PC-HELP.CZ

Zdravím mám takový problém asi 3 dny zpět mi psal kámoš na fb anglicky a posílal nějaký odkaz od te doby mi blbne internet a na fb prý rozesílám nějaké zprávy ...... prosím o pomoc děkuji

Ajaj, další důvěřivec co stahuje potřebné "flash playery" a "kodeky"... Jak je komunikace přes FB rychlá, tak informace o této formě viru se tam asi jaksi nedostala

Udělej scan v HJT a zrovna udělej:

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verze databáze: 7248

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.7.2011 12:24:31
mbam-log-2011-07-23 (12-24-23).txt

Typ: Rychlá kontrola
Kontrolované objekty: 168211
Uplynulý čas: 4 minut, 22 sekund

Infikované procesy v paměti: 10
Infikované moduly v paměti: 0
Infikované klíče v registru: 5
Infikované hodnoty v registru: 5
Infikované datové položky v registru: 0
Infikované složky: 1
Infikované soubory: 24

Infikované procesy v paměti:
c:\Windows\update.tray-8-0\svchost.exe (Trojan.Dropper) -> 2632 -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent) -> 2648 -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> 2656 -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> 2964 -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> 3040 -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> 2972 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2520 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2384 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2336 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2760 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované soubory:
c:\Windows\update.tray-8-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent) -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Roaming\dwm.exe (Trojan.Agent) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> No action taken.
c:\Windows\gbot111.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.

Ahoj,

v mbamu vše smaž.

Stahni CCleaner http://www.filehippo.com/download_cclea ... cbae6b492/
-nainstaluj (neinstaluj Yahoo toolbar)

-zvol záložku Čistič
-nechej v levém sloupečku zatrhnuté vše jak je a zmáčkni tlačítko analyzovat
-pak potvrď tlačítko Spustit Ccleaner
-tím se vyčistí počítač od dočasných soubborů, doporučuji pravidelně používat.

-vyber záložku registry
-klikni na tlačítko hledej problémy
-pak klikni na opravit vybrané problémy, potvrď, že chceš udělat zálohu a nech všechno opravit

Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.

ComboFix 11-07-23.04 - Šrot 24.07.2011 13:10:44.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2559.1573 [GMT 2:00]
Spuštěný z: c:\users\Őrot\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\rpcminer.rar
c:\windows\ufa.rar
c:\windows\update.2
c:\windows\update.5.0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-24 do 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-24 11:17 . 2011-07-24 11:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-24 10:05 . 2011-07-24 10:05 -------- d-----w- c:\program files (x86)\CCleaner
2011-07-23 23:41 . 2011-07-23 23:41 -------- d-----w- c:\users\Šrot\AppData\Local\Apps
2011-07-23 12:16 . 2011-07-23 12:16 -------- d-----w- c:\users\Šrot\AppData\Local\ATI
2011-07-23 09:23 . 2011-07-23 09:23 -------- d-----w- c:\users\Šrot\AppData\Roaming\Malwarebytes
2011-07-23 09:23 . 2011-07-23 09:23 -------- d-----w- c:\programdata\Malwarebytes
2011-07-23 09:23 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-23 09:22 . 2011-07-23 10:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-23 09:22 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 12:28 . 2011-07-22 12:54 -------- d-----w- c:\program files (x86)\Counter-Strike Source
2011-07-21 21:08 . 2011-07-21 21:08 -------- d-----w- c:\program files (x86)\Bomberman
2011-07-19 21:05 . 2011-07-23 21:46 -------- d-----w- c:\users\Šrot\AppData\Local\ElevatedDiagnostics
2011-07-18 09:56 . 2011-07-18 09:56 -------- d-----w- c:\users\Šrot\AppData\Local\Pando_Temp
2011-07-18 09:27 . 2011-07-21 11:21 -------- d-----w- c:\program files (x86)\Crawler
2011-07-16 12:38 . 2011-07-16 12:38 -------- d-----w- c:\programdata\ATI
2011-07-16 12:38 . 2011-07-16 12:38 -------- d-----w- c:\program files (x86)\AMD APP
2011-07-16 12:36 . 2011-07-16 12:36 -------- d-----w- c:\users\Default\AppData\Roaming\ATI
2011-07-16 12:36 . 2011-07-16 12:36 -------- d-----w- c:\users\Default\AppData\Local\ATI
2011-07-16 12:19 . 2011-07-16 12:19 -------- d-----w- c:\windows\phoenix
2011-07-16 12:19 . 2011-07-16 12:19 -------- d-----w- c:\windows\ufa
2011-07-16 12:19 . 2011-07-17 19:40 246272 ----a-w- c:\windows\unrar.exe
2011-07-16 12:15 . 2011-07-21 11:24 -------- d-----w- c:\windows\av_ico
2011-07-16 12:14 . 2011-07-23 23:14 -------- d--h--w- c:\windows\update.tray-8-0
2011-07-11 20:14 . 2011-07-11 22:01 78078224 ----a-w- C:\APB_Reloaded_Installer.exe
2011-07-11 20:14 . 2011-07-11 20:14 -------- d-----w- c:\users\Šrot\AppData\Local\GamersFirst LIVE!
2011-07-11 20:12 . 2011-07-12 11:08 -------- d-----w- c:\program files (x86)\GamersFirst
2011-07-11 16:04 . 2011-07-11 16:04 -------- d-----w- c:\program files\Speccy
2011-07-11 14:36 . 2011-07-11 14:36 -------- d-----w- c:\program files (x86)\EA Games
2011-07-11 14:24 . 2011-07-11 14:24 22 --sha-w- c:\users\Šrot\AppData\Roaming\Sys2662.Config.Repository.bin
2011-07-11 14:24 . 2011-07-18 09:46 -------- d-----w- c:\program files (x86)\jv16 PowerTools 2011
2011-07-11 13:50 . 2011-07-11 13:50 -------- d-----w- c:\programdata\Blizzard
2011-07-08 22:07 . 2011-07-23 22:30 -------- d-----w- c:\users\Šrot\AppData\Roaming\gtk-2.0
2011-07-08 22:07 . 2011-07-08 22:07 -------- d-----w- c:\users\Šrot\.thumbnails
2011-07-08 22:02 . 2011-07-23 22:29 -------- d-----w- c:\users\Šrot\.gimp-2.6
2011-07-08 22:01 . 2011-07-08 22:01 -------- d-----w- c:\program files (x86)\GIMP-2.0
2011-07-08 12:14 . 2011-07-08 12:14 -------- d-----w- c:\users\Šrot\AppData\Roaming\PunkBuster
2011-07-05 09:14 . 2011-07-05 09:19 -------- d-----w- c:\users\Šrot\AppData\Local\Ubisoft Game Launcher
2011-07-05 09:11 . 2011-07-08 12:35 -------- d-----w- c:\programdata\Ubisoft
2011-07-05 09:11 . 2011-07-05 09:11 -------- d-----w- c:\users\Šrot\AppData\Roaming\Ubisoft
2011-07-05 08:52 . 2011-07-08 12:02 -------- d-----w- c:\program files (x86)\Ubisoft
2011-06-30 13:25 . 2011-07-16 17:44 -------- d-----w- c:\users\Őrot
2011-06-30 12:01 . 2011-06-30 12:02 -------- d-----w- c:\users\Šrot\League of Legends
2011-06-30 11:39 . 2011-06-30 11:39 -------- d-----w- c:\users\Šrot\AppData\Roaming\Softpark
2011-06-30 11:12 . 2011-06-30 11:12 -------- d-----w- c:\windows\msagent
2011-06-30 11:12 . 2011-07-18 10:02 -------- d-----w- c:\program files (x86)\Virtual Hypnotist
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 09:25 . 2010-05-16 18:15 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-07-13 09:25 . 2010-05-16 18:11 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-07-12 13:17 . 2010-05-16 18:11 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-07-11 14:54 . 2010-05-16 18:11 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-07-01 14:11 . 2010-05-16 14:44 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-01 14:11 . 2010-05-16 14:44 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-25 04:26 . 2011-05-25 04:26 9359872 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-05-25 03:53 . 2011-05-25 03:53 23336960 ----a-w- c:\windows\system32\atio6axx.dll
2011-05-25 03:31 . 2011-05-25 03:31 17940992 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-05-25 03:07 . 2011-05-25 03:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-05-25 03:07 . 2011-05-25 03:07 688128 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-05-25 03:06 . 2011-03-09 04:55 811008 ----a-w- c:\windows\system32\aticfx64.dll
2011-05-25 03:04 . 2011-05-25 03:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 03:04 . 2011-05-25 03:04 485376 ----a-w- c:\windows\system32\atieclxx.exe
2011-05-25 03:03 . 2011-05-25 03:03 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-05-25 03:02 . 2011-05-25 03:02 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-05-25 03:02 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-05-25 03:02 . 2011-05-25 03:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-05-25 03:02 . 2011-05-25 03:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-05-25 03:01 . 2011-05-25 03:01 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-05-25 03:01 . 2011-05-25 03:01 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-05-25 03:01 . 2011-05-25 03:01 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-05-25 03:00 . 2011-05-25 03:00 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-05-25 02:59 . 2011-05-25 02:59 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-05-25 02:59 . 2011-05-25 02:59 3810816 ----a-w- c:\windows\system32\atiumd6a.dll
2011-05-25 02:58 . 2011-05-25 02:58 4219904 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-05-25 02:50 . 2011-05-25 02:50 4017152 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-05-25 02:49 . 2009-07-13 21:59 5008384 ----a-w- c:\windows\system32\atidxx64.dll
2011-05-25 02:47 . 2011-05-25 02:47 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-05-25 02:47 . 2011-05-25 02:47 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-05-25 02:47 . 2011-05-25 02:47 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-05-25 02:47 . 2011-05-25 02:47 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-05-25 02:47 . 2011-05-25 02:47 8489472 ----a-w- c:\windows\system32\aticaldd64.dll
2011-05-25 02:43 . 2011-05-25 02:43 6847488 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-05-25 02:39 . 2011-05-25 02:39 4330496 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-05-25 02:38 . 2011-05-25 02:38 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-05-25 02:38 . 2011-05-25 02:38 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-05-25 02:33 . 2011-05-25 02:33 5486592 ----a-w- c:\windows\system32\atiumd64.dll
2011-05-25 02:26 . 2011-05-25 02:26 366592 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-05-25 02:26 . 2011-05-25 02:26 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-05-25 02:25 . 2011-05-25 02:25 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-05-25 02:25 . 2011-05-25 02:25 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-05-25 02:25 . 2011-05-25 02:25 309760 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-05-25 02:24 . 2011-03-09 04:17 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-05-25 02:24 . 2011-05-25 02:24 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-05-25 02:24 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-05-25 02:24 . 2011-05-25 02:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-05-25 02:24 . 2011-05-25 02:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:19 . 2011-03-09 04:11 58880 ----a-w- c:\windows\system32\coinst.dll
2011-05-24 21:44 . 2011-05-24 21:44 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 16672768 ----a-w- c:\windows\system32\amdocl64.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-05-02 11:07 . 2011-05-02 11:07 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-26 17:52 . 2011-04-26 17:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2009-07-14 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2011-04-18 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-07-16_17.39.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-07-16 17:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-23 22:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-16 17:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-23 22:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-16 17:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-23 22:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 00:21 . 2009-07-14 01:41 88064 c:\windows\system32\WpdMtpUS.dll
+ 2001-12-31 22:02 . 2011-07-21 08:22 84290 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-05-16 14:38 . 2011-07-23 23:18 35112 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-23 23:18 33228 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:30 . 2011-07-19 17:34 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-07-16 12:37 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 00:06 . 2009-07-14 00:06 40448 c:\windows\system32\drivers\winusb.sys
+ 2010-07-07 09:26 . 2010-07-07 09:26 50696 c:\windows\system32\drivers\stflt.sys
+ 2009-07-14 04:46 . 2011-07-18 21:04 73016 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-05-16 15:21 . 2011-07-16 17:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-16 15:21 . 2011-07-24 11:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-16 15:21 . 2011-07-24 11:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-16 15:21 . 2011-07-16 17:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-16 14:17 . 2011-07-23 23:18 4274 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1662676032-305991344-2342897747-1000_UserData.bin
- 2011-07-16 17:39 . 2011-07-16 17:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-24 11:18 . 2011-07-24 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-13 23:36 . 2009-07-14 01:16 193024 c:\windows\SysWOW64\sppcomapi.dll
+ 2009-07-14 00:21 . 2009-07-14 01:41 297984 c:\windows\system32\WpdMtp.dll
+ 2011-04-17 15:25 . 2011-07-24 10:02 250680 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-13 23:36 . 2009-07-14 01:41 231936 c:\windows\system32\sppcomapi.dll
+ 2009-07-14 02:36 . 2011-07-22 12:46 770310 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-22 12:46 253586 c:\windows\system32\perfc009.dat
+ 2009-07-26 18:41 . 2011-07-22 12:46 273470 c:\windows\system32\perfc005.dat
- 2009-07-14 05:30 . 2011-07-16 12:37 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-07-19 17:34 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:38 . 2011-07-21 11:24 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:38 . 2010-05-16 14:07 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:01 . 2011-07-16 17:37 277780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-24 11:17 277780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-26 18:41 . 2011-07-22 12:46 1085550 c:\windows\system32\perfh005.dat
+ 2009-07-14 00:22 . 2009-07-14 01:41 1195008 c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
+ 2010-05-16 14:54 . 2011-07-24 11:17 1635280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-05-16 14:54 . 2011-07-16 17:38 1635280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 02:34 . 2011-07-12 11:21 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-07-19 14:38 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-05-16 399736]
"NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2011-06-02 38184]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-06-29 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2009-07-01 1435136]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-01 601088]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\ćrot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Messenger\Room\safedrv.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-20 136176]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-24 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe [2011-04-19 12:11]
.
2011-07-24 c:\windows\Tasks\AWC Startup.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2011-04-19 14:19]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-20 12:59]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-20 12:59]
.
.
--------- x86-64 -----------
.
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:63818
IE: Crawler Search - tbr:iemenu
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Counter-Strike: Source Texture Pack 1.00 - c:\program files (x86)\Counter-Strike Source\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1662676032-305991344-2342897747-1000\Software\SecuROM\License information*]
"datasecu"=hex:b7,f9,15,4c,ee,6a,02,bf,b1,12,49,05,1e,f1,9c,43,89,df,6a,43,41,
0f,89,cf,a1,15,b1,e9,b5,d6,70,35,43,6c,2c,d4,95,41,61,7f,14,b6,bc,46,34,ac,\
"rkeysecu"=hex:ae,c4,3f,0b,a2,db,62,ab,e6,e3,0d,9c,7b,2a,6c,2b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Celkový čas: 2011-07-24 13:23:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-24 11:23
.
Před spuštěním: Volných bajtů: 82 054 275 072
Po spuštění: Volných bajtů: 81 852 678 144
.
- - End Of File - - DEEC0596FEA2952D7B1F401F62A6E861

Tuto proxy používáš naschvál? 127.0.0.1:63818

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\users\Šrot\AppData\Local\Pando_Temp
c:\program files (x86)\Crawler
c:\windows\phoenix
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-8-0

File::
c:\windows\unrar.exe
c:\windows\system32\perfh009.dat
c:\windows\system32\perfc009.dat
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
c:\windows\Tasks\AWC AutoSweep.job
c:\windows\Tasks\AWC Startup.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000000

DDS::
uLocal Page = c:\windows\system32\blank.htm
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Toto otestuj na Virustotal
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
c:\windows\system32\user32.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

tuhle proxy naschvál nepoužívám :/

ComboFix 11-07-24.01 - Šrot 24.07.2011 19:12:55.6.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2559.1491 [GMT 2:00]
Spuštěný z: c:\users\Šrot\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Šrot\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfc009.dat"
"c:\windows\system32\perfh005.dat"
"c:\windows\system32\perfh009.dat"
"c:\windows\Tasks\AWC AutoSweep.job"
"c:\windows\Tasks\AWC Startup.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\Crawler\Toolbar\ctbr.dll
c:\program files (x86)\Crawler
c:\program files (x86)\Crawler\Toolbar\adrkeys.dat
c:\program files (x86)\Crawler\Toolbar\confirm.dat
c:\program files (x86)\Crawler\Toolbar\ctbcomm.dll
c:\program files (x86)\Crawler\Toolbar\ctbr.dll
c:\program files (x86)\Crawler\Toolbar\CTConf.dat
c:\program files (x86)\Crawler\Toolbar\CTipsDef.dll
c:\program files (x86)\Crawler\Toolbar\CToolbar.exe
c:\program files (x86)\Crawler\Toolbar\CUpdate.exe
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_CS.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_DA.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_DE.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_EN.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_ES.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_FF.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_FR.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_IT.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_NL.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_PT-BR.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_PT.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_RU.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_SR.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_CS.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_DA.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_DE.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_EN.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_ES.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_FR.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_IT.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_NL.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_PL.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_PT-BR.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_PT.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_RU.cab
c:\program files (x86)\Crawler\Toolbar\lookfor.dat
c:\program files (x86)\Crawler\Toolbar\majorse.dat
c:\program files (x86)\Crawler\Toolbar\rootmenu.dat
c:\program files (x86)\Crawler\Toolbar\services.dat
c:\program files (x86)\Crawler\Toolbar\STWSGLanguageAct\info.ini
c:\program files (x86)\Crawler\Toolbar\STWSGLanguageAct\language.ini
c:\program files (x86)\Crawler\Toolbar\TBR5LanguageAct\info.ini
c:\program files (x86)\Crawler\Toolbar\TBR5LanguageAct\language.ini
c:\program files (x86)\Crawler\Toolbar\Update\domains.cab
c:\program files (x86)\Crawler\Toolbar\WebSecurityGuard.dll
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_000.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_000_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_001.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_001_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_002.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_002_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_003.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_003_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_004.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_004_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_005.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_005_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_006.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_006_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_007.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_007_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_008.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_008_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_009.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_009_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_010.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_010_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_011.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_011_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_012.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_012_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_013.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_013_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_014.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_014_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_015.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_015_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_016.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_016_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_017.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_017_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_018.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_018_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_019.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_019_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_020.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_020_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_021.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_021_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_022.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_022_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_023.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_023_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_024.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_024_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_025.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_025_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_026.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_026_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_027.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_027_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_028.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_028_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_029.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_029_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_030.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_030_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_031.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_031_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_032.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_032_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_033.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_033_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_034.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_034_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_035.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_035_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_036.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_036_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_037.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_037_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_038.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_038_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_039.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_039_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_040.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_040_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_041.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_041_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\index.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\TopList.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\wfilter.dat
c:\windows\av_ico
c:\windows\av_ico\ico_avira_start.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\7cb0f166249a395018a0ba29499be869.elf
c:\windows\phoenix\kernels\phatk\84f949cbbea81fc16797f949f4b8dbd2.elf
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\20d144adcba2016014ae500df5ed9ed7.elf
c:\windows\phoenix\kernels\poclbm\56546a11f1f10a1e3d10e931c71cb1a2.elf
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
c:\windows\Tasks\AWC AutoSweep.job
c:\windows\Tasks\AWC Startup.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-8-0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-24 do 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-24 17:19 . 2011-07-24 17:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-07-24 17:19 . 2011-07-24 17:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-24 17:11 . 2011-07-24 17:11 -------- d-----w- C:\32788R22FWJFW
2011-07-24 10:05 . 2011-07-24 10:05 -------- d-----w- c:\program files (x86)\CCleaner
2011-07-23 23:41 . 2011-07-23 23:41 -------- d-----w- c:\users\Šrot\AppData\Local\Apps
2011-07-23 12:16 . 2011-07-23 12:16 -------- d-----w- c:\users\Šrot\AppData\Local\ATI
2011-07-23 09:23 . 2011-07-23 09:23 -------- d-----w- c:\users\Šrot\AppData\Roaming\Malwarebytes
2011-07-23 09:23 . 2011-07-23 09:23 -------- d-----w- c:\programdata\Malwarebytes
2011-07-23 09:23 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-23 09:22 . 2011-07-23 10:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-23 09:22 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 12:28 . 2011-07-22 12:54 -------- d-----w- c:\program files (x86)\Counter-Strike Source
2011-07-21 21:08 . 2011-07-21 21:08 -------- d-----w- c:\program files (x86)\Bomberman
2011-07-19 21:05 . 2011-07-23 21:46 -------- d-----w- c:\users\Šrot\AppData\Local\ElevatedDiagnostics
2011-07-18 09:56 . 2011-07-18 09:56 -------- d-----w- c:\users\Šrot\AppData\Local\Pando_Temp
2011-07-16 12:38 . 2011-07-16 12:38 -------- d-----w- c:\programdata\ATI
2011-07-16 12:38 . 2011-07-16 12:38 -------- d-----w- c:\program files (x86)\AMD APP
2011-07-16 12:36 . 2011-07-16 12:36 -------- d-----w- c:\users\Default\AppData\Roaming\ATI
2011-07-16 12:36 . 2011-07-16 12:36 -------- d-----w- c:\users\Default\AppData\Local\ATI
2011-07-11 20:14 . 2011-07-11 22:01 78078224 ----a-w- C:\APB_Reloaded_Installer.exe
2011-07-11 20:14 . 2011-07-11 20:14 -------- d-----w- c:\users\Šrot\AppData\Local\GamersFirst LIVE!
2011-07-11 20:12 . 2011-07-12 11:08 -------- d-----w- c:\program files (x86)\GamersFirst
2011-07-11 16:04 . 2011-07-11 16:04 -------- d-----w- c:\program files\Speccy
2011-07-11 14:36 . 2011-07-11 14:36 -------- d-----w- c:\program files (x86)\EA Games
2011-07-11 14:24 . 2011-07-11 14:24 22 --sha-w- c:\users\Šrot\AppData\Roaming\Sys2662.Config.Repository.bin
2011-07-11 14:24 . 2011-07-18 09:46 -------- d-----w- c:\program files (x86)\jv16 PowerTools 2011
2011-07-11 13:50 . 2011-07-11 13:50 -------- d-----w- c:\programdata\Blizzard
2011-07-08 22:07 . 2011-07-23 22:30 -------- d-----w- c:\users\Šrot\AppData\Roaming\gtk-2.0
2011-07-08 22:07 . 2011-07-08 22:07 -------- d-----w- c:\users\Šrot\.thumbnails
2011-07-08 22:02 . 2011-07-23 22:29 -------- d-----w- c:\users\Šrot\.gimp-2.6
2011-07-08 22:01 . 2011-07-08 22:01 -------- d-----w- c:\program files (x86)\GIMP-2.0
2011-07-08 12:14 . 2011-07-08 12:14 -------- d-----w- c:\users\Šrot\AppData\Roaming\PunkBuster
2011-07-05 09:14 . 2011-07-05 09:19 -------- d-----w- c:\users\Šrot\AppData\Local\Ubisoft Game Launcher
2011-07-05 09:11 . 2011-07-08 12:35 -------- d-----w- c:\programdata\Ubisoft
2011-07-05 09:11 . 2011-07-05 09:11 -------- d-----w- c:\users\Šrot\AppData\Roaming\Ubisoft
2011-07-05 08:52 . 2011-07-08 12:02 -------- d-----w- c:\program files (x86)\Ubisoft
2011-06-30 13:25 . 2011-07-16 17:44 -------- d-----w- c:\users\Őrot
2011-06-30 12:01 . 2011-06-30 12:02 -------- d-----w- c:\users\Šrot\League of Legends
2011-06-30 11:39 . 2011-06-30 11:39 -------- d-----w- c:\users\Šrot\AppData\Roaming\Softpark
2011-06-30 11:12 . 2011-06-30 11:12 -------- d-----w- c:\windows\msagent
2011-06-30 11:12 . 2011-07-18 10:02 -------- d-----w- c:\program files (x86)\Virtual Hypnotist
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 09:25 . 2010-05-16 18:15 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-07-13 09:25 . 2010-05-16 18:11 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-07-12 13:17 . 2010-05-16 18:11 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-07-11 14:54 . 2010-05-16 18:11 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-07-01 14:11 . 2010-05-16 14:44 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-01 14:11 . 2010-05-16 14:44 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-25 04:26 . 2011-05-25 04:26 9359872 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-05-25 03:53 . 2011-05-25 03:53 23336960 ----a-w- c:\windows\system32\atio6axx.dll
2011-05-25 03:31 . 2011-05-25 03:31 17940992 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-05-25 03:07 . 2011-05-25 03:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-05-25 03:07 . 2011-05-25 03:07 688128 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-05-25 03:06 . 2011-03-09 04:55 811008 ----a-w- c:\windows\system32\aticfx64.dll
2011-05-25 03:04 . 2011-05-25 03:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 03:04 . 2011-05-25 03:04 485376 ----a-w- c:\windows\system32\atieclxx.exe
2011-05-25 03:03 . 2011-05-25 03:03 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-05-25 03:02 . 2011-05-25 03:02 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-05-25 03:02 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-05-25 03:02 . 2011-05-25 03:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-05-25 03:02 . 2011-05-25 03:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-05-25 03:01 . 2011-05-25 03:01 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-05-25 03:01 . 2011-05-25 03:01 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-05-25 03:01 . 2011-05-25 03:01 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-05-25 03:00 . 2011-05-25 03:00 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-05-25 02:59 . 2011-05-25 02:59 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-05-25 02:59 . 2011-05-25 02:59 3810816 ----a-w- c:\windows\system32\atiumd6a.dll
2011-05-25 02:58 . 2011-05-25 02:58 4219904 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-05-25 02:50 . 2011-05-25 02:50 4017152 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-05-25 02:49 . 2009-07-13 21:59 5008384 ----a-w- c:\windows\system32\atidxx64.dll
2011-05-25 02:47 . 2011-05-25 02:47 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-05-25 02:47 . 2011-05-25 02:47 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-05-25 02:47 . 2011-05-25 02:47 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-05-25 02:47 . 2011-05-25 02:47 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-05-25 02:47 . 2011-05-25 02:47 8489472 ----a-w- c:\windows\system32\aticaldd64.dll
2011-05-25 02:43 . 2011-05-25 02:43 6847488 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-05-25 02:39 . 2011-05-25 02:39 4330496 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-05-25 02:38 . 2011-05-25 02:38 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-05-25 02:38 . 2011-05-25 02:38 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-05-25 02:33 . 2011-05-25 02:33 5486592 ----a-w- c:\windows\system32\atiumd64.dll
2011-05-25 02:26 . 2011-05-25 02:26 366592 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-05-25 02:26 . 2011-05-25 02:26 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-05-25 02:25 . 2011-05-25 02:25 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-05-25 02:25 . 2011-05-25 02:25 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-05-25 02:25 . 2011-05-25 02:25 309760 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-05-25 02:24 . 2011-03-09 04:17 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-05-25 02:24 . 2011-05-25 02:24 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-05-25 02:24 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-05-25 02:24 . 2011-05-25 02:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-05-25 02:24 . 2011-05-25 02:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:19 . 2011-03-09 04:11 58880 ----a-w- c:\windows\system32\coinst.dll
2011-05-24 21:44 . 2011-05-24 21:44 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 16672768 ----a-w- c:\windows\system32\amdocl64.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-05-02 11:07 . 2011-05-02 11:07 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-26 17:52 . 2011-04-26 17:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2009-07-14 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2011-04-18 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-07-16_17.39.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-07-16 17:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-23 22:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-16 17:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-23 22:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-23 22:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-16 17:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 00:21 . 2009-07-14 01:41 88064 c:\windows\system32\WpdMtpUS.dll
+ 2001-12-31 22:02 . 2011-07-21 08:22 84290 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-05-16 14:38 . 2011-07-24 17:05 35582 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:30 . 2011-07-19 17:34 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-07-16 12:37 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 00:06 . 2009-07-14 00:06 40448 c:\windows\system32\drivers\winusb.sys
+ 2010-07-07 09:26 . 2010-07-07 09:26 50696 c:\windows\system32\drivers\stflt.sys
+ 2010-05-16 14:13 . 2011-07-24 12:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-16 14:13 . 2011-07-16 12:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-16 14:13 . 2011-07-16 12:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-16 14:13 . 2011-07-24 12:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-24 12:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-16 12:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-07-18 21:04 73016 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-05-16 15:21 . 2011-07-16 17:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-16 15:21 . 2011-07-24 17:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-16 15:21 . 2011-07-16 17:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-16 15:21 . 2011-07-24 17:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-16 17:39 . 2011-07-16 17:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-24 17:21 . 2011-07-24 17:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-24 17:21 . 2011-07-24 17:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-16 17:39 . 2011-07-16 17:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-13 23:36 . 2009-07-14 01:16 193024 c:\windows\SysWOW64\sppcomapi.dll
+ 2009-07-14 00:21 . 2009-07-14 01:41 297984 c:\windows\system32\WpdMtp.dll
+ 2011-04-17 15:25 . 2011-07-24 16:39 251256 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-13 23:36 . 2009-07-14 01:41 231936 c:\windows\system32\sppcomapi.dll
+ 2009-07-14 02:36 . 2011-07-22 12:46 770310 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-22 12:46 253586 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2011-07-16 12:37 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-07-19 17:34 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:38 . 2010-05-16 14:07 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2011-07-21 11:24 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:01 . 2011-07-16 17:37 277780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-24 17:20 277780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 00:22 . 2009-07-14 01:41 1195008 c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
- 2010-05-16 14:54 . 2011-07-16 17:38 1635280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-05-16 14:54 . 2011-07-24 17:20 1635280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 02:34 . 2011-07-12 11:21 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-07-24 16:49 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-05-16 399736]
"NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2011-06-02 38184]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-06-29 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2009-07-01 1435136]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-01 601088]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\ćrot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-20 136176]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Messenger\Room\safedrv.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
.
--------- x86-64 -----------
.
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:63818
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-CToolbar_UNINSTALL - c:\progra~2\Crawler\Toolbar\CToolbar.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1662676032-305991344-2342897747-1000\Software\SecuROM\License information*]
"datasecu"=hex:b7,f9,15,4c,ee,6a,02,bf,b1,12,49,05,1e,f1,9c,43,89,df,6a,43,41,
0f,89,cf,a1,15,b1,e9,b5,d6,70,35,43,6c,2c,d4,95,41,61,7f,14,b6,bc,46,34,ac,\
"rkeysecu"=hex:ae,c4,3f,0b,a2,db,62,ab,e6,e3,0d,9c,7b,2a,6c,2b
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe
c:\program files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\users\c:\users\c:\users\c:\users\c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2011-07-24 19:25:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-24 17:25
ComboFix2.txt 2011-07-24 11:23
.
Před spuštěním: Volných bajtů: 78 852 026 368
Po spuštění: Volných bajtů: 78 755 807 232
.
- - End Of File - - 4945B856E49D827FAA1736D3E055E4A6

Scan s VIrusTotal
1.http://www.virustotal.com/file-scan/rep ... 1311528751
2.http://www.virustotal.com/file-scan/rep ... 1311527866

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
C:\32788R22FWJFW

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:63818

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

ComboFix 11-07-24.01 - Šrot 24.07.2011 19:59:58.7.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2559.1625 [GMT 2:00]
Spuštěný z: c:\users\Őrot\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Őrot\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-24 do 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-24 18:05 . 2011-07-24 18:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-07-24 18:05 . 2011-07-24 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-24 10:05 . 2011-07-24 10:05 -------- d-----w- c:\program files (x86)\CCleaner
2011-07-23 23:41 . 2011-07-23 23:41 -------- d-----w- c:\users\Šrot\AppData\Local\Apps
2011-07-23 12:16 . 2011-07-23 12:16 -------- d-----w- c:\users\Šrot\AppData\Local\ATI
2011-07-23 09:23 . 2011-07-23 09:23 -------- d-----w- c:\users\Šrot\AppData\Roaming\Malwarebytes
2011-07-23 09:23 . 2011-07-23 09:23 -------- d-----w- c:\programdata\Malwarebytes
2011-07-23 09:23 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-23 09:22 . 2011-07-23 10:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-23 09:22 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 12:28 . 2011-07-22 12:54 -------- d-----w- c:\program files (x86)\Counter-Strike Source
2011-07-21 21:08 . 2011-07-21 21:08 -------- d-----w- c:\program files (x86)\Bomberman
2011-07-19 21:05 . 2011-07-23 21:46 -------- d-----w- c:\users\Šrot\AppData\Local\ElevatedDiagnostics
2011-07-18 09:56 . 2011-07-18 09:56 -------- d-----w- c:\users\Šrot\AppData\Local\Pando_Temp
2011-07-16 12:38 . 2011-07-16 12:38 -------- d-----w- c:\programdata\ATI
2011-07-16 12:38 . 2011-07-16 12:38 -------- d-----w- c:\program files (x86)\AMD APP
2011-07-16 12:36 . 2011-07-16 12:36 -------- d-----w- c:\users\Default\AppData\Roaming\ATI
2011-07-16 12:36 . 2011-07-16 12:36 -------- d-----w- c:\users\Default\AppData\Local\ATI
2011-07-11 20:14 . 2011-07-11 22:01 78078224 ----a-w- C:\APB_Reloaded_Installer.exe
2011-07-11 20:14 . 2011-07-11 20:14 -------- d-----w- c:\users\Šrot\AppData\Local\GamersFirst LIVE!
2011-07-11 20:12 . 2011-07-12 11:08 -------- d-----w- c:\program files (x86)\GamersFirst
2011-07-11 16:04 . 2011-07-11 16:04 -------- d-----w- c:\program files\Speccy
2011-07-11 14:36 . 2011-07-11 14:36 -------- d-----w- c:\program files (x86)\EA Games
2011-07-11 14:24 . 2011-07-11 14:24 22 --sha-w- c:\users\Šrot\AppData\Roaming\Sys2662.Config.Repository.bin
2011-07-11 14:24 . 2011-07-18 09:46 -------- d-----w- c:\program files (x86)\jv16 PowerTools 2011
2011-07-11 13:50 . 2011-07-11 13:50 -------- d-----w- c:\programdata\Blizzard
2011-07-08 22:07 . 2011-07-23 22:30 -------- d-----w- c:\users\Šrot\AppData\Roaming\gtk-2.0
2011-07-08 22:07 . 2011-07-08 22:07 -------- d-----w- c:\users\Šrot\.thumbnails
2011-07-08 22:02 . 2011-07-23 22:29 -------- d-----w- c:\users\Šrot\.gimp-2.6
2011-07-08 22:01 . 2011-07-08 22:01 -------- d-----w- c:\program files (x86)\GIMP-2.0
2011-07-08 12:14 . 2011-07-08 12:14 -------- d-----w- c:\users\Šrot\AppData\Roaming\PunkBuster
2011-07-05 09:14 . 2011-07-05 09:19 -------- d-----w- c:\users\Šrot\AppData\Local\Ubisoft Game Launcher
2011-07-05 09:11 . 2011-07-08 12:35 -------- d-----w- c:\programdata\Ubisoft
2011-07-05 09:11 . 2011-07-05 09:11 -------- d-----w- c:\users\Šrot\AppData\Roaming\Ubisoft
2011-07-05 08:52 . 2011-07-08 12:02 -------- d-----w- c:\program files (x86)\Ubisoft
2011-06-30 13:25 . 2011-07-16 17:44 -------- d-----w- c:\users\Őrot
2011-06-30 12:01 . 2011-06-30 12:02 -------- d-----w- c:\users\Šrot\League of Legends
2011-06-30 11:39 . 2011-06-30 11:39 -------- d-----w- c:\users\Šrot\AppData\Roaming\Softpark
2011-06-30 11:12 . 2011-06-30 11:12 -------- d-----w- c:\windows\msagent
2011-06-30 11:12 . 2011-07-18 10:02 -------- d-----w- c:\program files (x86)\Virtual Hypnotist
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 09:25 . 2010-05-16 18:15 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-07-13 09:25 . 2010-05-16 18:11 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-07-12 13:17 . 2010-05-16 18:11 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-07-11 14:54 . 2010-05-16 18:11 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-07-01 14:11 . 2010-05-16 14:44 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-01 14:11 . 2010-05-16 14:44 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-25 04:26 . 2011-05-25 04:26 9359872 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-05-25 03:53 . 2011-05-25 03:53 23336960 ----a-w- c:\windows\system32\atio6axx.dll
2011-05-25 03:31 . 2011-05-25 03:31 17940992 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-05-25 03:07 . 2011-05-25 03:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-05-25 03:07 . 2011-05-25 03:07 688128 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-05-25 03:06 . 2011-03-09 04:55 811008 ----a-w- c:\windows\system32\aticfx64.dll
2011-05-25 03:04 . 2011-05-25 03:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 03:04 . 2011-05-25 03:04 485376 ----a-w- c:\windows\system32\atieclxx.exe
2011-05-25 03:03 . 2011-05-25 03:03 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-05-25 03:02 . 2011-05-25 03:02 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-05-25 03:02 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-05-25 03:02 . 2011-05-25 03:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-05-25 03:02 . 2011-05-25 03:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-05-25 03:01 . 2011-05-25 03:01 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-05-25 03:01 . 2011-05-25 03:01 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-05-25 03:01 . 2011-05-25 03:01 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-05-25 03:00 . 2011-05-25 03:00 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-05-25 02:59 . 2011-05-25 02:59 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-05-25 02:59 . 2011-05-25 02:59 3810816 ----a-w- c:\windows\system32\atiumd6a.dll
2011-05-25 02:58 . 2011-05-25 02:58 4219904 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-05-25 02:50 . 2011-05-25 02:50 4017152 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-05-25 02:49 . 2009-07-13 21:59 5008384 ----a-w- c:\windows\system32\atidxx64.dll
2011-05-25 02:47 . 2011-05-25 02:47 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-05-25 02:47 . 2011-05-25 02:47 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-05-25 02:47 . 2011-05-25 02:47 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-05-25 02:47 . 2011-05-25 02:47 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-05-25 02:47 . 2011-05-25 02:47 8489472 ----a-w- c:\windows\system32\aticaldd64.dll
2011-05-25 02:43 . 2011-05-25 02:43 6847488 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-05-25 02:39 . 2011-05-25 02:39 4330496 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-05-25 02:38 . 2011-05-25 02:38 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-05-25 02:38 . 2011-05-25 02:38 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-05-25 02:33 . 2011-05-25 02:33 5486592 ----a-w- c:\windows\system32\atiumd64.dll
2011-05-25 02:26 . 2011-05-25 02:26 366592 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-05-25 02:26 . 2011-05-25 02:26 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-05-25 02:25 . 2011-05-25 02:25 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-05-25 02:25 . 2011-05-25 02:25 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-05-25 02:25 . 2011-05-25 02:25 309760 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-05-25 02:24 . 2011-03-09 04:17 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-05-25 02:24 . 2011-05-25 02:24 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-05-25 02:24 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-05-25 02:24 . 2011-05-25 02:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-05-25 02:24 . 2011-05-25 02:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:19 . 2011-03-09 04:11 58880 ----a-w- c:\windows\system32\coinst.dll
2011-05-24 21:44 . 2011-05-24 21:44 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 16672768 ----a-w- c:\windows\system32\amdocl64.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-05-02 11:07 . 2011-05-02 11:07 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-26 17:52 . 2011-04-26 17:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2009-07-14 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2011-04-18 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-07-16_17.39.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-07-16 17:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-23 22:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-23 22:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-16 17:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-16 17:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-23 22:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 00:21 . 2009-07-14 01:41 88064 c:\windows\system32\WpdMtpUS.dll
+ 2001-12-31 22:02 . 2011-07-21 08:22 84290 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-05-16 14:38 . 2011-07-24 17:22 35760 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-24 17:22 14280 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:30 . 2011-07-19 17:34 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-07-16 12:37 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 00:06 . 2009-07-14 00:06 40448 c:\windows\system32\drivers\winusb.sys
+ 2010-07-07 09:26 . 2010-07-07 09:26 50696 c:\windows\system32\drivers\stflt.sys
+ 2010-05-16 14:13 . 2011-07-24 12:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-16 14:13 . 2011-07-16 12:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-16 14:13 . 2011-07-16 12:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-16 14:13 . 2011-07-24 12:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-16 12:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-24 12:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-07-18 21:04 73016 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-05-16 15:21 . 2011-07-24 17:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-16 15:21 . 2011-07-16 17:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-16 15:21 . 2011-07-24 17:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-16 15:21 . 2011-07-16 17:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-24 18:06 . 2011-07-24 18:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-16 17:39 . 2011-07-16 17:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-16 17:39 . 2011-07-16 17:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-24 18:06 . 2011-07-24 18:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-13 23:36 . 2009-07-14 01:16 193024 c:\windows\SysWOW64\sppcomapi.dll
+ 2009-07-14 00:21 . 2009-07-14 01:41 297984 c:\windows\system32\WpdMtp.dll
+ 2011-04-17 15:25 . 2011-07-24 16:39 251256 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-13 23:36 . 2009-07-14 01:41 231936 c:\windows\system32\sppcomapi.dll
+ 2009-07-14 02:36 . 2011-07-22 12:46 770310 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-22 12:46 253586 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2011-07-16 12:37 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-07-19 17:34 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:38 . 2010-05-16 14:07 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2011-07-21 11:24 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:01 . 2011-07-16 17:37 277780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-24 18:05 277780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 00:22 . 2009-07-14 01:41 1195008 c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
+ 2010-05-16 14:54 . 2011-07-24 17:20 1635280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-05-16 14:54 . 2011-07-16 17:38 1635280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 02:34 . 2011-07-24 16:49 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-07-12 11:21 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-05-16 399736]
"NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2011-06-02 38184]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-06-29 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2009-07-01 1435136]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-01 601088]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\ćrot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Messenger\Room\safedrv.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-20 136176]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
.
--------- x86-64 -----------
.
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:63818
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1662676032-305991344-2342897747-1000\Software\SecuROM\License information*]
"datasecu"=hex:b7,f9,15,4c,ee,6a,02,bf,b1,12,49,05,1e,f1,9c,43,89,df,6a,43,41,
0f,89,cf,a1,15,b1,e9,b5,d6,70,35,43,6c,2c,d4,95,41,61,7f,14,b6,bc,46,34,ac,\
"rkeysecu"=hex:ae,c4,3f,0b,a2,db,62,ab,e6,e3,0d,9c,7b,2a,6c,2b
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe
c:\program files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Celkový čas: 2011-07-24 20:10:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-24 18:10
ComboFix2.txt 2011-07-24 17:25
ComboFix3.txt 2011-07-24 11:23
.
Před spuštěním: Volných bajtů: 78 783 131 648
Po spuštění: Volných bajtů: 78 755 000 320
.
- - End Of File - - 9006508C21B31B6623BEDA47142A6CDA

Proxy nezmizela

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:63818

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

ComboFix 11-07-24.01 - Šrot 24.07.2011 20:31:33.8.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2559.1587 [GMT 2:00]
Spuštěný z: c:\users\Őrot\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Őrot\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-24 do 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-24 18:36 . 2011-07-24 18:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-07-24 18:36 . 2011-07-24 18:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-24 10:05 . 2011-07-24 10:05 -------- d-----w- c:\program files (x86)\CCleaner
2011-07-23 23:41 . 2011-07-23 23:41 -------- d-----w- c:\users\Šrot\AppData\Local\Apps
2011-07-23 12:16 . 2011-07-23 12:16 -------- d-----w- c:\users\Šrot\AppData\Local\ATI
2011-07-23 09:23 . 2011-07-23 09:23 -------- d-----w- c:\users\Šrot\AppData\Roaming\Malwarebytes
2011-07-23 09:23 . 2011-07-23 09:23 -------- d-----w- c:\programdata\Malwarebytes
2011-07-23 09:23 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-23 09:22 . 2011-07-23 10:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-23 09:22 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 12:28 . 2011-07-22 12:54 -------- d-----w- c:\program files (x86)\Counter-Strike Source
2011-07-21 21:08 . 2011-07-21 21:08 -------- d-----w- c:\program files (x86)\Bomberman
2011-07-19 21:05 . 2011-07-23 21:46 -------- d-----w- c:\users\Šrot\AppData\Local\ElevatedDiagnostics
2011-07-18 09:56 . 2011-07-18 09:56 -------- d-----w- c:\users\Šrot\AppData\Local\Pando_Temp
2011-07-16 12:38 . 2011-07-16 12:38 -------- d-----w- c:\programdata\ATI
2011-07-16 12:38 . 2011-07-16 12:38 -------- d-----w- c:\program files (x86)\AMD APP
2011-07-16 12:36 . 2011-07-16 12:36 -------- d-----w- c:\users\Default\AppData\Roaming\ATI
2011-07-16 12:36 . 2011-07-16 12:36 -------- d-----w- c:\users\Default\AppData\Local\ATI
2011-07-11 20:14 . 2011-07-11 22:01 78078224 ----a-w- C:\APB_Reloaded_Installer.exe
2011-07-11 20:14 . 2011-07-11 20:14 -------- d-----w- c:\users\Šrot\AppData\Local\GamersFirst LIVE!
2011-07-11 20:12 . 2011-07-12 11:08 -------- d-----w- c:\program files (x86)\GamersFirst
2011-07-11 16:04 . 2011-07-11 16:04 -------- d-----w- c:\program files\Speccy
2011-07-11 14:36 . 2011-07-11 14:36 -------- d-----w- c:\program files (x86)\EA Games
2011-07-11 14:24 . 2011-07-11 14:24 22 --sha-w- c:\users\Šrot\AppData\Roaming\Sys2662.Config.Repository.bin
2011-07-11 14:24 . 2011-07-18 09:46 -------- d-----w- c:\program files (x86)\jv16 PowerTools 2011
2011-07-11 13:50 . 2011-07-11 13:50 -------- d-----w- c:\programdata\Blizzard
2011-07-08 22:07 . 2011-07-23 22:30 -------- d-----w- c:\users\Šrot\AppData\Roaming\gtk-2.0
2011-07-08 22:07 . 2011-07-08 22:07 -------- d-----w- c:\users\Šrot\.thumbnails
2011-07-08 22:02 . 2011-07-23 22:29 -------- d-----w- c:\users\Šrot\.gimp-2.6
2011-07-08 22:01 . 2011-07-08 22:01 -------- d-----w- c:\program files (x86)\GIMP-2.0
2011-07-08 12:14 . 2011-07-08 12:14 -------- d-----w- c:\users\Šrot\AppData\Roaming\PunkBuster
2011-07-05 09:14 . 2011-07-05 09:19 -------- d-----w- c:\users\Šrot\AppData\Local\Ubisoft Game Launcher
2011-07-05 09:11 . 2011-07-08 12:35 -------- d-----w- c:\programdata\Ubisoft
2011-07-05 09:11 . 2011-07-05 09:11 -------- d-----w- c:\users\Šrot\AppData\Roaming\Ubisoft
2011-07-05 08:52 . 2011-07-08 12:02 -------- d-----w- c:\program files (x86)\Ubisoft
2011-06-30 13:25 . 2011-07-16 17:44 -------- d-----w- c:\users\Őrot
2011-06-30 12:01 . 2011-06-30 12:02 -------- d-----w- c:\users\Šrot\League of Legends
2011-06-30 11:39 . 2011-06-30 11:39 -------- d-----w- c:\users\Šrot\AppData\Roaming\Softpark
2011-06-30 11:12 . 2011-06-30 11:12 -------- d-----w- c:\windows\msagent
2011-06-30 11:12 . 2011-07-18 10:02 -------- d-----w- c:\program files (x86)\Virtual Hypnotist
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 09:25 . 2010-05-16 18:15 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-07-13 09:25 . 2010-05-16 18:11 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-07-12 13:17 . 2010-05-16 18:11 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-07-11 14:54 . 2010-05-16 18:11 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-07-01 14:11 . 2010-05-16 14:44 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-01 14:11 . 2010-05-16 14:44 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-25 04:26 . 2011-05-25 04:26 9359872 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-05-25 03:53 . 2011-05-25 03:53 23336960 ----a-w- c:\windows\system32\atio6axx.dll
2011-05-25 03:31 . 2011-05-25 03:31 17940992 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-05-25 03:07 . 2011-05-25 03:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-05-25 03:07 . 2011-05-25 03:07 688128 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-05-25 03:06 . 2011-03-09 04:55 811008 ----a-w- c:\windows\system32\aticfx64.dll
2011-05-25 03:04 . 2011-05-25 03:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 03:04 . 2011-05-25 03:04 485376 ----a-w- c:\windows\system32\atieclxx.exe
2011-05-25 03:03 . 2011-05-25 03:03 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-05-25 03:02 . 2011-05-25 03:02 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-05-25 03:02 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-05-25 03:02 . 2011-05-25 03:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-05-25 03:02 . 2011-05-25 03:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-05-25 03:01 . 2011-05-25 03:01 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-05-25 03:01 . 2011-05-25 03:01 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-05-25 03:01 . 2011-05-25 03:01 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-05-25 03:00 . 2011-05-25 03:00 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-05-25 02:59 . 2011-05-25 02:59 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-05-25 02:59 . 2011-05-25 02:59 3810816 ----a-w- c:\windows\system32\atiumd6a.dll
2011-05-25 02:58 . 2011-05-25 02:58 4219904 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-05-25 02:50 . 2011-05-25 02:50 4017152 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-05-25 02:49 . 2009-07-13 21:59 5008384 ----a-w- c:\windows\system32\atidxx64.dll
2011-05-25 02:47 . 2011-05-25 02:47 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-05-25 02:47 . 2011-05-25 02:47 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-05-25 02:47 . 2011-05-25 02:47 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-05-25 02:47 . 2011-05-25 02:47 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-05-25 02:47 . 2011-05-25 02:47 8489472 ----a-w- c:\windows\system32\aticaldd64.dll
2011-05-25 02:43 . 2011-05-25 02:43 6847488 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-05-25 02:39 . 2011-05-25 02:39 4330496 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-05-25 02:38 . 2011-05-25 02:38 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-05-25 02:38 . 2011-05-25 02:38 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-05-25 02:33 . 2011-05-25 02:33 5486592 ----a-w- c:\windows\system32\atiumd64.dll
2011-05-25 02:26 . 2011-05-25 02:26 366592 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-05-25 02:26 . 2011-05-25 02:26 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-05-25 02:25 . 2011-05-25 02:25 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-05-25 02:25 . 2011-05-25 02:25 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-05-25 02:25 . 2011-05-25 02:25 309760 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-05-25 02:24 . 2011-03-09 04:17 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-05-25 02:24 . 2011-05-25 02:24 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-05-25 02:24 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-05-25 02:24 . 2011-05-25 02:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-05-25 02:24 . 2011-05-25 02:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:19 . 2011-03-09 04:11 58880 ----a-w- c:\windows\system32\coinst.dll
2011-05-24 21:44 . 2011-05-24 21:44 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 16672768 ----a-w- c:\windows\system32\amdocl64.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-05-02 11:07 . 2011-05-02 11:07 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-26 17:52 . 2011-04-26 17:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2009-07-14 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2011-04-18 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-07-16_17.39.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-07-23 22:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-16 17:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-16 17:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-23 22:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-23 22:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-16 17:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 00:21 . 2009-07-14 01:41 88064 c:\windows\system32\WpdMtpUS.dll
+ 2001-12-31 22:02 . 2011-07-21 08:22 84290 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-05-16 14:38 . 2011-07-24 18:08 36156 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-24 18:08 16328 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:30 . 2011-07-19 17:34 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-07-16 12:37 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 00:06 . 2009-07-14 00:06 40448 c:\windows\system32\drivers\winusb.sys
+ 2010-07-07 09:26 . 2010-07-07 09:26 50696 c:\windows\system32\drivers\stflt.sys
- 2010-05-16 14:13 . 2011-07-16 12:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-16 14:13 . 2011-07-24 12:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-16 14:13 . 2011-07-24 12:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-16 14:13 . 2011-07-16 12:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-24 12:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-16 12:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-07-18 21:04 73016 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-05-16 15:21 . 2011-07-16 17:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-16 15:21 . 2011-07-24 18:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-16 15:21 . 2011-07-16 17:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-16 15:21 . 2011-07-24 18:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-24 18:37 . 2011-07-24 18:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-16 17:39 . 2011-07-16 17:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-13 23:36 . 2009-07-14 01:16 193024 c:\windows\SysWOW64\sppcomapi.dll
+ 2009-07-14 00:21 . 2009-07-14 01:41 297984 c:\windows\system32\WpdMtp.dll
+ 2011-04-17 15:25 . 2011-07-24 16:39 251256 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-13 23:36 . 2009-07-14 01:41 231936 c:\windows\system32\sppcomapi.dll
+ 2009-07-14 02:36 . 2011-07-22 12:46 770310 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-22 12:46 253586 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2011-07-16 12:37 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-07-19 17:34 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:38 . 2011-07-21 11:24 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:38 . 2010-05-16 14:07 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:01 . 2011-07-16 17:37 277780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-24 18:36 277780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 00:22 . 2009-07-14 01:41 1195008 c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
- 2010-05-16 14:54 . 2011-07-16 17:38 1635280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-05-16 14:54 . 2011-07-24 17:20 1635280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 02:34 . 2011-07-24 16:49 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-07-12 11:21 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-05-16 399736]
"NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2011-06-02 38184]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-06-29 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2009-07-01 1435136]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-01 601088]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\ćrot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Messenger\Room\safedrv.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-20 136176]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
.
--------- x86-64 -----------
.
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:63818
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1662676032-305991344-2342897747-1000\Software\SecuROM\License information*]
"datasecu"=hex:b7,f9,15,4c,ee,6a,02,bf,b1,12,49,05,1e,f1,9c,43,89,df,6a,43,41,
0f,89,cf,a1,15,b1,e9,b5,d6,70,35,43,6c,2c,d4,95,41,61,7f,14,b6,bc,46,34,ac,\
"rkeysecu"=hex:ae,c4,3f,0b,a2,db,62,ab,e6,e3,0d,9c,7b,2a,6c,2b
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe
c:\program files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Celkový čas: 2011-07-24 20:41:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-24 18:41
ComboFix2.txt 2011-07-24 18:10
ComboFix3.txt 2011-07-24 17:25
ComboFix4.txt 2011-07-24 11:23
.
Před spuštěním: Volných bajtů: 78 752 108 544
Po spuštění: Volných bajtů: 78 763 929 600
.
- - End Of File - - 66A8370E0703DB774992ACEA909276B7

ee, nechce se mu. Zkus to sám ručně http://osi.vse.cz/jarovnet/pruvodce/vyp ... -explorer/

PC-HELP.CZ

Virus? Zlobí internet a rozesílám zprávy přes FB..

Virus? Zlobí internet a rozesílám zprávy přes FB..

Re: Virus ?

Re: Virus ?

Re: Virus? Zlobí internet a rozesílám zprávy přes FB..

Re: Virus? Zlobí internet a rozesílám zprávy přes FB..

Re: Virus? Zlobí internet a rozesílám zprávy přes FB..

Re: Virus? Zlobí internet a rozesílám zprávy přes FB..

Re: Virus? Zlobí internet a rozesílám zprávy přes FB..

Re: Virus? Zlobí internet a rozesílám zprávy přes FB..

Re: Virus? Zlobí internet a rozesílám zprávy přes FB..

Re: Virus? Zlobí internet a rozesílám zprávy přes FB..

Re: Virus? Zlobí internet a rozesílám zprávy přes FB..