Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Problém s virem z FB.

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Jakub888
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 27 srp 2011 18:13

Problém s virem z FB.

#1 Příspěvek od Jakub888 »

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jakub at 2011-08-27 18:54:27
Microsoft Windows 7 Home Premium
System drive C: has 406 GB (88%) free of 464 GB
Total RAM: 3767 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:54:35, on 27.8.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\O2\O2CZ\EMMSN.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\systemup.exe
C:\Windows\l1rezerv.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\O2\Nori\Nori.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Jakub.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5f4742c41n
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.asp ... 5f4742c41n
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5f4742c41n
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.asp ... 5f4742c41n
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (file missing)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [O2CZ] "C:\Program Files (x86)\O2\O2CZ\EMMSN.exe" -systray
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [POPUPTV] C:\Program Files (x86)\ASUS\PopupTV\ExpressTV.exe
O4 - HKLM\..\Run: [wxpdrv] C:\Windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\Windows\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\Windows\update.tray-10-0\svchost.exe
O4 - HKLM\..\Run: [7261507.exe] "C:\Windows\Temp\7261507.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [systemup] "C:\Windows\systemup.exe" stand
O4 - HKLM\..\Run: [2632045.exe] "C:\Users\Jakub\AppData\Local\Temp\2632045.exe"
O4 - HKLM\..\Run: [1664598.exe] "C:\Windows\Temp\1664598.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\Windows\l1rezerv.exe"
O4 - HKLM\..\Run: [47675212-loader2.exe] "C:\Windows\Temp\47675212-loader2.exe"
O4 - HKLM\..\Run: [8690771.exe] "C:\Windows\Temp\8690771.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: TMMonitor.lnk = C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{049F22D1-D57D-4420-AA23-F18094A9FDF2}: NameServer = 160.218.167.5 160.218.161.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{049F22D1-D57D-4420-AA23-F18094A9FDF2}: NameServer = 160.218.167.5 160.218.161.60
O17 - HKLM\System\CS2\Services\Tcpip\..\{049F22D1-D57D-4420-AA23-F18094A9FDF2}: NameServer = 160.218.161.60 194.228.211.33
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ddservice - Unknown owner - C:\Windows\update.7.1\svchostdriver.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: srvbtcclient - Unknown owner - C:\Windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\Windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\Windows\sysdriver32.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: wxpdrivers - Unknown owner - C:\Windows\update.1\svchost.exe

--
End of file - 13967 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
winlogon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
"c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
C:\Windows\update.7.1\svchostdriver.exe srv
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Windows\PLFSetI.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe"
"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe"
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
"C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Program Files (x86)\O2\O2CZ\EMMSN.exe" -systray
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
"C:\Windows\systemup.exe" stand
"C:\Windows\l1rezerv.exe"
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
"C:\Program Files (x86)\O2\Nori\Nori.exe" -Embedding
"C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe"
C:\Windows\update.5.0\svchost.exe srv
C:\Windows\update.2\svchost.exe srv
"C:\Windows\update.5.0\svchost.exe" stand
C:\Windows\sysdriver32.exe srv
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe"
C:\Windows\update.1\svchost.exe srv
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxext.exe -Embedding
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe"
"C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Windows\update.2\svchost.exe" stand
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-97c65486-f5fe-4b73-8b50-cf460f81f96a -SystemEventPortName:HostProcess-e1f14a17-fc64-4a29-b564-6c3024a4e92a -IoCancelEventPortName:HostProcess-e755b521-558a-4d78-bfee-495fa40a5b91 -NonStateChangingEventPortName:HostProcess-3ed689e8-9d37-4cc4-835a-c1dc57f175f6 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:27459781-33ca-46d3-8ee1-ab38c9480cd0
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/ --disable-client-side-phishing-detection --channel=4548.0282ADC0.918818258 /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\Jakub\AppData\Local\Google\Chrome\APPLIC~1\130782~1.215\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Jakub\AppData\Local\Google\Chrome\Application\13.0.782.215\gcswf32.dll" --lang=cs --channel=4548.07F17E00.604643598 --flash-broker=6052 /prefetch:4
"C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/ --disable-client-side-phishing-detection --channel=4548.09AAE160.1519397280 /prefetch:3
"C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/ --disable-client-side-phishing-detection --channel=4548.09AD12C0.88157641 /prefetch:3
"C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/ --disable-client-side-phishing-detection --channel=4548.0D3CEC60.383884627 /prefetch:3
"C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel=4548.0AD8D3C0.1616765186 /prefetch:12
"C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/ --disable-client-side-phishing-detection --channel=4548.058C1000.228173618 /prefetch:3
"C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/ --disable-client-side-phishing-detection --channel=4548.0A6B0DC0.844727665 /prefetch:3
"C:\Windows\update.7.1\svchostdriver.exe" stand
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe16_ Global\UsGthrCtrlFltPipeMssGthrPipe16 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Jakub\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393203307-2628567360-65643831-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393203307-2628567360-65643831-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-07-06 373872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll [2011-07-06 319984]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-06 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2011-07-06 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-07-06 373872]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-06 279664]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-05-11 161304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-05-11 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-05-11 414744]
"PLFSetI"=C:\Windows\PLFSetI.exe [2010-06-10 206208]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-12-10 1890088]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-06-22 10920552]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2010-05-26 585376]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2010-05-26 354464]
"Acer ePower Management"=C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2010-06-11 861216]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-08-03 39408]
"Google Update"=C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06 136176]
"T-Mobile Communication Centre"=C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe [2010-06-03 1347504]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-04-13 284696]
"BackupManagerTray"=C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [2010-06-29 263936]
"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-02 1155928]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]
"VideoWebCamera"=C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe [2010-05-27 1545568]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-05-25 960080]
"O2CZ"=C:\Program Files (x86)\O2\O2CZ\EMMSN.exe [2009-11-30 4050632]
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"POPUPTV"=C:\Program Files (x86)\ASUS\PopupTV\ExpressTV.exe [2010-03-19 692224]
"wxpdrv"=C:\Windows\services32.exe []
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-7-0\svchost.exe [2011-08-22 1213440]
"tray_ico1"=C:\Windows\update.tray-10-0\svchost.exe [2011-08-22 1213440]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"7261507.exe"=C:\Windows\Temp\7261507.exe []
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-08-22 258048]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-08-22 258048]
"systemup"=C:\Windows\systemup.exe [2011-08-22 137728]
"2632045.exe"=C:\Users\Jakub\AppData\Local\Temp\2632045.exe [2011-08-22 258048]
"1664598.exe"=C:\Windows\Temp\1664598.exe []
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-08-22 232960]
"47675212-loader2.exe"=C:\Windows\Temp\47675212-loader2.exe []
"8690771.exe"=C:\Windows\Temp\8690771.exe [2011-08-23 636416]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TMMonitor.lnk - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-04-30 269824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-27 18:54:27 ----D---- C:\rsit
2011-08-27 18:54:27 ----D---- C:\Program Files\trend micro
2011-08-27 18:10:34 ----A---- C:\Windows\system32\drivers\iqkfabhh.sys
2011-08-26 22:01:19 ----D---- C:\ProgramData\AVAST Software
2011-08-26 22:01:19 ----D---- C:\Program Files\AVAST Software
2011-08-26 21:22:34 ----HD---- C:\Windows\update.tray-7-0-lnk
2011-08-26 21:22:34 ----HD---- C:\Windows\update.tray-7-0
2011-08-26 21:20:44 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-08-26 21:20:44 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-08-26 21:20:42 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-08-26 21:20:41 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-08-26 21:20:41 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-08-26 21:20:39 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-08-26 21:20:39 ----A---- C:\Windows\system32\aswBoot.exe
2011-08-26 21:20:03 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2011-08-26 21:20:03 ----A---- C:\Windows\avastSS.scr
2011-08-26 20:34:21 ----A---- C:\Windows\system32\MRT.exe
2011-08-26 19:59:41 ----D---- C:\Program Files (x86)\T-Mobile
2011-08-26 19:59:22 ----A---- C:\Windows\system32\drivers\ZTEusbser6k.sys
2011-08-26 19:59:22 ----A---- C:\Windows\system32\drivers\ZTEusbnmea.sys
2011-08-26 19:59:22 ----A---- C:\Windows\system32\drivers\ZTEusbmdm6k.sys
2011-08-26 19:59:22 ----A---- C:\Windows\system32\drivers\massfilter.sys
2011-08-26 19:59:19 ----D---- C:\Program Files (x86)\ZTE
2011-08-25 19:41:46 ----HD---- C:\Windows\update.8.1
2011-08-24 12:09:32 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-08-24 12:09:32 ----A---- C:\Windows\system32\tzres.dll
2011-08-23 21:12:30 ----HD---- C:\ProgramData\Common Files
2011-08-23 21:12:25 ----D---- C:\ProgramData\AVG Security Toolbar
2011-08-23 21:11:30 ----D---- C:\ProgramData\AVG10
2011-08-23 21:11:30 ----D---- C:\Program Files (x86)\AVG
2011-08-23 21:03:45 ----D---- C:\Windows\update.tray-12-0
2011-08-23 20:45:27 ----D---- C:\ProgramData\MFAData
2011-08-23 20:34:35 ----A---- C:\ProgramData\NTUSER.DAT
2011-08-22 20:31:54 ----N---- C:\Windows\system32\MpSigStub.exe
2011-08-22 19:03:49 ----A---- C:\Windows\l1rezerv.exe
2011-08-22 19:02:06 ----D---- C:\Windows\ufa
2011-08-22 19:02:06 ----D---- C:\Windows\rpcminer
2011-08-22 19:02:06 ----D---- C:\Windows\phoenix
2011-08-22 18:58:23 ----HD---- C:\Windows\update.7.1
2011-08-22 18:58:19 ----A---- C:\Windows\iecheck_iplist.txt
2011-08-22 18:57:45 ----A---- C:\Windows\btc_client_iplist.txt
2011-08-22 18:57:35 ----HD---- C:\Windows\update.2
2011-08-22 18:56:30 ----HD---- C:\Windows\update.5.0
2011-08-22 18:55:53 ----A---- C:\Windows\unrar.exe
2011-08-22 18:54:42 ----A---- C:\Windows\systemup.exe
2011-08-22 18:53:51 ----A---- C:\Windows\iplist.txt
2011-08-22 18:53:42 ----A---- C:\Windows\sysdriver32_.exe
2011-08-22 18:53:28 ----A---- C:\Windows\sysdriver32.exe
2011-08-22 18:53:12 ----A---- C:\Windows\front_ip_list.txt
2011-08-22 18:52:47 ----D---- C:\Windows\av_ico
2011-08-22 18:51:07 ----HD---- C:\Windows\update.1
2011-08-22 18:50:58 ----HD---- C:\Windows\update.tray-10-0-lnk
2011-08-22 18:50:58 ----HD---- C:\Windows\update.tray-10-0
2011-08-22 18:41:05 ----A---- C:\Windows\winlog-ids.txt
2011-08-22 18:41:05 ----A---- C:\Windows\winlog-dirs.txt
2011-08-10 13:19:39 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2011-08-10 13:19:39 ----A---- C:\Windows\system32\xmllite.dll
2011-08-10 13:19:33 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-08-10 13:19:33 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-08-10 13:19:33 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-08-10 13:19:33 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-08-10 13:19:33 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-08-10 13:19:33 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-10 13:19:33 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-10 13:19:33 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-10 13:19:33 ----A---- C:\Windows\system32\odbccp32.dll
2011-08-10 13:19:31 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 13:19:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 13:19:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 13:19:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-10 13:19:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 13:19:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 13:19:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 13:19:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 13:19:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 13:19:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 13:19:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 13:19:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 13:19:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 13:19:23 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-10 13:19:23 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 13:19:23 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-08-10 13:19:23 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-08-10 13:19:23 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-08-10 13:19:23 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-08-10 13:19:23 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-10 13:19:23 ----A---- C:\Windows\system32\wow64win.dll
2011-08-10 13:19:23 ----A---- C:\Windows\system32\wow64cpu.dll
2011-08-10 13:19:23 ----A---- C:\Windows\system32\wow64.dll
2011-08-10 13:19:23 ----A---- C:\Windows\system32\winsrv.dll
2011-08-10 13:19:23 ----A---- C:\Windows\system32\ntvdm64.dll
2011-08-10 13:19:23 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-10 13:19:23 ----A---- C:\Windows\system32\kernel32.dll
2011-08-10 13:19:23 ----A---- C:\Windows\system32\conhost.exe
2011-08-10 13:19:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 13:19:22 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-10 13:19:22 ----A---- C:\Windows\SYSWOW64\user.exe
2011-08-10 13:19:22 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-08-10 13:19:20 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-10 13:19:17 ----A---- C:\Windows\system32\mshtml.dll
2011-08-10 13:19:15 ----A---- C:\Windows\system32\ieframe.dll
2011-08-10 13:19:13 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-08-10 13:19:13 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-08-10 13:19:13 ----A---- C:\Windows\system32\iertutil.dll
2011-08-10 13:19:11 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-08-10 13:19:11 ----A---- C:\Windows\system32\urlmon.dll
2011-08-10 13:19:10 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-08-10 13:19:10 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-08-10 13:19:10 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-08-10 13:19:10 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-08-10 13:19:10 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-08-10 13:19:10 ----A---- C:\Windows\system32\wininet.dll
2011-08-10 13:19:10 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-10 13:19:10 ----A---- C:\Windows\system32\iedkcs32.dll
2011-08-10 13:19:09 ----A---- C:\Windows\SYSWOW64\url.dll
2011-08-10 13:19:09 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-08-10 13:19:09 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-08-10 13:19:09 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-08-10 13:19:09 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-08-10 13:19:09 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-08-10 13:19:09 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-08-10 13:19:09 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-08-10 13:19:09 ----A---- C:\Windows\system32\url.dll
2011-08-10 13:19:09 ----A---- C:\Windows\system32\mstime.dll
2011-08-10 13:19:09 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-10 13:19:09 ----A---- C:\Windows\system32\msfeedssync.exe
2011-08-10 13:19:09 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-08-10 13:19:09 ----A---- C:\Windows\system32\licmgr10.dll
2011-08-10 13:19:09 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-10 13:19:09 ----A---- C:\Windows\system32\ieui.dll
2011-08-10 13:19:09 ----A---- C:\Windows\system32\iepeers.dll
2011-08-10 13:19:04 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-10 13:19:03 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-08-10 13:19:02 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

======List of files/folders modified in the last 1 month======

2011-08-27 18:54:30 ----D---- C:\Windows\Temp
2011-08-27 18:54:27 ----RD---- C:\Program Files
2011-08-27 18:20:27 ----D---- C:\Windows\system32\Tasks
2011-08-27 18:10:34 ----D---- C:\Windows\system32\drivers
2011-08-27 14:46:06 ----RSD---- C:\Windows\assembly
2011-08-27 14:46:06 ----D---- C:\Windows\Microsoft.NET
2011-08-27 14:20:38 ----D---- C:\Windows\system32\config
2011-08-27 09:04:17 ----D---- C:\Windows\System32
2011-08-27 09:04:17 ----D---- C:\Windows\inf
2011-08-27 09:04:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-27 08:57:53 ----A---- C:\Windows\SYSWOW64\log.txt
2011-08-26 22:01:19 ----HD---- C:\ProgramData
2011-08-26 21:55:30 ----SD---- C:\Users\Jakub\AppData\Roaming\Microsoft
2011-08-26 21:55:30 ----SD---- C:\ProgramData\Microsoft
2011-08-26 21:50:17 ----SHD---- C:\Windows\Installer
2011-08-26 21:49:58 ----D---- C:\Windows\SysWOW64
2011-08-26 21:49:58 ----D---- C:\Windows
2011-08-26 21:49:37 ----SHD---- C:\System Volume Information
2011-08-26 21:07:22 ----D---- C:\Windows\system32\NDF
2011-08-26 20:49:29 ----D---- C:\Windows\Prefetch
2011-08-26 20:34:24 ----D---- C:\Windows\debug
2011-08-26 19:59:54 ----D---- C:\Windows\ModemLogs
2011-08-26 19:59:41 ----RD---- C:\Program Files (x86)
2011-08-26 19:59:24 ----D---- C:\Windows\system32\DriverStore
2011-08-26 19:59:24 ----D---- C:\Windows\system32\catroot
2011-08-26 19:07:05 ----D---- C:\Windows\system32\drivers\etc
2011-08-25 14:51:09 ----D---- C:\Windows\rescache
2011-08-24 22:11:59 ----D---- C:\Windows\winsxs
2011-08-24 22:11:55 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-08-24 22:11:55 ----D---- C:\Windows\system32\cs-CZ
2011-08-24 11:51:20 ----D---- C:\Windows\system32\catroot2
2011-08-23 22:06:36 ----D---- C:\Windows\Tasks
2011-08-23 22:06:34 ----D---- C:\Windows\system32\wbem
2011-08-23 22:05:57 ----D---- C:\Windows\system32\wfp
2011-08-23 22:05:57 ----D---- C:\Windows\system32\CodeIntegrity
2011-08-23 22:05:56 ----D---- C:\Windows\AppCompat
2011-08-23 22:05:56 ----D---- C:\Users\Jakub\AppData\Roaming\SNS
2011-08-23 22:05:56 ----D---- C:\Users\Jakub\AppData\Roaming\ArcSoft
2011-08-23 22:05:54 ----D---- C:\Windows\registration
2011-08-23 21:30:01 ----D---- C:\ProgramData\ArcSoft
2011-08-11 09:55:46 ----D---- C:\Windows\SYSWOW64\migration
2011-08-11 09:55:46 ----D---- C:\Windows\AppPatch
2011-08-11 09:55:46 ----D---- C:\Program Files\Internet Explorer
2011-08-11 09:55:46 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-11 09:55:45 ----D---- C:\Windows\system32\migration
2011-08-11 09:55:39 ----D---- C:\ProgramData\Partner
2011-07-31 17:29:33 ----D---- C:\Windows\system32\drivers\UMDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-13 540696]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [2011-01-27 450680]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [2011-03-15 912504]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2011-07-28 481912]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS [2011-03-31 40568]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [2011-07-08 386168]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 ASUSVRC64;ASUSTeK Virtual Capture Device; C:\Windows\system32\DRIVERS\AsusVRC64.sys [2008-10-13 23424]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-05-11 2229608]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2010-05-20 32296]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 29696]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 117248]
R3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 114304]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-04-30 10331840]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-06-22 2399848]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2010-03-21 321064]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-06 18432]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2011-07-07 174200]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-12-10 301104]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-06 16896]
S1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110812.001\BHDrvx64.sys []
S1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110819.030\IDSvia64.sys []
S1 iqkfabhh;iqkfabhh; \??\C:\Windows\system32\drivers\iqkfabhh.sys [2011-08-27 48464]
S1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [2011-01-27 171128]
S3 AF9035BDA;ASUS U3100 Mini Plus BDA Devices; C:\Windows\System32\Drivers\AF9035BDA.sys [2009-07-16 492008]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2010-05-20 38248]
S3 ATHDFU;Atheros Valkyrie USB BootROM; C:\Windows\System32\Drivers\AthDfu.sys [2010-05-20 55336]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2010-05-20 294760]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2010-05-20 202792]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2010-05-20 52584]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2010-05-20 156392]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2010-05-26 264040]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552448]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]
S3 massfilter;Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2010-02-22 11776]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110821.003\ENG64.SYS []
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110821.003\EX64.SYS []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-04-19 245280]
S3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS [2011-03-31 744568]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2010-03-02 121344]
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2010-03-02 121344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe [2010-06-03 122096]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2010-05-26 47776]
R2 ddservice;ddservice; C:\Windows\update.7.1\svchostdriver.exe [2011-08-22 382464]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-05-25 325200]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]
R2 GREGService;GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-03-18 268824]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-02 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-29 255744]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-08-22 355840]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-08-23 636416]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-08-22 258048]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
R2 Updater Service;Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-29 243232]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-08-22 1213440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-06 135664]
S2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe /s NIS /m C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll /prefetch:1 []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-07-06 867080]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [2010-04-04 246520]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-06 135664]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-03 182768]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-08 1255736]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: Problém s virem z FB.

#2 Příspěvek od Danstahr »

Dobrý večer :welcome:,

:arrow: Stáhněte MBAM a vložte sem jeho log podle návodu zde, při výběru skenu zvolte Úplný sken.

Zatím nic nemažte, MBAM může mít falešné detekce!
Koupím trochu času, cenu respektuji.
Nahoru
Jakub888
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 27 srp 2011 18:13

Re: Problém s virem z FB.

#3 Příspěvek od Jakub888 »

Udělal jsem to podle vás tak čekám na další instrukce snad se to povede už teď jsem rád že to řeším s vámi.




Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7588

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.8.2011 20:48:08
mbam-log-2011-08-27 (20-48-02).txt

Typ kontroly: Úplný test (C:\|D:\|E:\|)
Testované objekty: 282459
Uplynulý čas: 26 minut, 2 sekund

Infikované procesy v paměti: 10
Infikované moduly v paměti: 0
Infikované klíče v registru: 10
Infikované hodnoty v registru: 15
Infikované datové položky v registru: 3
Infikované složky: 1
Infikované soubory: 52

Infikované procesy v paměti:
c:\Windows\update.7.1\svchostdriver.exe (Spyware.Agent) -> 1836 -> No action taken.
c:\Windows\update.7.1\svchostdriver.exe (Spyware.Agent) -> 6240 -> No action taken.
c:\Windows\systemup.exe (Spyware.Agent) -> 2856 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2696 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 3516 -> No action taken.
c:\Windows\update.2\svchost.exe (Trojan.Downloader.H) -> 3496 -> No action taken.
c:\Windows\update.2\svchost.exe (Trojan.Downloader.H) -> 4336 -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> 2884 -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> 3820 -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Agent) -> 4008 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddservice (Spyware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Trojan.Downloader.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Spyware.Agent) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8690771.exe (Trojan.Downloader.H) -> Value: 8690771.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2632045.exe (Trojan.Agent) -> Value: 2632045.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Delf) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Backdoor.Agent) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Agent) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Agent) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7261507.exe (Trojan.Downloader.Gen) -> Value: 7261507.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1664598.exe (Trojan.Downloader.Gen) -> Value: 1664598.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\47675212-loader2.exe (Trojan.Agent) -> Value: 47675212-loader2.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddservice\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované soubory:
c:\Windows\update.7.1\svchostdriver.exe (Spyware.Agent) -> No action taken.
c:\Windows\systemup.exe (Spyware.Agent) -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\Windows\update.2\svchost.exe (Trojan.Downloader.H) -> No action taken.
c:\Windows\Temp\8690771.exe (Trojan.Downloader.H) -> No action taken.
c:\Windows\Temp\2110580.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\2184064.exe (Spyware.Agent) -> No action taken.
c:\Windows\Temp\351663.exe (Spyware.Agent) -> No action taken.
c:\Windows\Temp\50498_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\50691_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\5339567.exe (Spyware.Agent) -> No action taken.
c:\Windows\Temp\56611560.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Temp\57824_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\5796131.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\6085686.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Temp\7055235.exe (Spyware.Agent) -> No action taken.
c:\Windows\Temp\72299_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\8287425.exe (Trojan.Downloader.H) -> No action taken.
c:\Windows\Temp\8374507.exe (Trojan.Downloader.H) -> No action taken.
c:\Windows\Temp\8756418.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9604156.exe (Spyware.Agent) -> No action taken.
c:\Users\Jakub\AppData\Local\Temp\2632045.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\2195734.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3365160.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3573984.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3985194.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\6223219.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\6369557.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\6553746.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\7043444.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8682563.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9333552.exe (Trojan.Agent) -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Delf) -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Agent) -> No action taken.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-10-0\svchost.exe (Trojan.Agent) -> No action taken.
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: Problém s virem z FB.

#4 Příspěvek od Danstahr »

Všechno co MBAM našel nechte smazat.

:!: Pozor! Tato utilita má velkou schopnost mazat a její použití je určeno výhradně členům týmu tohoto fóra. Svévolné použití může vést ke zboření a reinstalaci systému :!:

:arrow: Stáhněte ComboFix a uložte jej na Plochu.

:arrow: Vypněte všechny rezidentní štíty antivirů a všechny programy běžící na pozadí.
:arrow: Spusťte ComboFix s administrátorským oprávněním.
:arrow: Potvrďte licenční podmínky a případně i instalaci konzoly pro zotavení
:arrow: Během skenu nechte počítač naprosto v klidu.
:arrow: Sken trvá zhruba 15 minut, ale doba se může lišit v závislosti na stavu systému
:arrow: Po dokončení skenu se zobrazí log (pokud by se neotevřel, lze jej nalézt na systémovém disku jako ComboFix.txt), obsah logu vložte sem
:arrow: :!: ComboFixu si do dalšího pokynu nevšímejte :!:
Koupím trochu času, cenu respektuji.
Nahoru
Jakub888
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 27 srp 2011 18:13

Re: Problém s virem z FB.

#5 Příspěvek od Jakub888 »

Tak hotovo snad to dělám dobře... ( podle vašich pokynů ).




ComboFix 11-08-27.01 - Jakub 27.08.2011 21:15:06.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3767.1951 [GMT 2:00]
Spuštěný z: c:\users\Jakub\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-27 do 2011-08-27 )))))))))))))))))))))))))))))))
.
.
2011-08-27 19:18 . 2011-08-27 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-27 18:19 . 2011-08-27 18:19 -------- d-----w- c:\users\Jakub\AppData\Roaming\Malwarebytes
2011-08-27 18:19 . 2011-08-27 18:19 -------- d-----w- c:\programdata\Malwarebytes
2011-08-27 18:19 . 2010-11-29 15:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-27 18:18 . 2011-08-27 18:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-27 18:18 . 2010-11-29 15:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 16:54 . 2011-08-27 16:54 -------- d-----w- C:\rsit
2011-08-27 16:54 . 2011-08-27 16:54 -------- d-----w- c:\program files\trend micro
2011-08-27 16:10 . 2011-08-27 16:10 48464 ----a-w- c:\windows\system32\drivers\iqkfabhh.sys
2011-08-26 20:01 . 2011-08-26 20:01 -------- d-----w- c:\programdata\AVAST Software
2011-08-26 20:01 . 2011-08-26 20:01 -------- d-----w- c:\program files\AVAST Software
2011-08-26 19:22 . 2011-08-27 19:01 -------- d--h--w- c:\windows\update.tray-7-0
2011-08-26 19:22 . 2011-08-26 19:22 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-08-26 19:20 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-26 19:20 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-26 19:20 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-26 19:20 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-26 19:20 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-26 19:20 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-26 19:20 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-26 19:20 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-26 19:20 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-08-26 19:06 . 2011-08-26 19:07 -------- d-----w- c:\users\Jakub\AppData\Local\Diagnostics
2011-08-26 17:59 . 2011-08-26 17:59 -------- d-----w- c:\program files (x86)\T-Mobile
2011-08-26 17:59 . 2010-03-02 12:59 121344 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-08-26 17:59 . 2010-03-02 12:59 121344 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-08-26 17:59 . 2010-03-02 12:59 121344 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-08-26 17:59 . 2010-02-22 08:09 11776 ----a-w- c:\windows\system32\drivers\massfilter.sys
2011-08-26 17:59 . 2011-08-26 17:59 -------- d-----w- c:\program files (x86)\ZTE
2011-08-26 16:45 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68F7B15F-D5C2-4C9B-ACEB-177BF8C3B65E}\mpengine.dll
2011-08-25 17:41 . 2011-08-25 17:41 -------- d--h--w- c:\windows\update.8.1
2011-08-24 10:09 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 10:09 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 19:40 . 2011-08-23 19:40 -------- d-----w- c:\users\Jakub\AppData\Local\CrashDumps
2011-08-23 19:34 . 2011-08-26 19:35 -------- d-----w- c:\users\Jakub\AppData\Local\ElevatedDiagnostics
2011-08-23 19:12 . 2011-08-23 19:12 -------- d--h--w- c:\programdata\Common Files
2011-08-23 19:12 . 2011-08-23 19:30 -------- d-----w- c:\programdata\AVG Security Toolbar
2011-08-23 19:11 . 2011-08-23 19:30 -------- d-----w- c:\programdata\AVG10
2011-08-23 19:11 . 2011-08-23 19:11 -------- d-----w- c:\program files (x86)\AVG
2011-08-23 19:03 . 2011-08-23 19:03 -------- d-----w- c:\windows\update.tray-12-0
2011-08-23 18:45 . 2011-08-26 19:13 -------- d-----w- c:\programdata\MFAData
2011-08-22 18:31 . 2011-05-24 17:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-08-22 17:02 . 2011-08-27 09:59 -------- d-----w- c:\windows\ufa
2011-08-22 16:55 . 2011-08-26 20:20 246272 ----a-w- c:\windows\unrar.exe
2011-08-22 16:52 . 2011-08-26 19:23 -------- d-----w- c:\windows\av_ico
2011-08-22 16:50 . 2011-08-27 19:01 -------- d--h--w- c:\windows\update.tray-10-0
2011-08-22 16:50 . 2011-08-23 20:05 -------- d--h--w- c:\windows\update.tray-10-0-lnk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 04:32 . 2011-08-10 11:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-08 15:45 . 2011-07-06 16:57 386168 ----a-w- c:\windows\system32\drivers\NISx64\1206000.01D\symnets.sys
2011-07-07 07:39 . 2011-07-06 14:21 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-06-11 02:56 . 2011-07-13 05:44 3134464 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-03 39408]
"T-Mobile Communication Centre"="c:\program files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" [2010-06-03 1347504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2010-05-26 1545568]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-25 960080]
"O2CZ"="c:\program files (x86)\O2\O2CZ\EMMSN.exe" [2009-11-30 4050632]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"POPUPTV"="c:\program files (x86)\ASUS\PopupTV\ExpressTV.exe" [2010-03-19 692224]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-11-29 443728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2011-7-20 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1029 /KBD:2 /wow /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AF9035BDA;ASUS U3100 Mini Plus BDA Devices;c:\windows\system32\Drivers\AF9035BDA.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe [2010-06-03 122096]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-05-26 47776]
S3 ASUSVRC64;ASUSTeK Virtual Capture Device;c:\windows\system32\DRIVERS\AsusVRC64.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-06 14:57]
.
2011-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-06 14:57]
.
2011-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1393203307-2628567360-65643831-1000Core.job
- c:\users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06 14:55]
.
2011-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1393203307-2628567360-65643831-1000UA.job
- c:\users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06 14:55]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 414744]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-26 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-26 354464]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0405&m=easynote_tm98&r=27360711b235l04c4z125f4742c41n
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0405&m=easynote_tm98&r=27360711b235l04c4z125f4742c41n
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
.
------- Asociace souborů -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Wow6432Node-HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShA64.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-avast - c:\program files\AVAST Software\Avast\aswRunDll.exe
AddRemove-NIS - c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.6.0.29\InstStub.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-27 21:20:17
ComboFix-quarantined-files.txt 2011-08-27 19:20
.
Před spuštěním: Volných bajtů: 425 551 638 528
Po spuštění: Volných bajtů: 425 585 262 592
.
- - End Of File - - 4B5CCCF60F06B9597C7F86342A0F342D
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: Problém s virem z FB.

#6 Příspěvek od Danstahr »

:arrow: Otevřete Poznámkový blok, vložte do něj následující text a uložte soubor na Plochu jako CFScript.txt. Pak soubor přetáhněte na ikonu ComboFixu (viz obrázek). Po restartu se otevře log, ten sem vložte.

Obrázek

Kód: Vybrat vše

killall::

collect::
c:\windows\system32\drivers\iqkfabhh.sys

file::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1393203307-2628567360-65643831-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1393203307-2628567360-65643831-1000UA.job

folder::
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.8.1
c:\windows\update.tray-12-0
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-10-0
c:\windows\update.tray-10-0-lnk

registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
"T-Mobile Communication Centre"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"=-
"Norton Online Backup"=-
"Adobe Reader Speed Launcher"=-
"VideoWebCamera"=-
"LManager"=-
"O2CZ"=-
"ArcSoft Connection Service"=-
"POPUPTV"=-
"Malwarebytes' Anti-Malware (reboot)"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

driver::
iqkfabhh

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

reboot::
Koupím trochu času, cenu respektuji.
Nahoru
Jakub888
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 27 srp 2011 18:13

Re: Problém s virem z FB.

#7 Příspěvek od Jakub888 »

Také hotovo...


ComboFix 11-08-27.01 - Jakub 28.08.2011 10:46:43.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3767.2346 [GMT 2:00]
Spuštěný z: c:\users\Jakub\Desktop\Ohledný viru nemazat\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jakub\Desktop\CFScript.txt..txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1393203307-2628567360-65643831-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1393203307-2628567360-65643831-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_norton_start.ico
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1393203307-2628567360-65643831-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1393203307-2628567360-65643831-1000UA.job
c:\windows\ufa
c:\windows\update.8.1
c:\windows\update.tray-10-0-lnk
c:\windows\update.tray-10-0-lnk\svchost.exe
c:\windows\update.tray-10-0
c:\windows\update.tray-12-0
c:\windows\update.tray-12-0\svchost.exe
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0-lnk\svchost.exe
c:\windows\update.tray-7-0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-28 )))))))))))))))))))))))))))))))
.
.
2011-08-28 08:50 . 2011-08-28 08:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-27 18:19 . 2011-08-27 18:19 -------- d-----w- c:\users\Jakub\AppData\Roaming\Malwarebytes
2011-08-27 18:19 . 2011-08-27 18:19 -------- d-----w- c:\programdata\Malwarebytes
2011-08-27 18:19 . 2010-11-29 15:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-27 18:18 . 2011-08-27 18:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-27 18:18 . 2010-11-29 15:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 16:54 . 2011-08-27 16:54 -------- d-----w- C:\rsit
2011-08-27 16:54 . 2011-08-27 16:54 -------- d-----w- c:\program files\trend micro
2011-08-26 20:01 . 2011-08-26 20:01 -------- d-----w- c:\programdata\AVAST Software
2011-08-26 20:01 . 2011-08-26 20:01 -------- d-----w- c:\program files\AVAST Software
2011-08-26 19:20 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-26 19:20 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-26 19:20 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-26 19:20 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-26 19:20 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-26 19:20 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-26 19:20 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-26 19:20 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-26 19:20 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-08-26 19:06 . 2011-08-26 19:07 -------- d-----w- c:\users\Jakub\AppData\Local\Diagnostics
2011-08-26 17:59 . 2011-08-26 17:59 -------- d-----w- c:\program files (x86)\T-Mobile
2011-08-26 17:59 . 2010-03-02 12:59 121344 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-08-26 17:59 . 2010-03-02 12:59 121344 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-08-26 17:59 . 2010-03-02 12:59 121344 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-08-26 17:59 . 2010-02-22 08:09 11776 ----a-w- c:\windows\system32\drivers\massfilter.sys
2011-08-26 17:59 . 2011-08-26 17:59 -------- d-----w- c:\program files (x86)\ZTE
2011-08-26 16:45 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68F7B15F-D5C2-4C9B-ACEB-177BF8C3B65E}\mpengine.dll
2011-08-24 10:09 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 10:09 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 19:40 . 2011-08-23 19:40 -------- d-----w- c:\users\Jakub\AppData\Local\CrashDumps
2011-08-23 19:34 . 2011-08-26 19:35 -------- d-----w- c:\users\Jakub\AppData\Local\ElevatedDiagnostics
2011-08-23 19:12 . 2011-08-23 19:12 -------- d--h--w- c:\programdata\Common Files
2011-08-23 19:12 . 2011-08-23 19:30 -------- d-----w- c:\programdata\AVG Security Toolbar
2011-08-23 19:11 . 2011-08-23 19:30 -------- d-----w- c:\programdata\AVG10
2011-08-23 19:11 . 2011-08-23 19:11 -------- d-----w- c:\program files (x86)\AVG
2011-08-23 18:45 . 2011-08-26 19:13 -------- d-----w- c:\programdata\MFAData
2011-08-22 18:31 . 2011-05-24 17:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-08-22 16:55 . 2011-08-26 20:20 246272 ----a-w- c:\windows\unrar.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 04:32 . 2011-08-10 11:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-08 15:45 . 2011-07-06 16:57 386168 ----a-w- c:\windows\system32\drivers\NISx64\1206000.01D\symnets.sys
2011-07-07 07:39 . 2011-07-06 14:21 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-06-11 02:56 . 2011-07-13 05:44 3134464 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-27_19.18.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-08-28 08:27 32580 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-06 14:23 . 2011-08-28 08:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-06 14:23 . 2011-08-27 19:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-06 14:23 . 2011-08-28 08:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-06 14:23 . 2011-08-27 19:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-06 14:18 . 2011-08-28 08:27 7574 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1393203307-2628567360-65643831-1000_UserData.bin
- 2011-07-06 14:18 . 2011-08-27 06:59 7574 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1393203307-2628567360-65643831-1000_UserData.bin
- 2011-08-27 06:57 . 2011-08-27 06:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-28 08:51 . 2011-08-28 08:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-27 06:57 . 2011-08-27 06:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-28 08:51 . 2011-08-28 08:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-09 06:42 . 2011-08-27 19:59 140672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-07-09 06:42 . 2011-08-26 20:23 140672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 02:34 . 2011-08-28 08:39 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-08-27 12:20 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2011-7-20 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1029 /KBD:2 /wow /dir:C:\Program
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [x]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110819.030\IDSvia64.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-06 135664]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
R3 AF9035BDA;ASUS U3100 Mini Plus BDA Devices;c:\windows\system32\Drivers\AF9035BDA.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-06 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe [2010-06-03 122096]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-05-26 47776]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-05-25 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 ASUSVRC64;ASUSTeK Virtual Capture Device;c:\windows\system32\DRIVERS\AsusVRC64.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
c:\program files\AVAST Software\Avast\ashShA64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 414744]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-26 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-26 354464]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0405&m=easynote_tm98&r=27360711b235l04c4z125f4742c41n
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0405&m=easynote_tm98&r=27360711b235l04c4z125f4742c41n
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: Interfaces\{049F22D1-D57D-4420-AA23-F18094A9FDF2}: NameServer = 160.218.167.5 160.218.161.60
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2011-08-28 10:54:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-28 08:54
ComboFix2.txt 2011-08-27 19:20
.
Před spuštěním: Volných bajtů: 425 644 298 240
Po spuštění: Volných bajtů: 425 176 150 016
.
- - End Of File - - 37662D974A9CEC66C90DF5A547A3420D
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: Problém s virem z FB.

#8 Příspěvek od Danstahr »

Jak je na tom PC?
Koupím trochu času, cenu respektuji.
Nahoru
Jakub888
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 27 srp 2011 18:13

Re: Problém s virem z FB.

#9 Příspěvek od Jakub888 »

No nejde mi Windows media player nejde mi nainstalovat antivirus nejde mi stahovat třeba film.. tohle jste myslel ?
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: Problém s virem z FB.

#10 Příspěvek od Danstahr »

:arrow: Odinstalujte avast pomocí utility zde : http://www.avast.com/uninstall-utility

:arrow: Dejte nový log z ComboFix.
Koupím trochu času, cenu respektuji.
Nahoru
Jakub888
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 27 srp 2011 18:13

Re: Problém s virem z FB.

#11 Příspěvek od Jakub888 »

Tak je to tady...




ComboFix 11-08-27.01 - Jakub 28.08.2011 16:33:21.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3767.2692 [GMT 2:00]
Spuštěný z: c:\users\Jakub\Desktop\Ohledný viru nemazat\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-28 )))))))))))))))))))))))))))))))
.
.
2011-08-28 14:38 . 2011-08-28 14:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-27 18:19 . 2011-08-27 18:19 -------- d-----w- c:\users\Jakub\AppData\Roaming\Malwarebytes
2011-08-27 18:19 . 2011-08-27 18:19 -------- d-----w- c:\programdata\Malwarebytes
2011-08-27 18:19 . 2010-11-29 15:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-27 18:18 . 2011-08-27 18:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-27 18:18 . 2010-11-29 15:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 16:54 . 2011-08-27 16:54 -------- d-----w- C:\rsit
2011-08-27 16:54 . 2011-08-27 16:54 -------- d-----w- c:\program files\trend micro
2011-08-26 20:01 . 2011-08-26 20:01 -------- d-----w- c:\programdata\AVAST Software
2011-08-26 20:01 . 2011-08-26 20:01 -------- d-----w- c:\program files\AVAST Software
2011-08-26 19:20 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-26 19:20 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-08-26 19:06 . 2011-08-26 19:07 -------- d-----w- c:\users\Jakub\AppData\Local\Diagnostics
2011-08-26 17:59 . 2011-08-26 17:59 -------- d-----w- c:\program files (x86)\T-Mobile
2011-08-26 17:59 . 2010-03-02 12:59 121344 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-08-26 17:59 . 2010-03-02 12:59 121344 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-08-26 17:59 . 2010-03-02 12:59 121344 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-08-26 17:59 . 2010-02-22 08:09 11776 ----a-w- c:\windows\system32\drivers\massfilter.sys
2011-08-26 17:59 . 2011-08-26 17:59 -------- d-----w- c:\program files (x86)\ZTE
2011-08-26 16:45 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68F7B15F-D5C2-4C9B-ACEB-177BF8C3B65E}\mpengine.dll
2011-08-24 10:09 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 10:09 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 19:40 . 2011-08-23 19:40 -------- d-----w- c:\users\Jakub\AppData\Local\CrashDumps
2011-08-23 19:34 . 2011-08-26 19:35 -------- d-----w- c:\users\Jakub\AppData\Local\ElevatedDiagnostics
2011-08-23 19:12 . 2011-08-23 19:12 -------- d--h--w- c:\programdata\Common Files
2011-08-23 19:12 . 2011-08-23 19:30 -------- d-----w- c:\programdata\AVG Security Toolbar
2011-08-23 19:11 . 2011-08-23 19:30 -------- d-----w- c:\programdata\AVG10
2011-08-23 19:11 . 2011-08-23 19:11 -------- d-----w- c:\program files (x86)\AVG
2011-08-23 18:45 . 2011-08-26 19:13 -------- d-----w- c:\programdata\MFAData
2011-08-22 18:31 . 2011-05-24 17:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-08-22 16:55 . 2011-08-26 20:20 246272 ----a-w- c:\windows\unrar.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 04:32 . 2011-08-10 11:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-08 15:45 . 2011-07-06 16:57 386168 ----a-w- c:\windows\system32\drivers\NISx64\1206000.01D\symnets.sys
2011-07-07 07:39 . 2011-07-06 14:21 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-06-11 02:56 . 2011-07-13 05:44 3134464 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-27_19.18.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-03 05:46 . 2011-08-28 08:55 47722 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-28 14:32 32808 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-06 14:23 . 2011-08-28 14:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-06 14:23 . 2011-08-27 19:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-06 14:23 . 2011-08-28 14:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-06 14:23 . 2011-08-27 19:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-06 14:18 . 2011-08-28 14:32 7700 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1393203307-2628567360-65643831-1000_UserData.bin
- 2011-08-27 06:57 . 2011-08-27 06:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-28 14:30 . 2011-08-28 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-27 06:57 . 2011-08-27 06:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-28 14:30 . 2011-08-28 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-07 09:40 . 2011-08-28 11:37 295296 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-07-09 06:42 . 2011-08-27 19:59 140672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-07-09 06:42 . 2011-08-26 20:23 140672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 02:34 . 2011-08-27 12:20 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-08-28 09:06 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2011-7-20 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1029 /KBD:2 /wow /dir:C:\Program
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [x]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110819.030\IDSvia64.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-06 135664]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [x]
R3 AF9035BDA;ASUS U3100 Mini Plus BDA Devices;c:\windows\system32\Drivers\AF9035BDA.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-06 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe [2010-06-03 122096]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-05-26 47776]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-05-25 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 ASUSVRC64;ASUSTeK Virtual Capture Device;c:\windows\system32\DRIVERS\AsusVRC64.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 414744]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-26 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-26 354464]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0405&m=easynote_tm98&r=27360711b235l04c4z125f4742c41n
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0405&m=easynote_tm98&r=27360711b235l04c4z125f4742c41n
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: Interfaces\{049F22D1-D57D-4420-AA23-F18094A9FDF2}: NameServer = 160.218.167.5 160.218.161.60
.
.
------- Asociace souborů -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
Celkový čas: 2011-08-28 16:39:51
ComboFix-quarantined-files.txt 2011-08-28 14:39
ComboFix2.txt 2011-08-28 08:54
ComboFix3.txt 2011-08-27 19:20
.
Před spuštěním: Volných bajtů: 425 261 674 496
Po spuštění: Volných bajtů: 424 969 568 256
.
- - End Of File - - 9B8DAC5DDDBEE02BF1A394F26354CC26
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: Problém s virem z FB.

#12 Příspěvek od Danstahr »

:arrow: Otevřete Poznámkový blok, vložte do něj následující text a uložte soubor na Plochu jako CFScript.txt. Pak soubor přetáhněte na ikonu ComboFixu (viz obrázek). Po restartu se otevře log, ten sem vložte.

Obrázek

Kód: Vybrat vše

killall::

file::
c:\windows\unrar.exe
c:\windows\avastSS.scr
c:\windows\SysWow64\aswBoot.exe

folder::
c:\programdata\AVAST Software
c:\program files\AVAST Software

registry::
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"=dword:00000001

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6F,63,68,65,63,6B,00,61,75,74,6F,\
  63,68,6B,00,2A,00,00

driver::
gupdate
gupdatem

reboot::
Koupím trochu času, cenu respektuji.
Nahoru
Jakub888
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 27 srp 2011 18:13

Re: Problém s virem z FB.

#13 Příspěvek od Jakub888 »

Tady to je...


ComboFix 11-08-27.01 - Jakub 28.08.2011 18:13:42.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3767.2463 [GMT 2:00]
Spuštěný z: c:\users\Jakub\Desktop\Ohledný viru nemazat\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jakub\Desktop\CFScript.txt..txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\avastSS.scr"
"c:\windows\SysWow64\aswBoot.exe"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVAST Software
c:\program files\AVAST Software\Avast\Setup\ais_core-3c5.vpx
c:\program files\AVAST Software\Avast\Setup\ais_dll_cze-3f2.vpx
c:\program files\AVAST Software\Avast\Setup\ais_res-30a.vpx
c:\program files\AVAST Software\Avast\Setup\ais_x64-46c.vpx
c:\program files\AVAST Software\Avast\Setup\part-jrog-a7.vpx
c:\program files\AVAST Software\Avast\Setup\part-jrog2-264.vpx
c:\program files\AVAST Software\Avast\Setup\part-prg_ais-4b3.vpx
c:\program files\AVAST Software\Avast\Setup\part-setup_ais-4b3.vpx
c:\program files\AVAST Software\Avast\Setup\part-vps_win32-11070401.vpx
c:\program files\AVAST Software\Avast\Setup\prod-ais.vpx
c:\program files\AVAST Software\Avast\Setup\servers.def
c:\program files\AVAST Software\Avast\Setup\servers.def.vpx
c:\program files\AVAST Software\Avast\Setup\setif_ais-4b3.vpx
c:\program files\AVAST Software\Avast\Setup\setup.ini
c:\program files\AVAST Software\Avast\Setup\setup.log
c:\program files\AVAST Software\Avast\Setup\setup_ais-4b3.vpx
c:\program files\AVAST Software\Avast\Setup\vps_32-51c.vpx
c:\program files\AVAST Software\Avast\Setup\winsys-4.vpx
c:\programdata\AVAST Software
c:\windows\avastSS.scr
c:\windows\SysWow64\aswBoot.exe
c:\windows\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-28 )))))))))))))))))))))))))))))))
.
.
2011-08-28 16:16 . 2011-08-28 16:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-27 18:19 . 2011-08-27 18:19 -------- d-----w- c:\users\Jakub\AppData\Roaming\Malwarebytes
2011-08-27 18:19 . 2011-08-27 18:19 -------- d-----w- c:\programdata\Malwarebytes
2011-08-27 18:19 . 2010-11-29 15:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-27 18:18 . 2011-08-27 18:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-27 18:18 . 2010-11-29 15:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 16:54 . 2011-08-27 16:54 -------- d-----w- C:\rsit
2011-08-27 16:54 . 2011-08-27 16:54 -------- d-----w- c:\program files\trend micro
2011-08-26 19:06 . 2011-08-26 19:07 -------- d-----w- c:\users\Jakub\AppData\Local\Diagnostics
2011-08-26 17:59 . 2011-08-26 17:59 -------- d-----w- c:\program files (x86)\T-Mobile
2011-08-26 17:59 . 2010-03-02 12:59 121344 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-08-26 17:59 . 2010-03-02 12:59 121344 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-08-26 17:59 . 2010-03-02 12:59 121344 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-08-26 17:59 . 2010-02-22 08:09 11776 ----a-w- c:\windows\system32\drivers\massfilter.sys
2011-08-26 17:59 . 2011-08-26 17:59 -------- d-----w- c:\program files (x86)\ZTE
2011-08-26 16:45 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68F7B15F-D5C2-4C9B-ACEB-177BF8C3B65E}\mpengine.dll
2011-08-24 10:09 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 10:09 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 19:40 . 2011-08-23 19:40 -------- d-----w- c:\users\Jakub\AppData\Local\CrashDumps
2011-08-23 19:34 . 2011-08-26 19:35 -------- d-----w- c:\users\Jakub\AppData\Local\ElevatedDiagnostics
2011-08-23 19:12 . 2011-08-23 19:12 -------- d--h--w- c:\programdata\Common Files
2011-08-23 19:12 . 2011-08-23 19:30 -------- d-----w- c:\programdata\AVG Security Toolbar
2011-08-23 19:11 . 2011-08-23 19:30 -------- d-----w- c:\programdata\AVG10
2011-08-23 19:11 . 2011-08-23 19:11 -------- d-----w- c:\program files (x86)\AVG
2011-08-23 18:45 . 2011-08-26 19:13 -------- d-----w- c:\programdata\MFAData
2011-08-22 18:31 . 2011-05-24 17:14 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 04:32 . 2011-08-10 11:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-08 15:45 . 2011-07-06 16:57 386168 ----a-w- c:\windows\system32\drivers\NISx64\1206000.01D\symnets.sys
2011-07-07 07:39 . 2011-07-06 14:21 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-06-11 02:56 . 2011-07-13 05:44 3134464 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-27_19.18.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-03 05:46 . 2011-08-28 08:55 47722 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-28 14:32 32808 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-06 14:23 . 2011-08-28 16:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-06 14:23 . 2011-08-27 19:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-06 14:23 . 2011-08-28 16:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-06 14:23 . 2011-08-27 19:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-06 14:18 . 2011-08-28 14:32 7700 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1393203307-2628567360-65643831-1000_UserData.bin
- 2011-08-27 06:57 . 2011-08-27 06:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-28 16:17 . 2011-08-28 16:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-27 06:57 . 2011-08-27 06:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-28 16:17 . 2011-08-28 16:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-07 09:40 . 2011-08-28 15:52 298472 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-07-09 06:42 . 2011-08-27 19:59 140672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-07-09 06:42 . 2011-08-26 20:23 140672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 02:34 . 2011-08-27 12:20 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-08-28 14:41 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2011-7-20 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck\0autochk\0*
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [x]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110819.030\IDSvia64.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [x]
R3 AF9035BDA;ASUS U3100 Mini Plus BDA Devices;c:\windows\system32\Drivers\AF9035BDA.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe [2010-06-03 122096]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-05-26 47776]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-05-25 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 ASUSVRC64;ASUSTeK Virtual Capture Device;c:\windows\system32\DRIVERS\AsusVRC64.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 414744]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-26 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-26 354464]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
"combofix"="c:\combofix\CF21522.3XE" [2009-07-14 344576]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0405&m=easynote_tm98&r=27360711b235l04c4z125f4742c41n
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0405&m=easynote_tm98&r=27360711b235l04c4z125f4742c41n
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2011-08-28 18:21:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-28 16:21
ComboFix2.txt 2011-08-28 14:39
ComboFix3.txt 2011-08-28 08:54
ComboFix4.txt 2011-08-27 19:20
.
Před spuštěním: Volných bajtů: 425 080 410 112
Po spuštění: Volných bajtů: 424 860 258 304
.
- - End Of File - - 73DB43FADF887432892E4992F9D40C67
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: Problém s virem z FB.

#14 Příspěvek od Danstahr »

Nastala nějaká změna?
Koupím trochu času, cenu respektuji.
Nahoru
Jakub888
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 27 srp 2011 18:13

Re: Problém s virem z FB.

#15 Příspěvek od Jakub888 »

Ano už např. jde přehrávač Windows media player, facebook a stahování zkusím a systém po mě chce antiviroví program je nějaký zadarmo a spolehliví ? ( Promiňte za pozdní odpověď ) :)
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“