VIRY.CZ

Dobrý den, mam v Desktopu (legální Vista SP2 32) šmejdy co mi zaměstnávají procesor. Emsisoft Emergency Kit vidí dva

1) Trace.File.Viking (A) (C:\WINDOWS\rundl123.exe)

2) Trace.File.BrowserAid.RunDLL16 (A) (C:\WINDOWS\rundll16.exe)


Po smazáni se automaticky obnovují. Prosím poradte co s tím.

ComboFix 13-02-26.01 - Timah 27.02.2013 2:46.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.3563.2344 [GMT 1:00]
Spuštěný z: f:\zaloha\Internet\Pop up spy ware\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Antivirus *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-27 do 2013-02-27 )))))))))))))))))))))))))))))))
.
.
2013-02-27 01:52 . 2013-02-27 01:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-26 23:15 . 2013-02-26 23:16 -------- d-----w- c:\program files\SpywareBlaster
2013-02-26 23:15 . 2010-01-10 18:40 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2013-02-26 23:07 . 2013-02-26 23:07 -------- d-----w- c:\program files\MRU-Blaster
2013-02-26 23:07 . 2012-05-25 12:03 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2013-02-26 22:49 . 2013-02-26 22:50 -------- d-----w- c:\program files\Pale Moon
2013-02-26 22:45 . 2013-02-26 22:45 -------- d-----w- c:\windows\Sun
2013-02-26 16:10 . 2013-02-26 16:10 -------- d-----w- c:\program files\TagScanner
2013-02-26 15:34 . 2013-02-26 15:34 -------- d-----w- c:\program files\MusicBrainz Picard
2013-02-23 18:28 . 2013-02-23 18:28 -------- d-----w- c:\program files\Winamp Detect
2013-02-23 18:28 . 2013-02-23 18:33 -------- d-----w- c:\program files\Winamp
2013-02-21 22:32 . 2013-02-21 22:32 -------- d-----w- c:\programdata\Sword
2013-02-21 22:31 . 2013-02-21 22:31 -------- d-----w- c:\program files\CrossWire
2013-02-21 10:35 . 2013-02-21 10:35 -------- d-----w- c:\users\UpdatusUser
2013-02-21 10:35 . 2013-02-21 10:35 -------- d-----w- c:\programdata\NVIDIA
2013-02-21 10:34 . 2013-02-10 00:35 3010336 ----a-w- c:\windows\system32\nvsvc.dll
2013-02-21 10:34 . 2013-02-10 00:35 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2013-02-21 10:34 . 2013-02-10 00:35 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-02-21 10:34 . 2013-02-10 00:35 4115232 ----a-w- c:\windows\system32\nvcpl.dll
2013-02-21 10:34 . 2013-02-10 00:35 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-02-21 10:33 . 2013-02-21 10:33 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-02-21 10:32 . 2013-02-10 03:20 8944416 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-21 10:32 . 2013-02-10 03:20 6267240 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-21 10:32 . 2013-02-10 03:20 20534560 ----a-w- c:\windows\system32\nvoglv32.dll
2013-02-21 10:32 . 2013-02-10 03:20 12862400 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-02-21 10:32 . 2013-02-10 03:20 892704 ----a-w- c:\windows\system32\nvdispgenco3220162.dll
2013-02-21 10:32 . 2013-02-10 03:20 7964680 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-21 10:32 . 2013-02-10 03:20 2726176 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-21 10:32 . 2013-02-10 03:20 2528840 ----a-w- c:\windows\system32\nvapi.dll
2013-02-21 10:32 . 2013-02-10 03:20 1990944 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-21 10:32 . 2013-02-10 03:20 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-21 10:32 . 2013-02-10 03:20 15038296 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-21 10:32 . 2013-02-10 03:20 1012512 ----a-w- c:\windows\system32\nvdispco3220294.dll
2013-02-20 19:29 . 2013-02-20 19:28 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-15 14:56 . 2012-12-19 14:36 188328 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-02-15 14:50 . 2013-02-15 14:56 -------- dc----w- c:\windows\system32\DRVSTORE
2013-02-15 14:50 . 2012-12-19 14:35 94632 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-02-15 14:49 . 2013-02-15 14:49 -------- d-----w- c:\program files\Oracle
2013-02-15 00:04 . 2013-02-27 00:08 1154072 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-02-14 23:53 . 2013-02-14 23:53 -------- d-----w- C:\VTRoot
2013-02-12 23:58 . 2013-02-12 23:58 572928 ----a-w- c:\windows\system32\msvcp90.dll
2013-02-12 23:58 . 2013-02-12 23:58 655872 ----a-w- c:\windows\system32\msvcr90.dll
2013-02-12 23:30 . 2013-02-12 23:30 -------- d---a-w- c:\windows\VDLL.DLL
2013-02-12 23:30 . 2013-02-12 23:30 -------- d---a-w- c:\windows\system32\runouce.exe
2013-02-12 23:30 . 2013-02-12 23:30 -------- d---a-w- c:\windows\RUNDL132.EXE
2013-02-12 23:30 . 2013-02-12 23:30 -------- d---a-w- c:\windows\logo_1.exe
2013-02-12 23:20 . 2013-02-12 23:20 632064 ----a-w- c:\windows\system32\msvcr80.dll
2013-02-12 23:20 . 2013-02-12 23:20 554240 ----a-w- c:\windows\system32\msvcp80.dll
2013-02-12 23:20 . 2013-02-12 23:20 34048 ----a-w- c:\windows\system32\eEmpty.exe
2013-02-12 23:20 . 2013-02-12 23:20 -------- d-----w- c:\program files\Common Files\MicroWorld
2013-02-12 23:20 . 2013-02-12 23:20 -------- d-----w- c:\programdata\MicroWorld
2013-02-12 22:06 . 2013-02-26 09:42 -------- d-----w- c:\program files\CCleaner
2013-02-12 19:16 . 2013-01-04 01:38 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-02-12 19:16 . 2013-01-04 11:28 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-12 19:16 . 2013-01-05 05:26 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-12 19:16 . 2013-01-05 05:26 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-12 19:15 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-02-12 12:07 . 2013-02-12 14:51 -------- d-----w- c:\program files\cFosSpeed
2013-02-12 12:07 . 2013-01-29 13:27 993632 ----a-w- c:\windows\system32\drivers\cfosspeed6.sys
2013-02-12 12:07 . 2013-02-12 12:07 -------- d-----w- c:\programdata\cFos
2013-02-09 00:25 . 2013-02-09 00:25 17488 ----a-w- c:\windows\etdrv.sys
2013-02-09 00:24 . 2013-02-09 00:24 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2013-02-09 00:18 . 2013-02-09 00:24 17488 ----a-w- c:\windows\gdrv.sys
2013-02-09 00:11 . 2013-02-09 00:11 -------- d-----w- c:\programdata\InstallShield
2013-02-09 00:11 . 2005-02-17 06:15 73728 ----a-w- c:\windows\system32\ISUSPM.cpl
2013-02-09 00:05 . 2011-11-02 09:48 19056 ----a-w- c:\windows\system32\drivers\AppleCharger.sys
2013-02-09 00:05 . 2010-04-06 15:30 31272 ----a-w- c:\windows\system32\AppleChargerSrv.exe
2013-02-08 23:20 . 2013-02-08 23:20 -------- d-----w- c:\program files\Common Files\Adobe
2013-02-08 23:19 . 2013-02-09 00:11 -------- d-----w- c:\program files\GIGABYTE
2013-02-08 11:37 . 2013-02-08 11:37 -------- d-----w- c:\program files\StarFisher
2013-02-07 16:21 . 2013-02-07 16:21 -------- d-----w- c:\program files\Yamicsoft
2013-02-07 15:42 . 2013-02-07 15:42 -------- d-----w- c:\program files\Common Files\Power Registry Cleaner
2013-02-07 15:40 . 2013-02-07 15:40 -------- d-----w- c:\program files\VAS Software
2013-02-07 15:02 . 2013-02-07 15:04 -------- d-----w- c:\program files\PowerTools Lite 2013
2013-02-06 10:33 . 2013-02-06 10:33 21664 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2013-02-06 10:30 . 2013-02-06 10:30 -------- d-----w- c:\program files\HWiNFO32
2013-02-05 18:10 . 2013-02-05 18:10 -------- d-----w- c:\program files\SumatraPDF
2013-02-05 12:05 . 2013-02-05 12:05 -------- d-----w- c:\program files\SiSoftware
2013-02-05 11:53 . 2013-02-08 22:00 -------- d-----w- c:\program files\FastStone Capture
2013-02-05 03:26 . 2013-02-05 03:26 -------- d-----w- c:\program files\Glorylogic
2013-02-05 03:17 . 2013-02-05 03:17 -------- d-----w- c:\programdata\Canneverbe Limited
2013-02-05 03:17 . 2013-02-05 03:17 -------- d-----w- c:\program files\CDBurnerXP
2013-02-04 11:33 . 2013-02-26 12:07 -------- d-----w- c:\programdata\Soulseek
2013-02-04 11:33 . 2013-02-04 11:33 -------- d-----w- c:\program files\SoulseekNS
2013-02-04 11:26 . 2013-02-04 11:26 -------- d-----w- c:\program files\Common Files\Java
2013-02-04 11:26 . 2013-02-20 19:28 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-04 11:26 . 2013-02-20 19:28 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-04 11:25 . 2013-02-20 19:26 -------- d-----w- c:\program files\Java
2013-02-04 11:19 . 2013-02-04 11:23 -------- d-----w- c:\program files\uTorrent
2013-02-04 00:34 . 2013-02-04 00:37 -------- d-----w- c:\program files\HERI Editor
2013-02-03 22:53 . 2013-02-03 22:53 -------- d-----w- c:\programdata\Intel
2013-02-03 22:51 . 2012-07-12 18:56 55104 ----a-w- c:\windows\system32\drivers\HECI.sys
2013-02-03 22:31 . 2013-02-03 22:31 -------- d-----w- c:\windows\system32\WinFast
2013-02-03 22:20 . 2013-02-03 22:20 -------- d-----w- C:\NVIDIA
2013-02-03 22:14 . 2013-02-03 22:14 -------- d-----w- c:\windows\system32\RTCOM
2013-02-03 22:13 . 2009-11-19 00:42 1783056 ----a-w- c:\windows\system32\WavesLib.dll
2013-02-03 22:13 . 2009-11-24 15:55 345328 ----a-w- c:\windows\system32\SRSTSXT.dll
2013-02-03 22:13 . 2009-11-24 15:55 185584 ----a-w- c:\windows\system32\SRSTSHD.dll
2013-02-03 22:13 . 2009-11-24 15:55 173296 ----a-w- c:\windows\system32\SRSHP360.dll
2013-02-03 22:13 . 2009-11-24 15:55 140528 ----a-w- c:\windows\system32\SRSWOW.dll
2013-02-03 21:48 . 2013-02-15 11:31 -------- d-----w- c:\programdata\DriverGenius
2013-02-03 21:47 . 2013-02-03 21:47 -------- d-----w- c:\program files\Driver-Soft
2013-02-03 20:51 . 1999-05-05 05:22 8944 ----a-w- c:\windows\system\USBSCAN.SYS
2013-02-03 20:51 . 2013-02-03 20:54 -------- d-----w- c:\program files\ScannerU
2013-02-03 20:45 . 2005-11-23 12:55 53248 ----a-w- c:\windows\system32\csnpstd2.dll
2013-02-03 20:44 . 2013-02-03 20:44 -------- d-----w- c:\windows\Album
2013-02-03 20:44 . 2013-02-03 20:44 -------- d-----w- c:\program files\Common Files\Trek310
2013-02-03 20:44 . 2007-06-26 09:06 343808 ----a-w- c:\windows\system32\drivers\snpstd2.sys
2013-02-03 20:44 . 2007-04-13 12:52 307200 ----a-w- c:\windows\vsnpstd2.exe
2013-02-03 20:44 . 2007-03-29 14:07 36864 ----a-w- c:\windows\system32\dsnpstd2.ax
2013-02-03 20:44 . 2007-03-29 13:52 36864 ----a-w- c:\windows\system32\vsnpstd2.dll
2013-02-03 20:44 . 2004-09-24 15:24 57344 ----a-w- c:\windows\system32\rsnpstd2.dll
2013-02-03 20:44 . 2003-08-05 12:48 65536 ----a-w- c:\windows\amcap.exe
2013-02-03 20:44 . 2013-02-03 20:44 -------- d-----w- c:\program files\Trek 310
2013-02-03 12:09 . 2013-02-24 02:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-02-03 12:09 . 2013-02-03 12:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-02-03 11:29 . 2013-02-08 22:49 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-02-03 10:27 . 2012-11-01 09:21 27600 ----a-w- c:\windows\system32\drivers\CisUtMonitor.sys
2013-02-03 10:27 . 2013-02-03 10:27 -------- d-----w- c:\program files\Uninstall Tool
2013-02-02 21:53 . 2013-02-09 11:05 -------- d-----w- c:\program files\Opera
2013-02-02 15:15 . 2013-02-02 15:15 -------- d-----w- c:\program files\Portable
2013-02-02 15:03 . 2013-02-02 15:03 -------- d-----w- c:\program files\CleanMyPC
2013-02-02 11:23 . 2013-02-26 09:34 -------- d-----w- c:\programdata\ParetoLogic
2013-02-02 10:46 . 2013-02-02 10:46 -------- d-----w- c:\programdata\Registry Recycler
2013-02-02 10:46 . 2013-02-02 10:48 -------- d-----w- c:\program files\Registry Recycler
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 23:31 . 2013-02-12 23:30 12530398 ----a-w- c:\windows\REGBK00.ZIP
2013-02-01 03:20 . 2013-02-01 03:20 203776 ----a-w- c:\windows\system32\webcheck.dll
2013-01-24 21:43 . 2013-01-24 21:43 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-01-24 21:43 . 2013-01-24 21:43 354752 ----a-w- c:\windows\system32\guard32.dll
2013-01-24 21:42 . 2013-01-24 21:42 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-01-24 21:42 . 2013-01-24 21:42 263888 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-01-16 18:51 . 2013-01-16 18:51 84416 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-01-16 18:51 . 2013-01-16 18:51 43216 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-01-16 18:51 . 2013-01-16 18:51 577816 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-01-16 18:51 . 2013-01-16 18:51 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-12-19 14:36 . 2012-12-19 14:36 104872 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-12-19 14:35 . 2012-12-19 14:35 116136 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-12-19 14:35 . 2012-12-19 14:35 175016 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-12-19 05:41 . 2012-12-31 09:39 96488 ----a-w- c:\windows\system32\drivers\L1C60x86.sys
2013-02-20 08:01 . 2013-02-20 08:00 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"AIMP3"="c:\program files\AIMP3\AIMP3.exe" [2013-02-01 1705416]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
"cz.seznam.software.autoupdate"="c:\users\Timah\AppData\Roaming\Seznam.cz\szninstall.exe" [2012-09-13 1009288]
"Seznam Postak"="c:\users\Timah\AppData\Roaming\Seznam.cz\bin\postak.exe" [2012-12-19 323752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-01-24 1430736]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-12-13 11734240]
"snpstd2"="c:\windows\vsnpstd2.exe" [2007-04-13 307200]
"cFosSpeed"="c:\program files\cFosSpeed\CFSTR.exe" [2013-02-03 307784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GBTUpd"="c:\program files\GIGABYTE\UpdManager\PreRun.exe" [2008-04-03 297480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
KYESCAN.lnk - c:\progra~1\ScannerU\KYESCAN.exe [2013-2-3 184320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3746376191-3457577884-898055052-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S3 3xHybrid;WinFast DTV1000 S;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
ipripsvc REG_MULTI_SZ iprip
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
rsmsvcs REG_MULTI_SZ ntmssvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-22 14:53 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-01 22:08]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-01 22:08]
.
2013-02-24 c:\windows\Tasks\Registry Recycler Scheduled Scan - Timah.job
- c:\program files\Registry Recycler\RegistryRecycler.exe [2013-02-02 15:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
mStart Page = about:blank
TCP: DhcpNameServer = 83.240.0.214 83.240.0.136
TCP: Interfaces\{EFFE70C7-8980-4766-851E-9DC38AFCF5D8}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-29 01:24; captiondownloader@hiephm.com; c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\extensions\captiondownloader@hiephm.com.xpi
FF - ExtSQL: 2013-01-09 16:10; omnibar@ajitk.com; c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\extensions\omnibar@ajitk.com.xpi
FF - ExtSQL: 2013-01-16 14:50; {06997db0-c027-4d5f-bd37-b0d9230226ea}; c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea}.xpi
FF - ExtSQL: 2013-01-16 14:54; CookiesIE@yahoo.com; c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\extensions\CookiesIE@yahoo.com.xpi
FF - ExtSQL: 2013-01-16 22:20; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF - ExtSQL: 2013-01-16 22:42; {1018e4d6-728f-4b20-ad56-37578a4de76b}; c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - ExtSQL: 2013-01-16 22:44; ipfuck@p4ul.info; c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\extensions\ipfuck@p4ul.info.xpi
FF - ExtSQL: 2013-02-06 01:55; openlinkintab@piro.sakura.ne.jp; c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\extensions\openlinkintab@piro.sakura.ne.jp.xpi
FF - ExtSQL: 2013-02-06 02:03; tabutilslite@ithinc.cn; c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\extensions\tabutilslite@ithinc.cn.xpi
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: content.notify.interval - 600000
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 2
FF - user.js: browser.search.openintab - true
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-27 02:52
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(4296)
c:\windows\system32\guard32.dll
c:\windows\system32\taskschd.dll
.
Celkový čas: 2013-02-27 02:54:34
ComboFix-quarantined-files.txt 2013-02-27 01:54
ComboFix2.txt 2013-02-27 00:04
.
Před spuštěním: Volných bajtů: 248 563 453 952
Po spuštění: Volných bajtů: 248 537 759 744
.
- - End Of File - - AD0FA3EC7A7ECD236825563FA453E8DA

1. Proč spouštíte CF, utilitu pro profesionály, bez předchozí konzultace s rádcem? Hodláte si zbořit systém?
2. Tyhle soubory jsou vedeny sice jako šmejdy, ale nikdy nebyla zjištěna u nic žádná nekalá činnost. Běžně se vy systému ponechávají. Na fóru najdete spoustu takových případů. Já je mám v PC také a ničemu nevadí a ani nepozoruji nějaké zpomalení. Ve vašem logu je nevidím. Chcete-li, přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
C:\WINDOWS\rundl123.exe
C:\WINDOWS\rundll16.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Firefox::
FF - ProfilePath - c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-29 01:24; captiondownloader@hiephm.com; c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\extensions\captiondownloader@hiephm.com.xpi
FF - ExtSQL: 2013-01-09 16:10; omnibar@ajitk.com; c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\extensions\omnibar@ajitk.com.xpi
FF - ExtSQL: 2013-01-16 14:50; {06997db0-c027-4d5f-bd37-b0d9230226ea}; c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea}.xpi
FF - ExtSQL: 2013-01-16 14:54; CookiesIE@yahoo.com; c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\extensions\CookiesIE@yahoo.com.xpi
FF - ExtSQL: 2013-01-16 22:20; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF - ExtSQL: 2013-01-16 22:42; {1018e4d6-728f-4b20-ad56-37578a4de76b}; c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - ExtSQL: 2013-01-16 22:44; ipfuck@p4ul.info; c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\extensions\ipfuck@p4ul.info.xpi
FF - ExtSQL: 2013-02-06 01:55; openlinkintab@piro.sakura.ne.jp; c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\extensions\openlinkintab@piro.sakura.ne.jp.xpi
FF - ExtSQL: 2013-02-06 02:03; tabutilslite@ithinc.cn; c:\users\Timah\AppData\Roaming\Mozilla\Firefox\Profiles\b2dbnecj.default\extensions\tabutilslite@ithinc.cn.xpi
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: content.notify.interval - 600000
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 2
FF - user.js: browser.search.openintab - true
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Nic se nezměnilo, omlouvám se asi to byl planý poplach. Ja jen že Emsisoft Anti-Malware tak chválili na netu že jde do hloubky, tak jsem si myslel že i Emsisoft Emergency Kit bude dobrý. Jinak díky za vaš čas. Timah

Já bych zase doporučil jako jednorázový skener MBAM: http://www.malwarebytes.org/mbam.php . Umí rovněž hloubkový test. Je ale lépe si pak nechat zkotrolavt log u nás. V minulosti se párkrát stalo, že měl chybou detekci. Odhalí prakticky vše, kromě rootkitů.

Nemáte zač!