A2-8FDE-AECF7CCFF331}\_D7CD87D8729436F512A5A2.exe [2012-3-29 9662]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-04-05 103992]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-03-17 36864]
S2 HPDayStarterService;HP DayStarter Service;c:\program files (x86)\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-03-25 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-03-06 635416]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3449663549-1643857791-2925034261-1002Core.job
- c:\users\rekoj 666\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-22 20:48]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3449663549-1643857791-2925034261-1002UA.job
- c:\users\rekoj 666\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-22 20:48]
.
2012-03-25 c:\windows\Tasks\HPCeeScheduleForrekoj 666.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2012-03-08 c:\windows\Tasks\HPCeeScheduleForREKOJ666-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-04-05 1691192]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Stáhnout Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dlall.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\rekoj 666\AppData\Roaming\Mozilla\Firefox\Profiles\10gnojg4.default\
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
.
**************************************************************************
.
Celkový čas: 2012-03-30 19:04:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-30 17:04
ComboFix2.txt 2012-03-29 19:56
.
Před spuštěním: Volných bajtů: 127 592 185 856
Po spuštění: Volných bajtů: 127 159 951 360
.
- - End Of File - - B74D370ED0BD05D7A49C4B356F0E1B62

Smazáno. Nastala nějaká změna?

VIRY.CZ

Možná infiltrace viru, přílišná konzumace dat

Možná infiltrace viru, přílišná konzumace dat

Re: Možná infiltrace viru, přílišná konzumace dat

Re: Možná infiltrace viru, přílišná konzumace dat

Re: Možná infiltrace viru, přílišná konzumace dat

Re: Možná infiltrace viru, přílišná konzumace dat

Re: Možná infiltrace viru, přílišná konzumace dat

Re: Možná infiltrace viru, přílišná konzumace dat

Re: Možná infiltrace viru, přílišná konzumace dat