Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

FB vir

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
lukca123
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 28 srp 2011 15:39

FB vir

#1 Příspěvek od lukca123 »

Dobrý den,
mám, stejně jako mnoho dalších, problém s virem, který jsem chytil na FB. Proces svchost.exe mi zabírá poměrně dost paměti a občas se spustí další proces, který najednou začne vytěžovat procesor na 100%. Prosím o nějakou radu a případně se podívat, zda tam nemám ještě nějaký další vir.

Přikládám výpis RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Lukáš at 2011-08-29 16:03:29
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 14 GB (6%) free of 238 GB
Total RAM: 3958 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:03:40, on 29.8.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files (x86)\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\systemup.exe
C:\Windows\l1rezerv.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\update.tray-3-0-lnk\svchost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Lukáš.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~2\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [tray_ico0] C:\Windows\update.tray-3-0\svchost.exe
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [systemup] "C:\Windows\systemup.exe" stand
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\Windows\l1rezerv.exe"
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PcSync] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [sysinfo] C:\Windows\system32\rundll32.exe C:\Users\LUK~1\AppData\Local\Temp\38813623Wsy.dll,Sets
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Age2 Config.lnk = C:\Program Files (x86)\Age Of Empires 2 & The Conquerors Expansion - Full Game\Data\config.exe
O4 - Startup: Lingea Update Center.lnk = C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe
O4 - Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ddservice - Unknown owner - C:\Windows\update.7.1\svchostdriver.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: srvbtcclient - Unknown owner - C:\Windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\Windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\Windows\sysdriver32.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: wxpdrivers - Unknown owner - C:\Windows\update.1\svchost.exe

--
End of file - 15216 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\update.7.1\svchostdriver.exe srv
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\update.5.0\svchost.exe srv
C:\Windows\update.2\svchost.exe srv
"C:\Windows\update.5.0\svchost.exe" stand
C:\Windows\sysdriver32.exe srv
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe"
C:\Windows\system32\TODDSrv.exe
"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\update.1\svchost.exe srv
WLIDSvcM.exe 2336
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe"
"C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe"
"C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe"
"C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe"
"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe"
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Windows\System32\StikyNot.exe"
"C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
"C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe"
"C:\Program Files (x86)\Common Files\Nokia\MPAPI\MPAPI3s.exe" -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\update.2\svchost.exe" stand
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Windows\systemup.exe" stand
"C:\Windows\l1rezerv.exe"
taskeng.exe {ED8E1C0C-989A-4970-8A70-B71BA619CF3C}
"C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe"
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\update.tray-3-0-lnk\svchost.exe" tray 3-0 1
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4140 CREDAT:79873
"C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4140 CREDAT:145409
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1348.ad9ec40.1468054840 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.6.0 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.jar" 1348 "\\.\pipe\gecko-crash-server-pipe.1348" plugin
"taskhost.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Lukáš\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\wpammtg5.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files (x86)\Veetle\Player\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npwachk.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-08-23 410288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll [2011-05-25 341048]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-09-12 3863136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-08-23 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-05-25 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
Vuze Remote Toolbar - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-03-11 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-08-23 410288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{ba14329e-9550-4989-b3f2-9732e92d17cc} - Vuze Remote Toolbar - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll [2011-01-17 175912]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-09-12 3863136]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-08-23 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2009-11-05 709976]
"Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2010-10-26 1050072]
"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2009-11-30 595816]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2009-12-01 34648]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-10-21 8306208]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-11-05 505696]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2009-03-09 52600]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-08-13 570680]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2009-11-10 910136]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-10-15 1870120]
"SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-10-19 238080]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2009-09-28 1482592]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2010-02-05 705368]
"TNOD UP"=C:\Program Files (x86)\TNod User & Password Finder\TNODUP.exe [2010-04-02 1811968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"=C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [2009-08-12 6203296]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-03-11 39408]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"PcSync"=C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-06-27 1449984]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"sysinfo"=C:\Users\LUK~1\AppData\Local\Temp\38813623Wsy.dll,Sets []
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-08 98304]
"SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2009-08-12 352256]
"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2009-06-02 423936]
"KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2009-01-13 34088]
"TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2009-11-21 2454840]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2010-07-12 74752]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"PCSuiteTrayApplication"=C:\PROGRA~2\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-3-0\svchost.exe [2011-08-23 1211904]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-08-23 258048]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-08-23 258048]
"systemup"=C:\Windows\systemup.exe [2011-08-28 130560]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-08-23 232960]

C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Age2 Config.lnk - C:\Program Files (x86)\Age Of Empires 2 & The Conquerors Expansion - Full Game\Data\config.exe
Lingea Update Center.lnk - C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe
TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - "regedit.exe" "%1"
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2011-08-29 15:56:26 ----D---- C:\rsit
2011-08-29 15:56:26 ----D---- C:\Program Files\trend micro
2011-08-26 20:32:04 ----A---- C:\Windows\SYSWOW64\ConduitEngine.tmp
2011-08-25 20:10:03 ----HD---- C:\Windows\update.8.1
2011-08-24 15:13:02 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-08-24 15:13:02 ----A---- C:\Windows\system32\tzres.dll
2011-08-23 21:20:08 ----D---- C:\Program Files (x86)\AMD APP
2011-08-23 21:19:57 ----D---- C:\Program Files\ATI Technologies
2011-08-23 21:09:33 ----D---- C:\ATI
2011-08-23 21:01:44 ----D---- C:\Windows\ufa
2011-08-23 21:01:44 ----D---- C:\Windows\rpcminer
2011-08-23 21:01:44 ----D---- C:\Windows\phoenix
2011-08-23 20:55:51 ----A---- C:\Windows\l1rezerv.exe
2011-08-23 20:52:29 ----A---- C:\Windows\btc_client_iplist.txt
2011-08-23 20:52:12 ----HD---- C:\Windows\update.7.1
2011-08-23 20:51:54 ----HD---- C:\Windows\update.5.0
2011-08-23 20:51:43 ----A---- C:\Windows\systemup.exe
2011-08-23 20:51:32 ----A---- C:\Windows\unrar.exe
2011-08-23 20:50:50 ----A---- C:\Windows\iecheck_iplist.txt
2011-08-23 20:50:24 ----HD---- C:\Windows\update.2
2011-08-23 20:50:19 ----A---- C:\Windows\iplist.txt
2011-08-23 20:50:06 ----A---- C:\Windows\sysdriver32_.exe
2011-08-23 20:49:52 ----A---- C:\Windows\sysdriver32.exe
2011-08-23 20:49:36 ----A---- C:\Windows\front_ip_list.txt
2011-08-23 20:49:27 ----D---- C:\Windows\av_ico
2011-08-23 17:12:29 ----HD---- C:\Windows\update.1
2011-08-23 17:12:23 ----HD---- C:\Windows\update.tray-3-0-lnk
2011-08-23 17:12:23 ----HD---- C:\Windows\update.tray-3-0
2011-08-23 17:04:44 ----A---- C:\Windows\winlog-ids.txt
2011-08-23 17:04:44 ----A---- C:\Windows\winlog-dirs.txt
2011-08-17 15:21:23 ----A---- C:\Windows\SYSWOW64\CmdLineExt_x64.dll
2011-08-17 15:20:49 ----D---- C:\Windows\SYSWOW64\URTTEMP
2011-08-17 14:47:54 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2011-08-17 14:47:53 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2011-08-17 14:47:50 ----A---- C:\Windows\SYSWOW64\pbsvc.exe
2011-08-17 14:39:20 ----D---- C:\Program Files (x86)\Electronic Arts
2011-08-10 20:10:18 ----A---- C:\Windows\system32\xmllite.dll
2011-08-10 20:10:17 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2011-08-10 20:10:16 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-08-10 20:10:16 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-08-10 20:10:16 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-08-10 20:10:16 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-08-10 20:10:16 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-10 20:10:16 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-10 20:10:16 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-10 20:10:16 ----A---- C:\Windows\system32\odbccp32.dll
2011-08-10 20:10:15 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-08-10 20:10:15 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 20:10:10 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-08-10 20:10:10 ----A---- C:\Windows\system32\wow64.dll
2011-08-10 20:10:10 ----A---- C:\Windows\system32\winsrv.dll
2011-08-10 20:10:10 ----A---- C:\Windows\system32\ntvdm64.dll
2011-08-10 20:10:10 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-10 20:10:10 ----A---- C:\Windows\system32\kernel32.dll
2011-08-10 20:10:10 ----A---- C:\Windows\system32\conhost.exe
2011-08-10 20:10:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 20:10:09 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-08-10 20:10:09 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-08-10 20:10:09 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-08-10 20:10:09 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-10 20:10:09 ----A---- C:\Windows\system32\wow64win.dll
2011-08-10 20:10:09 ----A---- C:\Windows\system32\wow64cpu.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-10 20:10:07 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-08-10 20:10:06 ----A---- C:\Windows\SYSWOW64\user.exe
2011-08-10 20:10:05 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-10 20:10:02 ----A---- C:\Windows\system32\mshtml.dll
2011-08-10 20:10:00 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-08-10 20:10:00 ----A---- C:\Windows\system32\iertutil.dll
2011-08-10 20:09:56 ----A---- C:\Windows\system32\ieframe.dll
2011-08-10 20:09:51 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-08-10 20:09:49 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-08-10 20:09:47 ----A---- C:\Windows\system32\urlmon.dll
2011-08-10 20:09:46 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-08-10 20:09:46 ----A---- C:\Windows\system32\wininet.dll
2011-08-10 20:09:46 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-10 20:09:45 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-08-10 20:09:45 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-08-10 20:09:44 ----A---- C:\Windows\SYSWOW64\url.dll
2011-08-10 20:09:44 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-08-10 20:09:44 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-08-10 20:09:44 ----A---- C:\Windows\system32\url.dll
2011-08-10 20:09:44 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-10 20:09:44 ----A---- C:\Windows\system32\ieui.dll
2011-08-10 20:09:43 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-08-10 20:09:43 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-10 20:09:22 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-08-10 20:09:21 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-10 20:09:20 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-07-30 11:15:56 ----A---- C:\Windows\SYSWOW64\gdiplus.dll
2011-07-30 11:13:13 ----A---- C:\Windows\SYSWOW64\rewire.dll
2011-07-30 11:12:33 ----D---- C:\Program Files (x86)\VstPlugins
2011-07-30 11:12:27 ----D---- C:\Program Files (x86)\Outsim
2011-07-30 11:10:20 ----D---- C:\Program Files (x86)\Image-Line

======List of files/folders modified in the last 1 month======

2011-08-29 16:03:33 ----D---- C:\Windows\Temp
2011-08-29 16:03:11 ----D---- C:\Windows\Prefetch
2011-08-29 15:56:26 ----RD---- C:\Program Files
2011-08-29 15:43:35 ----D---- C:\Users\Lukáš\AppData\Roaming\Winamp
2011-08-29 15:43:34 ----D---- C:\Users\Lukáš\AppData\Roaming\Azureus
2011-08-29 15:41:36 ----D---- C:\Windows\debug
2011-08-29 15:41:36 ----D---- C:\Windows
2011-08-29 15:33:54 ----D---- C:\Windows\system32\config
2011-08-28 16:36:31 ----SHD---- C:\System Volume Information
2011-08-28 15:58:47 ----A---- C:\Windows\SYSWOW64\log.txt
2011-08-27 14:31:18 ----D---- C:\Windows\system32\drivers\etc
2011-08-26 20:32:08 ----D---- C:\Program Files (x86)\Vuze_Remote
2011-08-26 20:32:05 ----D---- C:\Program Files (x86)\ConduitEngine
2011-08-26 20:32:04 ----D---- C:\Windows\SysWOW64
2011-08-25 16:44:23 ----D---- C:\Windows\rescache
2011-08-25 15:24:13 ----D---- C:\Windows\System32
2011-08-25 15:24:13 ----D---- C:\Windows\inf
2011-08-25 15:24:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-24 22:59:30 ----D---- C:\Windows\winsxs
2011-08-24 22:59:27 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-08-24 22:59:27 ----D---- C:\Windows\system32\cs-CZ
2011-08-24 15:11:34 ----D---- C:\Windows\system32\catroot2
2011-08-24 15:11:34 ----D---- C:\Windows\system32\catroot
2011-08-23 21:20:09 ----SHD---- C:\Windows\Installer
2011-08-23 21:20:08 ----RD---- C:\Program Files (x86)
2011-08-23 17:12:29 ----HD---- C:\ProgramData
2011-08-23 14:41:06 ----D---- C:\Program Files (x86)\EA Sports
2011-08-23 14:39:19 ----D---- C:\Program Files (x86)\Winamp
2011-08-20 14:57:00 ----D---- C:\Windows\system32\NDF
2011-08-17 15:21:43 ----D---- C:\Windows\Registration
2011-08-17 15:21:32 ----RSD---- C:\Windows\assembly
2011-08-17 15:21:27 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2011-08-17 15:20:49 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-17 14:47:50 ----D---- C:\Windows\system32\LogFiles
2011-08-17 14:31:43 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-08-13 08:01:02 ----D---- C:\Windows\Microsoft.NET
2011-08-12 04:47:06 ----D---- C:\Windows\system32\drivers
2011-08-11 15:52:46 ----D---- C:\Windows\AppPatch
2011-08-11 15:52:45 ----D---- C:\Windows\SYSWOW64\migration
2011-08-11 15:52:45 ----D---- C:\Windows\system32\migration
2011-08-11 15:52:45 ----D---- C:\Program Files\Internet Explorer
2011-08-11 14:34:28 ----D---- C:\ProgramData\Microsoft Help
2011-08-11 14:31:20 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-01-15 538136]
R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2009-07-30 44912]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-04 834544]
R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\Windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-04-07 139704]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-04-07 163888]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-04-07 169592]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-04-07 50600]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-09-09 6204928]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-04-07 33608]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-04-12 33344]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-10-21 2013856]
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-05-20 202016]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-10-15 307760]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 asm2d0x2;asm2d0x2; C:\Windows\system32\drivers\asm2d0x2.sys []
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2008-05-02 23552]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-22 225280]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2008-05-02 8704]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2008-05-02 8704]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-09-08 202752]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 ddservice;ddservice; C:\Windows\update.7.1\svchostdriver.exe [2011-08-23 382464]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 262144]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-08-17 66872]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-08-23 355840]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-08-23 636416]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-08-23 258048]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-10-26 124368]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-05 489312]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-08-23 1211904]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-05 824688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 135664]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-15 1030600]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 135664]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-11 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-21 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------



Děkuji za případnou pomoc.
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: FB vir

#2 Příspěvek od Danstahr »

Dobré odpoledne :welcome:,

:arrow: Stáhněte MBAM a vložte sem jeho log podle návodu zde, při výběru skenu zvolte Úplný sken.

Zatím nic nemažte, MBAM může mít falešné detekce!
Koupím trochu času, cenu respektuji.
Nahoru
lukca123
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 28 srp 2011 15:39

Re: FB vir

#3 Příspěvek od lukca123 »

Tady je výpis úplného scanu MBAMu:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7605

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

29.8.2011 18:35:03
mbam-log-2011-08-29 (18-34-51).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 484879
Uplynulý čas: 1 hodin, 4 minut, 9 sekund

Infikované procesy v paměti: 10
Infikované moduly v paměti: 0
Infikované klíče v registru: 10
Infikované hodnoty v registru: 9
Infikované datové položky v registru: 3
Infikované složky: 1
Infikované soubory: 27

Infikované procesy v paměti:
c:\Windows\update.7.1\svchostdriver.exe (Spyware.Agent) -> 1648 -> No action taken.
c:\Windows\update.7.1\svchostdriver.exe (Spyware.Agent) -> 5244 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1828 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1936 -> No action taken.
c:\Windows\update.2\svchost.exe (Trojan.Downloader.H) -> 1920 -> No action taken.
c:\Windows\update.2\svchost.exe (Trojan.Downloader.H) -> 4384 -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent.Gen) -> 4768 -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> 4848 -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> 2004 -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Agent) -> 2384 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddservice (Spyware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Trojan.Downloader.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent.Gen) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Delf) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) -> Value: sysdriver32_.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysinfo (Trojan.Downloader) -> Value: sysinfo -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Agent) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddservice\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované soubory:
c:\Windows\update.7.1\svchostdriver.exe (Spyware.Agent) -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\Windows\update.2\svchost.exe (Trojan.Downloader.H) -> No action taken.
c:\program files (x86)\tnod user & password finder\TNODUP.exe (Trojan.Agent.CK) -> No action taken.
c:\program files (x86)\tnod user & password finder\uninst-tnod.exe (Trojan.Agent.CK) -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent.Gen) -> No action taken.
c:\Windows\Temp\7089754.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8274875.exe (Trojan.Agent) -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Delf) -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Agent) -> No action taken.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\update.tray-3-0\svchost.exe (Trojan.Agent) -> No action taken.
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: FB vir

#4 Příspěvek od Danstahr »

:arrow: Nalezenou infekci nechte MBAMem smazat.

:!: Pozor! Tato utilita má velkou schopnost mazat a její použití je určeno výhradně členům týmu tohoto fóra. Svévolné použití může vést ke zboření a reinstalaci systému :!:

:arrow: Stáhněte ComboFix a uložte jej na Plochu.

:arrow: Vypněte všechny rezidentní štíty antivirů a všechny programy běžící na pozadí.
:arrow: Spusťte ComboFix s administrátorským oprávněním.
:arrow: Potvrďte licenční podmínky a případně i instalaci konzoly pro zotavení
:arrow: Během skenu nechte počítač naprosto v klidu.
:arrow: Sken trvá zhruba 15 minut, ale doba se může lišit v závislosti na stavu systému
:arrow: Po dokončení skenu se zobrazí log (pokud by se neotevřel, lze jej nalézt na systémovém disku jako ComboFix.txt), obsah logu vložte sem
:arrow: :!: ComboFixu si do dalšího pokynu nevšímejte :!:
Koupím trochu času, cenu respektuji.
Nahoru
lukca123
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 28 srp 2011 15:39

Re: FB vir

#5 Příspěvek od lukca123 »

Spustil jsem ComboFix, něco to prohledávalo, potom to něco mazalo, následně se restartovalo PC a vygeneroval se mi log:



ComboFix 11-08-29.03 - Lukáš 29.08.2011 20:07:50.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3958.2632 [GMT 2:00]
Spuštěný z: c:\users\LukßÜ\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\09823da1d01af98c2cbc32be5a46ed4a.elf
c:\windows\phoenix\kernels\phatk\3753ce2760131989e69b1ea585014ed2.elf
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\a7fb2c7bcd2342268a2bc57ab9aba83b.elf
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\f93b02a78cfbeb3bbac0d8ec0a543c1c.elf
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.7.1
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-29 )))))))))))))))))))))))))))))))
.
.
2011-08-29 18:13 . 2011-08-29 18:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-29 15:28 . 2011-08-29 15:28 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Malwarebytes
2011-08-29 15:28 . 2011-08-29 15:28 -------- d-----w- c:\programdata\Malwarebytes
2011-08-29 15:28 . 2010-11-29 15:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-29 15:28 . 2011-08-29 15:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-29 15:28 . 2010-11-29 15:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-29 13:56 . 2011-08-29 14:03 -------- d-----w- c:\program files\trend micro
2011-08-29 13:56 . 2011-08-29 13:56 -------- d-----w- C:\rsit
2011-08-26 18:32 . 2011-08-26 18:32 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-08-25 18:10 . 2011-08-25 18:10 -------- d--h--w- c:\windows\update.8.1
2011-08-24 13:13 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 13:13 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 19:20 . 2011-08-23 19:20 -------- d-----w- c:\program files (x86)\AMD APP
2011-08-23 19:19 . 2011-08-23 19:19 -------- d-----w- c:\program files\ATI Technologies
2011-08-23 19:09 . 2011-08-23 19:09 -------- d-----w- C:\ATI
2011-08-23 19:01 . 2011-08-28 14:36 -------- d-----w- c:\windows\ufa
2011-08-23 18:51 . 2011-08-24 13:07 246272 ----a-w- c:\windows\unrar.exe
2011-08-23 18:49 . 2011-08-23 18:49 -------- d-----w- c:\windows\av_ico
2011-08-23 15:12 . 2011-08-29 17:57 -------- d--h--w- c:\windows\update.tray-3-0
2011-08-23 15:12 . 2011-08-23 15:12 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-08-20 06:58 . 2011-08-23 12:42 -------- d-----w- c:\users\Lukáš\AppData\Local\GameSpy
2011-08-20 06:57 . 2011-08-23 12:41 -------- d-----w- c:\users\Lukáš\AppData\Local\ApplicationHistory
2011-08-17 13:21 . 2011-08-17 13:21 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-08-17 13:20 . 2011-08-17 13:20 -------- d-----w- c:\windows\SysWow64\URTTEMP
2011-08-17 12:47 . 2011-08-17 12:47 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-08-17 12:47 . 2011-08-17 12:47 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-08-17 12:47 . 2011-08-17 12:47 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-08-17 12:39 . 2011-08-17 12:39 -------- d-----w- c:\program files (x86)\Electronic Arts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 15:07 . 2011-05-13 07:48 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-12 04:10 . 2011-08-26 13:18 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A435680C-299F-4D8C-A4B1-05E3A98E29B1}\mpengine.dll
2011-07-30 09:15 . 2011-07-30 09:15 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-07-28 15:49 . 2011-07-28 15:49 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-07-28 15:48 . 2011-07-28 15:48 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-28 15:48 . 2011-07-28 15:48 16552960 ----a-w- c:\windows\system32\amdocl64.dll
2011-07-17 21:54 . 2011-07-17 21:54 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-07-17 21:53 . 2011-07-17 21:53 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-07-17 21:53 . 2011-07-17 21:53 12385280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-07-16 04:26 . 2011-08-10 18:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-16 01:34 . 2011-06-16 01:34 2971648 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-16 01:34 . 2011-06-16 01:34 105984 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-11 03:07 . 2011-07-17 13:25 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 13:02 3863136 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe" [2009-08-12 6203296]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-11 39408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"PcSync"="c:\program files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-08 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Luk ç\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Age2 Config.lnk - c:\program files (x86)\Age Of Empires 2 & The Conquerors Expansion - Full Game\Data\config.exe [N/A]
Lingea Update Center.lnk - c:\program files (x86)\Common Files\Lingea Shared\luc.exe [2010-9-23 275736]
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 135664]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-15 1030600]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 135664]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-10-26 124368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-05 824688]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 18:25]
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 18:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\wpammtg5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico1 - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TNOD UP - c:\program files (x86)\TNod User & Password Finder\TNODUP.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-218667855-712028976-2695218856-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="c:\\Users\\Lukáš\\Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"=""
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\Lukáš\\Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Users\\Lukáš\\Documents\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="c:\\FM Genie Scout 11\\History Points"
"LangDB"="c:\\FM Genie Scout 11\\lang_db.dat"
"LastSaveGame"="c:\\Users\\Lukáš\\Documents\\Sports Interactive\\Football Manager 2011\\games\\GLJEDE (v02) (v03).fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009f29
"VersionOf"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000081
"UniqueID"="66-A260-E2AF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000001
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000001
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
.
[HKEY_USERS\S-1-5-21-218667855-712028976-2695218856-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b1,22,0a,f5,9a,15,46,96,45,95,cd,13,a0,6d,fa,cf,d6,b9,d8,16,0d,b4,5d,
8c,c6,9b,78,19,63,d0,94,5e,4c,be,04,84,04,9d,5a,ef,53,7d,16,0e,56,bc,39,59,\
"??"=hex:a9,c0,a9,51,5e,99,71,3d,0e,6c,93,4d,c1,ef,76,99
.
[HKEY_USERS\S-1-5-21-218667855-712028976-2695218856-1000\Software\SecuROM\License information*]
"datasecu"=hex:43,59,ee,66,a8,ae,57,bd,e3,ae,2f,be,8b,7e,51,df,91,ed,28,40,e5,
0c,e3,6b,b7,0a,9c,31,f1,2d,88,16,e4,e5,68,b6,a6,c3,2e,34,b2,38,82,1b,84,ab,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Celkový čas: 2011-08-29 20:19:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-29 18:19
.
Před spuštěním: Volných bajtů: 14 129 664 000
Po spuštění: Volných bajtů: 13 737 222 144
.
- - End Of File - - A0112079DFEA10E5A34A454F5959AADD
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: FB vir

#6 Příspěvek od Danstahr »

:arrow: Otevřete Poznámkový blok, vložte do něj následující text a uložte soubor na Plochu jako CFScript.txt. Pak soubor přetáhněte na ikonu ComboFixu (viz obrázek). Po restartu se otevře log, ten sem vložte.

Obrázek

Kód: Vybrat vše

killall::

file::
c:\windows\unrar.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

folder::
c:\windows\update.8.1
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-3-0
c:\windows\update.tray-3-0-lnk

registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-

[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-

[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"=-
"swg"=-
"DAEMON Tools Lite"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=-
"WinampAgent"=-
"GrooveMonitor"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"QuickTime Task"=-

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

driver::
gupdate
gupdatem

DDS::
uStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSEH

RegLock::
[HKEY_USERS\S-1-5-21-218667855-712028976-2695218856-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


reboot::
Koupím trochu času, cenu respektuji.
Nahoru
lukca123
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 28 srp 2011 15:39

Re: FB vir

#7 Příspěvek od lukca123 »

Provedl jsem vše podle pokynů, ale po restartu se mi objevila chybova hlaska:

C\Program Files\TOSHIBA HDD SSD Alert\TosSENotify.exe
Pokus použít neplatnou operacina klíč registru, který je označen pro odstranění.

Po stisknutí OK se mi vypsal log:


ComboFix 11-08-29.03 - Lukáš 29.08.2011 21:06:58.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3958.2667 [GMT 2:00]
Spuštěný z: c:\users\LukßÜ\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\LukßÜ\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-29 )))))))))))))))))))))))))))))))
.
.
2011-08-29 19:11 . 2011-08-29 19:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-29 15:28 . 2011-08-29 15:28 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Malwarebytes
2011-08-29 15:28 . 2011-08-29 15:28 -------- d-----w- c:\programdata\Malwarebytes
2011-08-29 15:28 . 2010-11-29 15:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-29 15:28 . 2011-08-29 15:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-29 15:28 . 2010-11-29 15:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-29 13:56 . 2011-08-29 14:03 -------- d-----w- c:\program files\trend micro
2011-08-29 13:56 . 2011-08-29 13:56 -------- d-----w- C:\rsit
2011-08-26 18:32 . 2011-08-26 18:32 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-08-26 13:18 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A435680C-299F-4D8C-A4B1-05E3A98E29B1}\mpengine.dll
2011-08-25 18:10 . 2011-08-25 18:10 -------- d--h--w- c:\windows\update.8.1
2011-08-24 13:13 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 13:13 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 19:20 . 2011-08-23 19:20 -------- d-----w- c:\program files (x86)\AMD APP
2011-08-23 19:19 . 2011-08-23 19:19 -------- d-----w- c:\program files\ATI Technologies
2011-08-23 19:09 . 2011-08-23 19:09 -------- d-----w- C:\ATI
2011-08-23 19:01 . 2011-08-28 14:36 -------- d-----w- c:\windows\ufa
2011-08-23 18:51 . 2011-08-24 13:07 246272 ----a-w- c:\windows\unrar.exe
2011-08-23 18:49 . 2011-08-23 18:49 -------- d-----w- c:\windows\av_ico
2011-08-23 15:12 . 2011-08-29 17:57 -------- d--h--w- c:\windows\update.tray-3-0
2011-08-23 15:12 . 2011-08-23 15:12 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-08-20 06:58 . 2011-08-23 12:42 -------- d-----w- c:\users\Lukáš\AppData\Local\GameSpy
2011-08-20 06:57 . 2011-08-23 12:41 -------- d-----w- c:\users\Lukáš\AppData\Local\ApplicationHistory
2011-08-17 13:21 . 2011-08-17 13:21 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-08-17 13:20 . 2011-08-17 13:20 -------- d-----w- c:\windows\SysWow64\URTTEMP
2011-08-17 12:47 . 2011-08-17 12:47 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-08-17 12:47 . 2011-08-17 12:47 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-08-17 12:47 . 2011-08-17 12:47 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-08-17 12:39 . 2011-08-17 12:39 -------- d-----w- c:\program files (x86)\Electronic Arts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 15:07 . 2011-05-13 07:48 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-30 09:15 . 2011-07-30 09:15 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-07-28 15:49 . 2011-07-28 15:49 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-07-28 15:48 . 2011-07-28 15:48 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-28 15:48 . 2011-07-28 15:48 16552960 ----a-w- c:\windows\system32\amdocl64.dll
2011-07-17 21:54 . 2011-07-17 21:54 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-07-17 21:53 . 2011-07-17 21:53 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-07-17 21:53 . 2011-07-17 21:53 12385280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-07-16 04:26 . 2011-08-10 18:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-16 01:34 . 2011-06-16 01:34 2971648 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-16 01:34 . 2011-06-16 01:34 105984 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-11 03:07 . 2011-07-17 13:25 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-29_18.14.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 05:10 . 2011-08-29 18:01 40004 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-29 18:15 40004 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-20 18:37 . 2011-08-29 18:15 12362 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-218667855-712028976-2695218856-1000_UserData.bin
- 2011-01-10 16:24 . 2011-08-29 18:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-10 16:24 . 2011-08-29 18:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-10 16:24 . 2011-08-29 18:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-10 16:24 . 2011-08-29 18:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-10 16:24 . 2011-08-29 18:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-10 16:24 . 2011-08-29 18:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-21 16:37 . 2011-08-29 18:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-21 16:37 . 2011-08-29 18:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-21 16:37 . 2011-08-29 18:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-21 16:37 . 2011-08-29 18:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-29 18:13 . 2011-08-29 18:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-29 19:12 . 2011-08-29 19:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-29 19:12 . 2011-08-29 19:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-29 18:13 . 2011-08-29 18:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-08-29 19:11 446988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-29 18:13 446988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-10-22 21:12 . 2011-08-29 18:13 2978772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-218667855-712028976-2695218856-1000-12288.dat
+ 2010-10-22 21:12 . 2011-08-29 19:11 2978772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-218667855-712028976-2695218856-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 13:02 3863136 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe" [2009-08-12 6203296]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-11 39408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"PcSync"="c:\program files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-08 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Luk ç\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Age2 Config.lnk - c:\program files (x86)\Age Of Empires 2 & The Conquerors Expansion - Full Game\Data\config.exe [N/A]
Lingea Update Center.lnk - c:\program files (x86)\Common Files\Lingea Shared\luc.exe [2010-9-23 275736]
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 135664]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-15 1030600]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 135664]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-10-26 124368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-05 824688]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 18:25]
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 18:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TNOD UP"="c:\program files (x86)\TNod User & Password Finder\TNODUP.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\wpammtg5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-218667855-712028976-2695218856-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="c:\\Users\\Lukáš\\Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"=""
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\Lukáš\\Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Users\\Lukáš\\Documents\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="c:\\FM Genie Scout 11\\History Points"
"LangDB"="c:\\FM Genie Scout 11\\lang_db.dat"
"LastSaveGame"="c:\\Users\\Lukáš\\Documents\\Sports Interactive\\Football Manager 2011\\games\\GLJEDE (v02) (v03).fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009f29
"VersionOf"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000081
"UniqueID"="66-A260-E2AF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000001
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000001
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
.
[HKEY_USERS\S-1-5-21-218667855-712028976-2695218856-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b1,22,0a,f5,9a,15,46,96,45,95,cd,13,a0,6d,fa,cf,d6,b9,d8,16,0d,b4,5d,
8c,c6,9b,78,19,63,d0,94,5e,4c,be,04,84,04,9d,5a,ef,53,7d,16,0e,56,bc,39,59,\
"??"=hex:a9,c0,a9,51,5e,99,71,3d,0e,6c,93,4d,c1,ef,76,99
.
[HKEY_USERS\S-1-5-21-218667855-712028976-2695218856-1000\Software\SecuROM\License information*]
"datasecu"=hex:43,59,ee,66,a8,ae,57,bd,e3,ae,2f,be,8b,7e,51,df,91,ed,28,40,e5,
0c,e3,6b,b7,0a,9c,31,f1,2d,88,16,e4,e5,68,b6,a6,c3,2e,34,b2,38,82,1b,84,ab,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Celkový čas: 2011-08-29 21:17:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-29 19:17
ComboFix2.txt 2011-08-29 18:19
.
Před spuštěním: Volných bajtů: 13 795 147 776
Po spuštění: Volných bajtů: 13 748 817 920
.
- - End Of File - - 38BE8E859CB0E187B3242506B00B01EF
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: FB vir

#8 Příspěvek od Danstahr »

Přesuňte ComboFix i CFScript.txt přímo na disk C a znovu skript přetáhněte na ikonu ComboFixu. Výstupní log sem vložte.
Koupím trochu času, cenu respektuji.
Nahoru
lukca123
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 28 srp 2011 15:39

Re: FB vir

#9 Příspěvek od lukca123 »

Provedl jsem opět vše podle pokynů, ale po restartu se mi objevila jiná chybová hláška:

C\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
Pokus použít neplatnou operacina klíč registru, který je označen pro odstranění.

Log:


ComboFix 11-08-29.03 - Lukáš 29.08.2011 21:30:42.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3958.2558 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\ufa
c:\windows\unrar.exe
c:\windows\update.8.1
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0-lnk\svchost.exe
c:\windows\update.tray-3-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-29 )))))))))))))))))))))))))))))))
.
.
2011-08-29 19:35 . 2011-08-29 19:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-29 15:28 . 2011-08-29 15:28 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Malwarebytes
2011-08-29 15:28 . 2011-08-29 15:28 -------- d-----w- c:\programdata\Malwarebytes
2011-08-29 15:28 . 2010-11-29 15:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-29 15:28 . 2011-08-29 15:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-29 15:28 . 2010-11-29 15:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-29 13:56 . 2011-08-29 14:03 -------- d-----w- c:\program files\trend micro
2011-08-29 13:56 . 2011-08-29 13:56 -------- d-----w- C:\rsit
2011-08-26 18:32 . 2011-08-26 18:32 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-08-26 13:18 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A435680C-299F-4D8C-A4B1-05E3A98E29B1}\mpengine.dll
2011-08-24 13:13 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 13:13 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 19:20 . 2011-08-23 19:20 -------- d-----w- c:\program files (x86)\AMD APP
2011-08-23 19:19 . 2011-08-23 19:19 -------- d-----w- c:\program files\ATI Technologies
2011-08-23 19:09 . 2011-08-23 19:09 -------- d-----w- C:\ATI
2011-08-20 06:58 . 2011-08-23 12:42 -------- d-----w- c:\users\Lukáš\AppData\Local\GameSpy
2011-08-20 06:57 . 2011-08-23 12:41 -------- d-----w- c:\users\Lukáš\AppData\Local\ApplicationHistory
2011-08-17 13:21 . 2011-08-17 13:21 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-08-17 13:20 . 2011-08-17 13:20 -------- d-----w- c:\windows\SysWow64\URTTEMP
2011-08-17 12:47 . 2011-08-17 12:47 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-08-17 12:47 . 2011-08-17 12:47 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-08-17 12:47 . 2011-08-17 12:47 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-08-17 12:39 . 2011-08-17 12:39 -------- d-----w- c:\program files (x86)\Electronic Arts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 15:07 . 2011-05-13 07:48 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-30 09:15 . 2011-07-30 09:15 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-07-28 15:49 . 2011-07-28 15:49 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-07-28 15:48 . 2011-07-28 15:48 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-28 15:48 . 2011-07-28 15:48 16552960 ----a-w- c:\windows\system32\amdocl64.dll
2011-07-17 21:54 . 2011-07-17 21:54 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-07-17 21:53 . 2011-07-17 21:53 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-07-17 21:53 . 2011-07-17 21:53 12385280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-07-16 04:26 . 2011-08-10 18:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-16 01:34 . 2011-06-16 01:34 2971648 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-16 01:34 . 2011-06-16 01:34 105984 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-11 03:07 . 2011-07-17 13:25 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-29_18.14.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 05:10 . 2011-08-29 18:01 40004 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-29 19:14 40004 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-20 18:37 . 2011-08-29 19:14 12570 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-218667855-712028976-2695218856-1000_UserData.bin
- 2011-01-10 16:24 . 2011-08-29 18:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-10 16:24 . 2011-08-29 19:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-10 16:24 . 2011-08-29 18:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-10 16:24 . 2011-08-29 19:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-10 16:24 . 2011-08-29 19:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-10 16:24 . 2011-08-29 18:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-21 16:37 . 2011-08-29 19:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-21 16:37 . 2011-08-29 18:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-21 16:37 . 2011-08-29 18:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-21 16:37 . 2011-08-29 19:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-29 18:13 . 2011-08-29 18:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-29 19:36 . 2011-08-29 19:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-29 19:36 . 2011-08-29 19:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-29 18:13 . 2011-08-29 18:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-08-29 19:35 446988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-29 18:13 446988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-10-22 21:12 . 2011-08-29 18:13 2978772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-218667855-712028976-2695218856-1000-12288.dat
+ 2010-10-22 21:12 . 2011-08-29 19:35 2978772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-218667855-712028976-2695218856-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 13:02 3863136 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
.
c:\users\Luk ç\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Age2 Config.lnk - c:\program files (x86)\Age Of Empires 2 & The Conquerors Expansion - Full Game\Data\config.exe [N/A]
Lingea Update Center.lnk - c:\program files (x86)\Common Files\Lingea Shared\luc.exe [2010-9-23 275736]
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-15 1030600]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-10-26 124368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-05 824688]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TNOD UP"="c:\program files (x86)\TNod User & Password Finder\TNODUP.exe" [BU]
"combofix"="c:\combofix\CF14489.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\wpammtg5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-218667855-712028976-2695218856-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="c:\\Users\\Lukáš\\Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"=""
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\Lukáš\\Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Users\\Lukáš\\Documents\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="c:\\FM Genie Scout 11\\History Points"
"LangDB"="c:\\FM Genie Scout 11\\lang_db.dat"
"LastSaveGame"="c:\\Users\\Lukáš\\Documents\\Sports Interactive\\Football Manager 2011\\games\\GLJEDE (v02) (v03).fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009f29
"VersionOf"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000081
"UniqueID"="66-A260-E2AF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000001
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000001
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
.
[HKEY_USERS\S-1-5-21-218667855-712028976-2695218856-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b1,22,0a,f5,9a,15,46,96,45,95,cd,13,a0,6d,fa,cf,d6,b9,d8,16,0d,b4,5d,
8c,c6,9b,78,19,63,d0,94,5e,4c,be,04,84,04,9d,5a,ef,53,7d,16,0e,56,bc,39,59,\
"??"=hex:a9,c0,a9,51,5e,99,71,3d,0e,6c,93,4d,c1,ef,76,99
.
[HKEY_USERS\S-1-5-21-218667855-712028976-2695218856-1000\Software\SecuROM\License information*]
"datasecu"=hex:43,59,ee,66,a8,ae,57,bd,e3,ae,2f,be,8b,7e,51,df,91,ed,28,40,e5,
0c,e3,6b,b7,0a,9c,31,f1,2d,88,16,e4,e5,68,b6,a6,c3,2e,34,b2,38,82,1b,84,ab,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Celkový čas: 2011-08-29 21:41:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-29 19:41
ComboFix2.txt 2011-08-29 19:17
ComboFix3.txt 2011-08-29 18:19
.
Před spuštěním: Volných bajtů: 13 809 086 464
Po spuštění: Volných bajtů: 13 533 245 440
.
- - End Of File - - 4CFDBF03C3FFFB4CF0B4F8DB535C9277
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: FB vir

#10 Příspěvek od Danstahr »

Restartujte PC a dejte vědět, jestli se hláška stále zobrazuje.
Koupím trochu času, cenu respektuji.
Nahoru
lukca123
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 28 srp 2011 15:39

Re: FB vir

#11 Příspěvek od lukca123 »

Po restartu a následném přetáhnutí toho textového souboru na ComboFixu došlo k restartu a po něm se mi pro jistotu zobrazily obě předchozí chybové hlášky.

Log, který mi ComboFix vypsal:


ComboFix 11-08-29.03 - Lukáš 30.08.2011 15:14:43.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3958.2731 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-30 )))))))))))))))))))))))))))))))
.
.
2011-08-30 13:20 . 2011-08-30 13:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-29 15:28 . 2011-08-29 15:28 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Malwarebytes
2011-08-29 15:28 . 2011-08-29 15:28 -------- d-----w- c:\programdata\Malwarebytes
2011-08-29 15:28 . 2010-11-29 15:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-29 15:28 . 2011-08-29 15:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-29 15:28 . 2010-11-29 15:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-29 13:56 . 2011-08-29 14:03 -------- d-----w- c:\program files\trend micro
2011-08-29 13:56 . 2011-08-29 13:56 -------- d-----w- C:\rsit
2011-08-26 18:32 . 2011-08-26 18:32 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-08-26 13:18 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A435680C-299F-4D8C-A4B1-05E3A98E29B1}\mpengine.dll
2011-08-24 13:13 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 13:13 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 19:20 . 2011-08-23 19:20 -------- d-----w- c:\program files (x86)\AMD APP
2011-08-23 19:19 . 2011-08-23 19:19 -------- d-----w- c:\program files\ATI Technologies
2011-08-23 19:09 . 2011-08-23 19:09 -------- d-----w- C:\ATI
2011-08-20 06:58 . 2011-08-23 12:42 -------- d-----w- c:\users\Lukáš\AppData\Local\GameSpy
2011-08-20 06:57 . 2011-08-23 12:41 -------- d-----w- c:\users\Lukáš\AppData\Local\ApplicationHistory
2011-08-17 13:21 . 2011-08-17 13:21 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-08-17 13:20 . 2011-08-17 13:20 -------- d-----w- c:\windows\SysWow64\URTTEMP
2011-08-17 12:47 . 2011-08-17 12:47 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-08-17 12:47 . 2011-08-17 12:47 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-08-17 12:47 . 2011-08-17 12:47 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-08-17 12:39 . 2011-08-17 12:39 -------- d-----w- c:\program files (x86)\Electronic Arts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 15:07 . 2011-05-13 07:48 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-30 09:15 . 2011-07-30 09:15 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-07-28 15:49 . 2011-07-28 15:49 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-07-28 15:48 . 2011-07-28 15:48 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-28 15:48 . 2011-07-28 15:48 16552960 ----a-w- c:\windows\system32\amdocl64.dll
2011-07-17 21:54 . 2011-07-17 21:54 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-07-17 21:53 . 2011-07-17 21:53 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-07-17 21:53 . 2011-07-17 21:53 12385280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-07-16 04:26 . 2011-08-10 18:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-16 01:34 . 2011-06-16 01:34 2971648 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-16 01:34 . 2011-06-16 01:34 105984 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-11 03:07 . 2011-07-17 13:25 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-29_18.14.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 05:10 . 2011-08-29 18:01 40004 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-30 13:10 40004 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-20 18:37 . 2011-08-30 13:10 12784 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-218667855-712028976-2695218856-1000_UserData.bin
- 2011-01-10 16:24 . 2011-08-29 18:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-10 16:24 . 2011-08-30 13:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-10 16:24 . 2011-08-29 18:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-10 16:24 . 2011-08-30 13:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-10 16:24 . 2011-08-30 13:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-10 16:24 . 2011-08-29 18:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-21 16:37 . 2011-08-30 13:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-21 16:37 . 2011-08-29 18:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-21 16:37 . 2011-08-29 18:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-21 16:37 . 2011-08-30 13:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-12 17:42 . 2011-08-30 13:07 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-08-30 13:21 . 2011-08-30 13:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-29 18:13 . 2011-08-29 18:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-29 18:13 . 2011-08-29 18:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-30 13:21 . 2011-08-30 13:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-21 14:07 . 2011-08-30 12:42 376408 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 05:01 . 2011-08-30 13:20 446988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-29 18:13 446988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-10-22 21:12 . 2011-08-29 18:13 2978772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-218667855-712028976-2695218856-1000-12288.dat
+ 2010-10-22 21:12 . 2011-08-30 13:20 2978772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-218667855-712028976-2695218856-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 13:02 3863136 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
.
c:\users\Luk ç\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Age2 Config.lnk - c:\program files (x86)\Age Of Empires 2 & The Conquerors Expansion - Full Game\Data\config.exe [N/A]
Lingea Update Center.lnk - c:\program files (x86)\Common Files\Lingea Shared\luc.exe [2010-9-23 275736]
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-15 1030600]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-10-26 124368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-05 824688]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TNOD UP"="c:\program files (x86)\TNod User & Password Finder\TNODUP.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\wpammtg5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-218667855-712028976-2695218856-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="c:\\Users\\Lukáš\\Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"=""
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\Lukáš\\Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Users\\Lukáš\\Documents\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="c:\\FM Genie Scout 11\\History Points"
"LangDB"="c:\\FM Genie Scout 11\\lang_db.dat"
"LastSaveGame"="c:\\Users\\Lukáš\\Documents\\Sports Interactive\\Football Manager 2011\\games\\GLJEDE (v02) (v03).fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009f29
"VersionOf"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000081
"UniqueID"="66-A260-E2AF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000001
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000001
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
.
[HKEY_USERS\S-1-5-21-218667855-712028976-2695218856-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b1,22,0a,f5,9a,15,46,96,45,95,cd,13,a0,6d,fa,cf,d6,b9,d8,16,0d,b4,5d,
8c,c6,9b,78,19,63,d0,94,5e,4c,be,04,84,04,9d,5a,ef,53,7d,16,0e,56,bc,39,59,\
"??"=hex:a9,c0,a9,51,5e,99,71,3d,0e,6c,93,4d,c1,ef,76,99
.
[HKEY_USERS\S-1-5-21-218667855-712028976-2695218856-1000\Software\SecuROM\License information*]
"datasecu"=hex:43,59,ee,66,a8,ae,57,bd,e3,ae,2f,be,8b,7e,51,df,91,ed,28,40,e5,
0c,e3,6b,b7,0a,9c,31,f1,2d,88,16,e4,e5,68,b6,a6,c3,2e,34,b2,38,82,1b,84,ab,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Celkový čas: 2011-08-30 15:25:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-30 13:25
ComboFix2.txt 2011-08-29 19:41
ComboFix3.txt 2011-08-29 19:17
ComboFix4.txt 2011-08-29 18:19
.
Před spuštěním: Volných bajtů: 14 458 720 256
Po spuštění: Volných bajtů: 14 235 271 168
.
- - End Of File - - 9F4BADD9DCC4F0E27B454CDA25E9309A
Nahoru
Uživatelský avatar
Danstahr
Přítel fóra
Přítel fóra
Příspěvky: 1069
Registrován: 28 říj 2006 20:23
Bydliště: Londýn
Kontaktovat uživatele:
Kontaktovat uživatele Danstahr

Re: FB vir

#12 Příspěvek od Danstahr »

Prosím dávejte pozor a pečlivě následujte návod. Restart je restart, ne znovuaplikování CF skriptu.

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Poprosím o log z RSIT
Koupím trochu času, cenu respektuji.
Nahoru
lukca123
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 28 srp 2011 15:39

Re: FB vir

#13 Příspěvek od lukca123 »

Tentokráte už jsem doufám dodržel, co jsem měl.
Tady je výpis z RSIT:


Logfile of random's system information tool 1.09 (written by random/random)
Run by Lukáš at 2011-08-30 15:43:19
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 14 GB (6%) free of 238 GB
Total RAM: 3958 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:43:25, on 30.8.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe
C:\Program Files (x86)\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\trend micro\Lukáš.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~2\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKCU\..\Run: [PcSync] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Age2 Config.lnk = C:\Program Files (x86)\Age Of Empires 2 & The Conquerors Expansion - Full Game\Data\config.exe
O4 - Startup: Lingea Update Center.lnk = C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe
O4 - Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11265 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe"
C:\Windows\system32\TODDSrv.exe
"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1600
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
taskeng.exe {2573F4F0-2599-4EB3-892F-4F19BB3E2F75}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe"
"C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe"
"C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe"
"C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe"
"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
"C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe"
"C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe"
"C:\Program Files (x86)\Common Files\Nokia\MPAPI\MPAPI3s.exe" -Embedding
"C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe"
C:\Windows\system32\wbem\wmiprvse.exe
taskeng.exe {F4EDB2CD-07AD-4C97-B15B-ECE50E6169E1}
"C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"
"C:\Users\Lukáš\Desktop\RSITx64.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\wpammtg5.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files (x86)\Veetle\Player\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npwachk.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-08-23 410288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll [2011-05-25 341048]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-09-12 3863136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-08-23 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-05-25 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-03-11 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-08-23 410288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-09-12 3863136]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-08-23 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2009-11-05 709976]
"Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2010-10-26 1050072]
"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2009-11-30 595816]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2009-12-01 34648]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-10-21 8306208]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-11-05 505696]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2009-03-09 52600]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-08-13 570680]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2009-11-10 910136]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-10-15 1870120]
"SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-10-19 238080]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2009-09-28 1482592]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2010-02-05 705368]
"TNOD UP"=C:\Program Files (x86)\TNod User & Password Finder\TNODUP.exe /i []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"=C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-06-27 1449984]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2009-08-12 352256]
"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2009-06-02 423936]
"KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2009-01-13 34088]
"TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2009-11-21 2454840]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136]
"PCSuiteTrayApplication"=C:\PROGRA~2\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376]

C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Age2 Config.lnk - C:\Program Files (x86)\Age Of Empires 2 & The Conquerors Expansion - Full Game\Data\config.exe
Lingea Update Center.lnk - C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe
TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2010-11-20 290304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2011-08-30 15:30:39 ----SHD---- C:\$RECYCLE.BIN
2011-08-30 15:25:51 ----A---- C:\ComboFix.txt
2011-08-29 20:06:30 ----A---- C:\Windows\zip.exe
2011-08-29 20:06:30 ----A---- C:\Windows\SWSC.exe
2011-08-29 20:06:30 ----A---- C:\Windows\SWREG.exe
2011-08-29 20:06:30 ----A---- C:\Windows\sed.exe
2011-08-29 20:06:30 ----A---- C:\Windows\PEV.exe
2011-08-29 20:06:30 ----A---- C:\Windows\NIRCMD.exe
2011-08-29 20:06:30 ----A---- C:\Windows\MBR.exe
2011-08-29 20:06:30 ----A---- C:\Windows\grep.exe
2011-08-29 20:06:26 ----D---- C:\Windows\ERDNT
2011-08-29 20:06:23 ----D---- C:\Qoobox
2011-08-29 20:02:58 ----R---- C:\ComboFix.exe
2011-08-29 17:28:40 ----D---- C:\Users\Lukáš\AppData\Roaming\Malwarebytes
2011-08-29 17:28:36 ----D---- C:\ProgramData\Malwarebytes
2011-08-29 17:28:36 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-08-29 17:28:33 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-29 17:28:33 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-08-29 15:56:26 ----D---- C:\rsit
2011-08-29 15:56:26 ----D---- C:\Program Files\trend micro
2011-08-24 15:13:02 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-08-24 15:13:02 ----A---- C:\Windows\system32\tzres.dll
2011-08-23 21:20:08 ----D---- C:\Program Files (x86)\AMD APP
2011-08-23 21:19:57 ----D---- C:\Program Files\ATI Technologies
2011-08-23 21:09:33 ----D---- C:\ATI
2011-08-17 15:21:23 ----A---- C:\Windows\SYSWOW64\CmdLineExt_x64.dll
2011-08-17 15:20:49 ----D---- C:\Windows\SYSWOW64\URTTEMP
2011-08-17 14:47:54 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2011-08-17 14:47:53 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2011-08-17 14:47:50 ----A---- C:\Windows\SYSWOW64\pbsvc.exe
2011-08-17 14:39:20 ----D---- C:\Program Files (x86)\Electronic Arts
2011-08-10 20:10:18 ----A---- C:\Windows\system32\xmllite.dll
2011-08-10 20:10:17 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2011-08-10 20:10:16 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-08-10 20:10:16 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-08-10 20:10:16 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-08-10 20:10:16 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-08-10 20:10:16 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-10 20:10:16 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-10 20:10:16 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-10 20:10:16 ----A---- C:\Windows\system32\odbccp32.dll
2011-08-10 20:10:15 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-08-10 20:10:15 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 20:10:10 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-08-10 20:10:10 ----A---- C:\Windows\system32\wow64.dll
2011-08-10 20:10:10 ----A---- C:\Windows\system32\winsrv.dll
2011-08-10 20:10:10 ----A---- C:\Windows\system32\ntvdm64.dll
2011-08-10 20:10:10 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-10 20:10:10 ----A---- C:\Windows\system32\kernel32.dll
2011-08-10 20:10:10 ----A---- C:\Windows\system32\conhost.exe
2011-08-10 20:10:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 20:10:09 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 20:10:09 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-08-10 20:10:09 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-08-10 20:10:09 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-08-10 20:10:09 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-10 20:10:09 ----A---- C:\Windows\system32\wow64win.dll
2011-08-10 20:10:09 ----A---- C:\Windows\system32\wow64cpu.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 20:10:08 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 20:10:07 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-10 20:10:07 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-08-10 20:10:06 ----A---- C:\Windows\SYSWOW64\user.exe
2011-08-10 20:10:05 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-10 20:10:02 ----A---- C:\Windows\system32\mshtml.dll
2011-08-10 20:10:00 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-08-10 20:10:00 ----A---- C:\Windows\system32\iertutil.dll
2011-08-10 20:09:56 ----A---- C:\Windows\system32\ieframe.dll
2011-08-10 20:09:51 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-08-10 20:09:49 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-08-10 20:09:47 ----A---- C:\Windows\system32\urlmon.dll
2011-08-10 20:09:46 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-08-10 20:09:46 ----A---- C:\Windows\system32\wininet.dll
2011-08-10 20:09:46 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-10 20:09:45 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-08-10 20:09:45 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-08-10 20:09:44 ----A---- C:\Windows\SYSWOW64\url.dll
2011-08-10 20:09:44 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-08-10 20:09:44 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-08-10 20:09:44 ----A---- C:\Windows\system32\url.dll
2011-08-10 20:09:44 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-10 20:09:44 ----A---- C:\Windows\system32\ieui.dll
2011-08-10 20:09:43 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-08-10 20:09:43 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-10 20:09:22 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-08-10 20:09:21 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-10 20:09:20 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe

======List of files/folders modified in the last 1 month======

2011-08-30 15:43:21 ----D---- C:\Windows\Temp
2011-08-30 15:41:11 ----A---- C:\Windows\SYSWOW64\log.txt
2011-08-30 15:40:10 ----D---- C:\Windows\SysWOW64
2011-08-30 15:40:10 ----D---- C:\Windows
2011-08-30 15:25:55 ----D---- C:\Windows\system32\drivers
2011-08-30 15:25:48 ----D---- C:\Windows\system32\config
2011-08-30 15:21:32 ----A---- C:\Windows\system.ini
2011-08-30 15:21:25 ----D---- C:\Windows\system32\drivers\etc
2011-08-30 15:18:14 ----D---- C:\Windows\System32
2011-08-30 15:18:13 ----D---- C:\Windows\SYSWOW64\drivers
2011-08-30 15:18:13 ----D---- C:\Windows\AppPatch
2011-08-30 15:18:12 ----D---- C:\Program Files\Common Files
2011-08-30 15:18:12 ----D---- C:\Program Files (x86)\Common Files
2011-08-30 15:13:26 ----SHD---- C:\System Volume Information
2011-08-29 21:38:39 ----D---- C:\Windows\system32\wdi
2011-08-29 21:35:06 ----D---- C:\Windows\Tasks
2011-08-29 20:15:12 ----D---- C:\Windows\Prefetch
2011-08-29 20:12:35 ----D---- C:\ProgramData
2011-08-29 17:28:33 ----RD---- C:\Program Files (x86)
2011-08-29 16:39:41 ----D---- C:\Users\Lukáš\AppData\Roaming\Winamp
2011-08-29 15:56:26 ----RD---- C:\Program Files
2011-08-29 15:43:34 ----D---- C:\Users\Lukáš\AppData\Roaming\Azureus
2011-08-29 15:41:36 ----D---- C:\Windows\debug
2011-08-26 20:32:08 ----D---- C:\Program Files (x86)\Vuze_Remote
2011-08-26 20:32:05 ----D---- C:\Program Files (x86)\ConduitEngine
2011-08-25 16:44:23 ----D---- C:\Windows\rescache
2011-08-25 15:24:13 ----D---- C:\Windows\inf
2011-08-25 15:24:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-24 22:59:30 ----D---- C:\Windows\winsxs
2011-08-24 22:59:27 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-08-24 22:59:27 ----D---- C:\Windows\system32\cs-CZ
2011-08-24 15:11:34 ----D---- C:\Windows\system32\catroot2
2011-08-24 15:11:34 ----D---- C:\Windows\system32\catroot
2011-08-23 21:20:09 ----SHD---- C:\Windows\Installer
2011-08-23 14:41:06 ----D---- C:\Program Files (x86)\EA Sports
2011-08-23 14:39:19 ----D---- C:\Program Files (x86)\Winamp
2011-08-20 14:57:00 ----D---- C:\Windows\system32\NDF
2011-08-17 15:21:43 ----D---- C:\Windows\Registration
2011-08-17 15:21:32 ----RSD---- C:\Windows\assembly
2011-08-17 15:21:27 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2011-08-17 15:20:49 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-17 14:47:50 ----D---- C:\Windows\system32\LogFiles
2011-08-17 14:31:43 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-08-13 08:01:02 ----D---- C:\Windows\Microsoft.NET
2011-08-11 15:52:45 ----D---- C:\Windows\SYSWOW64\migration
2011-08-11 15:52:45 ----D---- C:\Windows\system32\migration
2011-08-11 15:52:45 ----D---- C:\Program Files\Internet Explorer
2011-08-11 14:34:28 ----D---- C:\ProgramData\Microsoft Help
2011-08-11 14:31:20 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-01-15 538136]
R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2009-07-30 44912]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-04 834544]
R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\Windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-04-07 139704]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-04-07 163888]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-04-07 169592]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-04-07 50600]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-09-09 6204928]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-04-07 33608]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-04-12 33344]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-10-21 2013856]
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-05-20 202016]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-10-15 307760]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 awwibszq;awwibszq; C:\Windows\system32\drivers\awwibszq.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2008-05-02 23552]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-22 225280]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2008-05-02 8704]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2008-05-02 8704]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-09-08 202752]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 262144]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-08-17 66872]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-10-26 124368]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-05 489312]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-05 824688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-15 1030600]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-11 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-21 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Nahoru
lukca123
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 28 srp 2011 15:39

Re: FB vir

#14 Příspěvek od lukca123 »

Dobrý den,
chtěl jsem se zeptat, jestli budete mit cas se v dohledné době podívat na log z RSIT.
Přece jen mě přítomnost viru v PC, a z toho plynoucí nefungce antiviru, poněkud znervózňuje a tak prosím o pomoc.
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: FB vir

#15 Příspěvek od motji »

Dobrý večer, záskok za kolegu :)

:arrow: Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT :!:
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“