Viz z Facebooku

[WetterT.]

Dobrý den, chtěl bych Vás poprosit o pomoc, jak vidím nejsem první a nejspíš ani poslední. Chytil jsem zakeřný vir z facebooku, kde mě odkázali na video z youtube s nutností aktualizace adobe flash player. Niže posilam RSIT log. Budu vděčný za každou pomoc. Wetter
_________________________________________________________________________________________________________________
Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomáš at 2011-07-21 19:41:32
Microsoft Windows 7 Home Premium
System drive C: has 177 GB (61%) free of 291 GB
Total RAM: 3835 MB (38% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
winlogon.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
"C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe"
"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
C:\Windows\update.5.0\svchost.exe srv
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\System32\rundll32.exe" "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files (x86)\Realtek\Audio\OSD\RTVOSD64.EXE"
"C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"C:\Program Files\Java\jre6\bin\jusched.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\Windows\update.2\svchost.exe srv
"C:\Windows\update.5.0\svchost.exe" stand
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Users\Tomáš\AppData\Roaming\QipGuard\QipGuard.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
C:\Windows\sysdriver32.exe srv
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Vodafone\Via The Phone\VodafoneConnectorService.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 3032
C:\Windows\update.1\svchost.exe srv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\QIP 2010\qip.exe" /autorun
"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
"C:\Program Files\Motorola\Bluetooth\obexsrv.exe"
"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
"C:\Windows\update.2\svchost.exe" stand
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Motorola\Bluetooth\audiosrv.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Windows\systemup.exe" stand
"C:\Windows\l1rezerv.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" view=SYSTRAY
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Combo: Off</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_off.ico</IconPath><ID>732536244</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
"C:\Windows\system32\wuauclt.exe"
"C:\Windows\update.tray-2-0-lnk\svchost.exe" tray 2-0 1
"H:\OTL.exe"
"taskhost.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-36a3dc55-d330-4427-854d-c716e4269218 -SystemEventPortName:HostProcess-efa8c71d-bd97-4903-a2fc-c532748947e1 -IoCancelEventPortName:HostProcess-a04cc00a-34b9-413e-a54d-b25253147f7f -NonStateChangingEventPortName:HostProcess-fecd29f8-2881-4203-8b40-22b092eda5f4 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d4ce49e3-0bcb-48c5-90f2-8bd1d8aac5dc
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"H:\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForTomáš.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-05 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Tomáš\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-09-10 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2011-01-20 1581376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"=C:\Program Files\Motorola\Bluetooth\btmshell.dll [2010-03-10 20451592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-12 2107176]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2010-03-14 6234144]
"RtkOSD"=C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [2010-01-12 995840]
"HP Quick Launch"=C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-01-18 451072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-05-05 172032]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-01-27 8192]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"=C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [2010-02-09 1712184]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-02-22 2363392]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2009-10-09 25623336]
"QIP Internet Guardian"=C:\Users\Tomáš\AppData\Roaming\QipGuard\QipGuard.exe [2010-09-10 190928]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2010-09-12 327472]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"Infium"=C:\Program Files (x86)\QIP 2010\qip.exe [2010-09-10 5809616]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-03-29 98304]
"Easybits Recovery"=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2010-01-25 61112]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2010-07-12 74752]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2008-09-06 413696]
"wxpdrv"=C:\Windows\services32.exe []
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-2-0\svchost.exe [2011-07-21 1178112]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"5223470.exe"=C:\Windows\TEMP\5223470.exe []
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-07-21 245760]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-07-21 245760]
"3123026.exe"=C:\Users\Tomáš\AppData\Local\Temp\3123026.exe [2011-07-21 245760]
"9305217.exe"=C:\Windows\TEMP\9305217.exe []
"5090084.exe"=C:\Windows\TEMP\5090084.exe []
"systemup"=C:\Windows\systemup.exe [2011-07-21 114176]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-07-21 110592]

C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CodeMeter Control Center.lnk - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2010-05-05 52920]
"UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableTaskMgr"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"bin\CodeMeter.exe"="C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
"C:\Users\Tomáš\AppData\Local\Opera\Opera\temporary_downloads\Flash-Player.exe"="C:\Users\Tomáš\AppData\Local\Opera\Opera\temporary_downloads\Flash-Player.exe:*:Enabled:C:\Users\Tomáš\AppData\Local\Opera\Opera\temporary_downloads\Flash-Player.exe"
"C:\Windows\update.1\svchost.exe"="C:\Windows\update.1\svchost.exe:*:Enabled:C:\Windows\update.1\svchost.exe"
"C:\Windows\update.tray-2-0\svchost.exe"="C:\Windows\update.tray-2-0\svchost.exe:*:Enabled:C:\Windows\update.tray-2-0\svchost.exe"
"C:\Windows\update.2\svchost.exe"="C:\Windows\update.2\svchost.exe:*:Enabled:C:\Windows\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"bin\CodeMeter.exe"="C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-21 19:41:33 ----D---- C:\Program Files\trend micro
2011-07-21 19:41:32 ----D---- C:\rsit
2011-07-21 18:49:40 ----SD---- C:\potvůrka
2011-07-21 18:31:59 ----D---- C:\Windows\ERDNT
2011-07-21 18:31:55 ----D---- C:\Qoobox
2011-07-21 18:31:48 ----SD---- C:\32788R22FWJFW
2011-07-21 17:40:09 ----HD---- C:\Windows\update.tray-7-0-lnk
2011-07-21 17:40:09 ----HD---- C:\Windows\update.tray-7-0
2011-07-21 16:31:23 ----HD---- C:\ProgramData\Common Files
2011-07-21 16:16:58 ----D---- C:\Windows\ufa
2011-07-21 16:16:58 ----D---- C:\Windows\rpcminer
2011-07-21 16:16:58 ----D---- C:\Windows\phoenix
2011-07-21 16:13:11 ----D---- C:\ProgramData\MFAData
2011-07-21 16:05:26 ----A---- C:\Windows\ddh_iplist.txt
2011-07-21 16:05:17 ----D---- C:\Windows\system64
2011-07-21 16:05:16 ----A---- C:\Windows\l1rezerv.exe
2011-07-21 16:05:04 ----A---- C:\Windows\systemup.exe
2011-07-21 16:04:00 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-21 16:03:42 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-21 16:03:39 ----HD---- C:\Windows\update.2
2011-07-21 16:03:24 ----A---- C:\Windows\unrar.exe
2011-07-21 16:03:07 ----HD---- C:\Windows\update.5.0
2011-07-21 16:03:03 ----A---- C:\Windows\sysdriver32_.exe
2011-07-21 16:02:58 ----A---- C:\Windows\iplist.txt
2011-07-21 16:02:49 ----A---- C:\Windows\sysdriver32.exe
2011-07-21 16:02:31 ----A---- C:\Windows\front_ip_list.txt
2011-07-21 16:00:36 ----D---- C:\Windows\av_ico
2011-07-21 15:58:02 ----HD---- C:\Windows\update.1
2011-07-21 15:58:00 ----HD---- C:\Windows\update.tray-2-0-lnk
2011-07-21 15:58:00 ----HD---- C:\Windows\update.tray-2-0
2011-07-21 15:48:00 ----A---- C:\Windows\winlog-ids.txt
2011-07-21 15:48:00 ----A---- C:\Windows\winlog-dirs.txt
2011-07-13 22:18:09 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 22:18:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 22:18:08 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 22:18:08 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 22:18:06 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 22:18:05 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 22:18:03 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2011-07-13 22:18:03 ----A---- C:\Windows\system32\drivers\bthport.sys
2011-07-13 22:18:00 ----A---- C:\Windows\system32\win32k.sys
2011-07-13 22:17:55 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-13 22:17:55 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 22:17:54 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-13 22:17:54 ----A---- C:\Windows\system32\wow64win.dll
2011-07-13 22:17:54 ----A---- C:\Windows\system32\wow64.dll
2011-07-13 22:17:54 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 22:17:54 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 22:17:53 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-13 22:17:53 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-13 22:17:53 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-13 22:17:53 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-13 22:17:53 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-13 22:17:50 ----A---- C:\Windows\SYSWOW64\user.exe
2011-07-01 00:33:10 ----D---- C:\ed15882ae3f53a020576fa7f3332
2011-06-30 13:17:58 ----D---- C:\8463b3292477e54c55ea06f674
2011-06-29 09:32:34 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-29 09:32:33 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2011-06-29 09:32:33 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2011-06-29 09:32:33 ----A---- C:\Windows\SYSWOW64\devobj.dll
2011-06-29 09:32:33 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2011-06-29 09:32:31 ----A---- C:\Windows\system32\mssrch.dll
2011-06-29 09:32:29 ----A---- C:\Windows\SYSWOW64\tquery.dll
2011-06-29 09:32:29 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2011-06-29 09:32:29 ----A---- C:\Windows\system32\tquery.dll
2011-06-29 09:32:28 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-29 09:32:28 ----A---- C:\Windows\system32\mssph.dll
2011-06-29 09:32:27 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2011-06-29 09:32:27 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2011-06-29 09:32:27 ----A---- C:\Windows\SYSWOW64\mssph.dll
2011-06-29 09:32:27 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-29 09:32:26 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2011-06-29 09:32:26 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2011-06-29 09:32:26 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2011-06-29 09:32:26 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2011-06-29 09:32:26 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-29 09:32:26 ----A---- C:\Windows\system32\mssvp.dll
2011-06-29 09:32:26 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-29 09:32:26 ----A---- C:\Windows\system32\msscntrs.dll

======List of files/folders modified in the last 1 month======

2011-07-22 05:05:19 ----D---- C:\Windows\system32\config
2011-07-22 05:05:17 ----D---- C:\Windows\Tasks
2011-07-22 05:05:17 ----D---- C:\Windows\SysWOW64
2011-07-22 05:05:17 ----D---- C:\Windows\system32\wfp
2011-07-22 05:05:17 ----D---- C:\Windows\system32\DriverStore
2011-07-22 05:05:17 ----D---- C:\Windows\system32\drivers\etc
2011-07-22 05:05:17 ----D---- C:\Windows\system32\cs-CZ
2011-07-22 05:05:17 ----D---- C:\Windows\system32\catroot2
2011-07-22 05:05:17 ----D---- C:\Windows
2011-07-22 05:05:16 ----D---- C:\Windows\system32\wbem
2011-07-22 05:05:16 ----D---- C:\Windows\system32\CodeIntegrity
2011-07-22 05:05:14 ----D---- C:\Windows\inf
2011-07-22 05:05:06 ----HD---- C:\ProgramData
2011-07-22 05:05:06 ----D---- C:\ProgramData\FLEXnet
2011-07-22 05:05:03 ----D---- C:\Windows\registration
2011-07-22 05:04:59 ----D---- C:\Windows\system32\drivers
2011-07-22 05:04:56 ----SHD---- C:\Windows\Installer
2011-07-22 05:04:55 ----D---- C:\Users\Tomáš\AppData\Roaming\Skype
2011-07-22 05:04:07 ----SHD---- C:\$Recycle.Bin
2011-07-22 05:01:33 ----SHD---- C:\System Volume Information
2011-07-21 19:41:35 ----D---- C:\Windows\Temp
2011-07-21 19:41:33 ----RD---- C:\Program Files
2011-07-21 19:20:39 ----D---- C:\Windows\System32
2011-07-21 19:20:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-21 19:06:38 ----D---- C:\Users\Tomáš\AppData\Roaming\uTorrent
2011-07-21 19:06:23 ----D---- C:\Windows\tracing
2011-07-21 16:06:03 ----SD---- C:\ProgramData\Microsoft
2011-07-21 16:04:04 ----D---- C:\Windows\Prefetch
2011-07-20 14:13:38 ----D---- C:\Program Files (x86)\Opera
2011-07-14 10:33:12 ----D---- C:\Windows\winsxs
2011-07-14 10:29:29 ----D---- C:\Windows\AppPatch
2011-07-14 01:35:14 ----A---- C:\Windows\system32\MRT.exe
2011-07-14 01:35:08 ----SHD---- C:\Config.Msi
2011-07-14 01:35:05 ----D---- C:\ProgramData\Microsoft Help
2011-07-13 22:17:43 ----D---- C:\Windows\system32\catroot
2011-07-01 10:02:56 ----D---- C:\Windows\Microsoft.NET
2011-07-01 10:02:55 ----RSD---- C:\Windows\assembly
2011-06-29 17:45:49 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-08-24 16440]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-05-09 513080]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-04-28 139704]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-06-24 166984]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-04-28 124760]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-03-29 6405632]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-03-29 188928]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-03-09 123408]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-03-14 2291616]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2010-04-13 925536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-09 295424]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-12 316464]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 a5544fi9;a5544fi9; C:\Windows\system32\drivers\a5544fi9.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552448]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTMCOM;Bluetooth Serial Port; C:\Windows\System32\Drivers\btmcom.sys [2010-03-01 52224]
S3 BTMUSB;Motorola Bluetooth Radio Service; C:\Windows\System32\Drivers\btmusb.sys [2010-03-05 464384]
S3 FlashUSB;FlashUSB; C:\Windows\system32\DRIVERS\FlashUSB_x64.sys [2009-05-12 20480]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2007-08-09 29696]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-09-10 117248]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-23 225280]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys [2008-11-11 17920]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys [2008-11-11 27136]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys [2008-11-11 33792]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-03-29 202752]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2010-03-10 661768]
R2 CodeMeter.exe;CodeMeter Runtime Server; C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2009-08-19 1705280]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-01-25 514232]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-11-15 126520]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 HPWMISVC;HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-02-22 73728]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-07-21 340992]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-07-21 483328]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-07-21 245760]
R2 VodafoneConnectorService;Vodafone Connector Service; C:\Program Files (x86)\Vodafone\Via The Phone\VodafoneConnectorService.exe [2009-01-26 233472]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-07-21 1178112]
R3 Bluetooth Device Manager;Bluetooth Device Manager; C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2010-03-05 4163848]
R3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2010-03-05 1040136]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-06 1028096]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-10-14 751672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-06 647680]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe [2010-01-04 238328]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

[Rudy]

Máte ho opravdu tam. Dejte ještě log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[WetterT.]

Děkuju za odbanovani.
Při prohlížení Combofixem se počitač restartoval a při najiždění systému naběhla stránka opravy systému. Běžné zapnutí systému nefugovalo tak jsem zadal opravu a obnovení systému. Systém nakonec naskočil ale dál se nic nedělo. Vir si stále hoví v mem PC..

[Rudy]

Děkuju za odbanovani.

Žádné nastavení jsem neměnil. Přečtěte si mail.

Můžete dát log z CF? Měl by být v C:\comobfix.txt .

[WetterT.]

ComboFix 11-07-21.02 - Tomáš 21.07.2011 19:55:39.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3835.1359 [GMT 2:00]
Spuštěný z: C:\Users\TomßÜ\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

[motji]

Omluva za vstup
Ten log není uplný. Použijte Rkill a znovu combofix.

Stahněte Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkuste stahnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com



Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

-spusťte ho a nechejte pracovat. Sám se ukončí.

- Ted nerestartujte počítač!



Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
- přejmenujte combofix na potvůrka.com

[WetterT.]

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 22.07.2011 at 16:12:01.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\TomáC:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe


Rkill completed on 22.07.2011 at 16:12:15.
___________________________________________________________________________________________
ComboFix 11-07-22.02 - Tomáš 22.07.2011 16:55:39.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3835.1359 [GMT 2:00]
Spuštěný z: C:\Users\TomßÜ\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
___________________________________________________________________________________________

Vir pořád přetrvává. Možná bude problém i v tom, že když projíždím pc těmito programy tak nakonci se mi pc
restartuje a zapne se obnovení systému. Při obnovení se ale pc jakobý vrátí v čase tam, kde všechno ještě fungovalo.
Takže mi zmizely i nějaké věci, které jsem instaloval nedávno..

[motji]

Můžete do nouzového režimu?

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[WetterT.]

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5214

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.7.2011 11:34:22
mbam-log-2011-07-23 (11-34-04).txt

Typ kontroly: Úplný test (C:\|D:\|E:\|F:\|G:\|H:\|)
Testované objekty: 421205
Uplynulý čas: 47 minut, 6 sekund

Infikované procesy v paměti: 2
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 2
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
c:\Windows\systemup.exe (Trojan.FakeAlert) -> 4700 -> No action taken.
c:\Windows\update.tray-2-0\svchost.exe (Trojan.Agent) -> 3808 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.FakeAlert) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Agent) -> Value: tray_ico0 -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Users\Tomáš\documents\programy\WinRAR\crack.exe (Malware.Packer.Gen) -> No action taken.
c:\Windows\systemup.exe (Trojan.FakeAlert) -> No action taken.
c:\Windows\update.tray-2-0\svchost.exe (Trojan.Agent) -> No action taken.
_______________________________________________________________________________________________________________

Nouzový režim jde zapnout ale vydrží jen 10 sec. než se počitač restartuje

[motji]

V mbamu vše smažte.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5 

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

[WetterT.]

při prohledávání nastala chyba s vytvořením souboru.. Přikládám print screen.

[WetterT.]

Ani jeden soubor se určitě nevytvořil, nechal jsem prohledat pc a nic..

[motji]

Zkuste ho spustit v nouzovém režimu.

[WetterT.]

v nouzovém režimu to nejde.. když najedu do nouzového režimu, vydrží to max. 10 sekund a pc se automaticky restartuje

[motji]

Fajn, v první řadě si zazálohujte data

Pak spustte OTL bez skriptu