VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Opět Skype

https://forum.viry.cz:443/viewtopic.php?t=124953

Stránka 1 z 1

Opět Skype

Napsal: 11 říj 2012 18:16
od Unown
Zdravím
jsem u známých a co se nestalo -> opět skype virus :(
zatím projeto Eset Online Scannerem a Spybotem

Eset Online našel a smazal :
  • C:\Program Files (x86)\ESET\MiNODLogin\MiNODLogin.jar Java/Applications virus smazán - ulo?en do karantény
    C:\Program Files (x86)\ESET\MiNODLogin\MiNODLoginLib.dll Win32/RiskWare.HackAV.IL aplikace vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\2AF7.exe Win32/Rodpicom.A ?erv vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\2C25.exe varianta infiltrace Win32/Injector.XOE trojský k?? vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\3902.exe varianta infiltrace Win32/Injector.XOE trojský k?? vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\3B6A.exe varianta infiltrace Win32/Injector.XPB trojský k?? vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\3D62.exe varianta infiltrace Win32/Injector.XOE trojský k?? vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\4204.exe Win32/Agent.NKZ ?erv vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\4C1C.exe varianta infiltrace Win32/Injector.XOE trojský k?? vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\530E.exe Win32/Agent.NKZ ?erv vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\6801.exe Win32/Agent.NKZ ?erv vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\8AE0.exe Win32/Agent.NKZ ?erv vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\A256.exe Win32/Rodpicom.A ?erv vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\A933.exe varianta infiltrace Win32/Injector.XOE trojský k?? vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\AA90.exe Win32/Rodpicom.A ?erv vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\B0C8.exe Win32/Agent.NKZ ?erv vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\B8D3.exe Win32/Rodpicom.A ?erv vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\C1BA.exe varianta infiltrace Win32/Injector.XOE trojský k?? vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\C314.exe Win32/Agent.NKZ ?erv vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\CCA1.exe Win32/Agent.NKZ ?erv vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\D377.exe Win32/Agent.NKZ ?erv vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\E87A.exe Win32/Rodpicom.A ?erv vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\E9A6.exe varianta infiltrace Win32/Injector.XOE trojský k?? vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\Eqcccg.exe Win32/Dorkbot.B ?erv vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\AppData\Roaming\F9A9.exe Win32/Rodpicom.A ?erv vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\Downloads\Setup.exe varianta infiltrace Win32/InstallCore.AT aplikace vylé?en smazáním - ulo?en do karantény
    C:\Users\Eli?ka\Downloads\aln31001\lf-31001.exe Win32/RiskWare.HackAV.IL aplikace vylé?en smazáním - ulo?en do karantény

teď posílám LOG z HJT:
  • Logfile of random's system information tool 1.09 (written by random/random)
    Run by Eliška at 2012-10-11 19:22:13
    Microsoft Windows 7 Ultimate Service Pack 1
    System drive C: has 267 GB (75%) free of 357 GB
    Total RAM: 4042 MB (58% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:22:14, on 11.10.2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16450)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Eliška\Desktop\RSIT.exe
    C:\Users\Eliška\Desktop\RSIT.exe
    C:\Program Files (x86)\trend micro\Eliška.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Eqcccg] C:\Users\Eliška\AppData\Roaming\Eqcccg.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\ZÁBAVA\PROGRAMY\Photoshop Element 9\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 8182 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Adobe Flash Player Updater.job
    C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2695806887-277649225-3199552647-1000Core.job
    C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2695806887-277649225-3199552647-1000UA.job
    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2695806887-277649225-3199552647-1000Core.job
    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2695806887-277649225-3199552647-1000UA.job

    =========Mozilla firefox=========

    ProfilePath - C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\r37gu9kx.default

    prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
    "Description"=Adobe® Flash® Player 11.4.402.287 Plugin
    "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
    "Description"=
    "Path"=C:\Windows\SysWOW64\npDeployJava1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
    "Description"=Oracle® Next Generation Java™ Plug-In
    "Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
    "Description"=
    "Path"=disabled

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
    "Description"=Ag Player Plugin
    "Path"=C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
    "Description"=Office Authorization plug-in for NPAPI browsers
    "Path"=C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
    "Description"=Microsoft SharePoint Plug-in for Firefox
    "Path"=C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

    C:\Program Files (x86)\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd}

    C:\Program Files (x86)\Mozilla Firefox\components\
    binary.manifest
    browsercomps.dll

    C:\Program Files (x86)\Mozilla Firefox\searchplugins\
    google.xml
    heureka-cz.xml
    jyxo-cz.xml
    seznam-cz.xml
    slunecnice-cz.xml
    wikipedia-cz.xml

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
    Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2010-02-28 561552]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2010-09-07 43608]
    "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-04-06 641664]
    "AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-01-19 3477312]
    "SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
    "Eqcccg"=C:\Users\Eliška\AppData\Roaming\Eqcccg.exe []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=credssp.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "ConsentPromptBehaviorAdmin"=5
    "ConsentPromptBehaviorUser"=3
    "EnableUIADesktopToggle"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoActiveDesktop"=1
    "NoActiveDesktopChanges"=1
    "ForceActiveDesktopOn"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
    "vidc.mrle"=msrle32.dll
    "vidc.msvc"=msvidc32.dll
    "msacm.imaadpcm"=imaadp32.acm
    "msacm.msg711"=msg711.acm
    "msacm.msgsm610"=msgsm32.acm
    "msacm.msadpcm"=msadp32.acm
    "midimapper"=midimap.dll
    "wavemapper"=msacm32.drv
    "vidc.uyvy"=msyuv.dll
    "vidc.yuy2"=msyuv.dll
    "vidc.yvyu"=msyuv.dll
    "vidc.iyuv"=iyuv_32.dll
    "vidc.i420"=iyuv_32.dll
    "vidc.yvu9"=tsbyuv.dll
    "msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
    "vidc.cvid"=iccvid.dll
    "wave1"=wdmaud.drv
    "midi1"=wdmaud.drv
    "mixer1"=wdmaud.drv
    "aux1"=wdmaud.drv
    "vidc.VP60"=C:\Windows\system32\vp6vfw.dll
    "vidc.VP61"=C:\Windows\system32\vp6vfw.dll
    "msacm.divxa32"=msaud32_divx.acm
    "wave"=wdmaud.drv
    "midi"=wdmaud.drv
    "mixer"=wdmaud.drv
    "aux"=wdmaud.drv
    "vidc.mjpg"=pvmjpg30.dll

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1
    .js - open - C:\Windows\System32\WScript.exe "%1" %*

    ======List of files/folders created in the last 1 month======

    2012-10-11 19:16:46 ----D---- C:\Program Files (x86)\trend micro
    2012-10-11 19:16:45 ----D---- C:\rsit
    2012-10-11 18:42:43 ----SHD---- C:\Config.Msi
    2012-10-10 19:42:49 ----A---- C:\Users\Eliška\AppData\Roaming\312E.exe
    2012-10-10 18:52:15 ----A---- C:\Users\Eliška\AppData\Roaming\6F28.exe
    2012-10-10 14:20:44 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
    2012-10-10 14:20:44 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-10-10 14:20:38 ----A---- C:\Windows\SysWOW64\setup16.exe
    2012-10-10 14:20:38 ----A---- C:\Windows\SysWOW64\KernelBase.dll
    2012-10-10 14:20:38 ----A---- C:\Windows\SysWOW64\kernel32.dll
    2012-10-10 14:20:37 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 14:20:37 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 14:20:37 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 14:20:37 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 14:20:37 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 14:20:37 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 14:20:37 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 14:20:37 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 14:20:37 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 14:20:37 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 14:20:37 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 14:20:37 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 14:20:37 ----A---- C:\Windows\SysWOW64\wow32.dll
    2012-10-10 14:20:37 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-10 14:20:37 ----A---- C:\Windows\SysWOW64\instnm.exe
    2012-10-10 14:20:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 14:20:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 14:20:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 14:20:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 14:20:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 14:20:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 14:20:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 14:20:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 14:20:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 14:20:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 14:20:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 14:20:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 14:20:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 14:20:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 14:20:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 14:20:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 14:20:36 ----A---- C:\Windows\SysWOW64\user.exe
    2012-10-10 14:20:02 ----A---- C:\Windows\SysWOW64\kerberos.dll
    2012-10-10 14:19:57 ----A---- C:\Windows\SysWOW64\tzres.dll
    2012-10-10 14:19:52 ----A---- C:\Windows\SysWOW64\wintrust.dll
    2012-10-10 14:19:48 ----A---- C:\Windows\SysWOW64\crypt32.dll
    2012-10-10 14:19:47 ----A---- C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-10 14:19:47 ----A---- C:\Windows\SysWOW64\cryptnet.dll
    2012-10-10 07:17:41 ----A---- C:\Users\Eliška\AppData\Roaming\4C0E.exe
    2012-10-09 18:30:53 ----A---- C:\Users\Eliška\AppData\Roaming\782C.exe
    2012-10-07 19:09:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
    2012-10-07 19:09:00 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-10-06 22:30:25 ----A---- C:\Users\Eliška\AppData\Roaming\6333.exe
    2012-10-06 22:08:31 ----A---- C:\Users\Eliška\AppData\Roaming\58F5.exe
    2012-10-06 21:37:56 ----A---- C:\Users\Eliška\AppData\Roaming\570F.exe
    2012-10-06 21:13:21 ----A---- C:\Users\Eliška\AppData\Roaming\D58F.exe
    2012-10-06 20:49:21 ----A---- C:\Users\Eliška\AppData\Roaming\DE06.exe
    2012-10-06 19:00:45 ----A---- C:\Users\Eliška\AppData\Roaming\6FC3.exe
    2012-09-22 16:31:14 ----A---- C:\Windows\SysWOW64\vbscript.dll
    2012-09-22 16:31:14 ----A---- C:\Windows\SysWOW64\mshtmled.dll
    2012-09-22 16:31:13 ----A---- C:\Windows\SysWOW64\url.dll
    2012-09-22 16:31:13 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-22 16:31:13 ----A---- C:\Windows\SysWOW64\ieui.dll
    2012-09-22 16:31:12 ----A---- C:\Windows\SysWOW64\urlmon.dll
    2012-09-22 16:31:11 ----A---- C:\Windows\SysWOW64\wininet.dll
    2012-09-22 16:31:11 ----A---- C:\Windows\SysWOW64\msfeeds.dll
    2012-09-22 16:31:10 ----A---- C:\Windows\SysWOW64\jscript9.dll
    2012-09-22 16:31:10 ----A---- C:\Windows\SysWOW64\jscript.dll
    2012-09-22 16:31:09 ----A---- C:\Windows\SysWOW64\iertutil.dll
    2012-09-22 16:31:08 ----A---- C:\Windows\SysWOW64\jsproxy.dll
    2012-09-22 16:31:07 ----A---- C:\Windows\SysWOW64\mshtml.dll
    2012-09-22 16:31:03 ----A---- C:\Windows\SysWOW64\ieframe.dll
    2012-09-12 15:44:31 ----A---- C:\Windows\SysWOW64\d3d10level9.dll

    ======List of files/folders modified in the last 1 month======

    2012-10-11 19:22:13 ----D---- C:\Windows\Temp
    2012-10-11 19:16:46 ----RD---- C:\Program Files (x86)
    2012-10-11 18:45:09 ----D---- C:\Program Files (x86)\ESET
    2012-10-11 18:43:18 ----SHD---- C:\Windows\Installer
    2012-10-11 18:43:18 ----D---- C:\ProgramData\Skype
    2012-10-11 18:43:17 ----D---- C:\Program Files (x86)\Common Files
    2012-10-11 18:43:09 ----D---- C:\Users\Eliška\AppData\Roaming\Skype
    2012-10-11 18:42:58 ----SHD---- C:\System Volume Information
    2012-10-11 18:42:50 ----D---- C:\Windows\System32
    2012-10-10 18:05:35 ----D---- C:\Windows\winsxs
    2012-10-10 18:04:17 ----D---- C:\Windows\SysWOW64\cs-CZ
    2012-10-10 18:04:17 ----D---- C:\Windows\SysWOW64
    2012-10-10 18:04:15 ----D---- C:\Windows\AppPatch
    2012-10-09 19:04:53 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-07 19:09:00 ----HD---- C:\ProgramData
    2012-10-07 18:18:33 ----D---- C:\Windows\Prefetch
    2012-10-05 08:05:46 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
    2012-10-04 19:21:33 ----D---- C:\Program Files (x86)\Mozilla Firefox
    2012-10-03 13:18:17 ----D---- C:\Users\Eliška\AppData\Roaming\Mozilla
    2012-09-27 20:23:01 ----D---- C:\Windows\rescache
    2012-09-22 16:32:54 ----D---- C:\Windows\SysWOW64\migration
    2012-09-22 16:32:54 ----D---- C:\Program Files (x86)\Internet Explorer
    2012-09-15 20:05:08 ----D---- C:\Windows\inf

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys []
    R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys []
    R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys []
    R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
    R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys []
    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
    R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
    R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
    R2 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
    R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys []
    R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys []
    R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
    R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
    R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys []
    R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys []
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys []
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
    R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys []
    R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
    R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys []
    S2 AODDriver4.1;AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys []
    S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []
    S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
    S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
    S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
    S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys []
    S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
    S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
    S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
    S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
    S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys []
    S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []
    S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9; C:\ZÁBAVA\PROGRAMY\Photoshop Element 9\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
    R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
    R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
    R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
    R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
    R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
    S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-04 114144]
    S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

    -----------------EOF-----------------

Re: Opět Skype

Napsal: 11 říj 2012 18:43
od Rudy
Také zdravím!
Ještě tam něco zbylo. Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: Opět Skype

Napsal: 14 říj 2012 18:37
od Unown
ComboFix 12-10-14.03 - Eliška 14.10.2012 19:16:58.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4042.3104 [GMT 2:00]
Spuštěný z: c:\users\EliÜka\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Eliška\AppData\Roaming\312E.exe
c:\users\Eliška\AppData\Roaming\4C0E.exe
c:\users\Eliška\AppData\Roaming\570F.exe
c:\users\Eliška\AppData\Roaming\58F5.exe
c:\users\Eliška\AppData\Roaming\6333.exe
c:\users\Eliška\AppData\Roaming\6F28.exe
c:\users\Eliška\AppData\Roaming\6FC3.exe
c:\users\Eliška\AppData\Roaming\782C.exe
c:\users\Eliška\AppData\Roaming\D58F.exe
c:\users\Eliška\AppData\Roaming\DE06.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-14 do 2012-10-14 )))))))))))))))))))))))))))))))
.
.
2012-10-14 17:25 . 2012-10-14 17:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-14 17:25 . 2012-10-14 17:25 -------- d-----w- c:\users\Vanesinka\AppData\Local\temp
2012-10-14 14:12 . 2012-10-14 16:08 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E569D82-D926-463B-AA86-DA565A094E41}\offreg.dll
2012-10-12 12:11 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E569D82-D926-463B-AA86-DA565A094E41}\mpengine.dll
2012-10-11 17:16 . 2012-10-11 17:22 -------- d-----w- c:\program files (x86)\trend micro
2012-10-11 17:16 . 2012-10-11 17:16 -------- d-----w- C:\rsit
2012-10-11 16:42 . 2012-10-11 16:42 -------- d-----w- c:\windows\system32\appmgmt
2012-10-10 12:19 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 12:19 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 12:19 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 12:19 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 12:19 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 12:19 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 12:19 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 12:19 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 12:19 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 12:19 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-07 17:09 . 2012-10-07 17:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-07 17:09 . 2012-10-07 17:11 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-10-04 17:21 . 2012-10-04 17:21 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-26 17:12 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 13:30 . 2012-06-22 17:51 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 17:04 . 2012-06-22 17:36 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 17:04 . 2012-06-22 17:36 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 18:12 . 2012-09-12 13:44 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 13:44 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 13:44 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 13:44 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 12:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 13:44 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 13:44 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-18 18:15 . 2012-08-15 15:51 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-04 114144]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-08 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-11 77952]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-11 37504]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-08 283200]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\zábava\PROGRAMY\Photoshop Element 9\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 17:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\r37gu9kx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-Eqcccg - c:\users\Eliška\AppData\Roaming\Eqcccg.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-10-14 19:36:03
ComboFix-quarantined-files.txt 2012-10-14 17:36
.
Před spuštěním: Volných bajtů: 279 597 436 928
Po spuštění: Volných bajtů: 281 140 367 360
.
- - End Of File - - 057229C4B2753BB761FE4345FBB266C0

Re: Opět Skype

Napsal: 14 říj 2012 18:46
od Rudy
Ještě dočistíme. Přesuňte ComboFix na kořenový adresář c:\. Otevřte poznámkový blok a zkopírujte do něj:
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::
Uložte opět na kořenový adresář C:\ jako CFScript.txt. Pak jej myší přetáhněte v průzkumníku windows (nebo v jiném souborovém manažéru) nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz