Dobrý den,
včera kolem 20. hodiny se mi při zapnutí významně zpomalil počítač. Přestal pracovat Windows Update, Microsof Essentials a Centrum zabezpečení systém. Problém má tendenci se zhoršovat, jelikož se počítač ještě více zpomalil.
Zkoušel jsem různé antivirové programy v Nouzovém režimu, ale nic nezabralo.
Prosím o pomoc.
Zde je log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by geotest2 at 2011-11-16 03:41:38
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 72 GB (15%) free of 464 GB
Total RAM: 4063 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:41:39, on 16.11.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\geotest2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [VMSwitch] "C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [AROReminder] C:\Program Files (x86)\ARO 2011\ARO.exe -rem
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Emsisoft Anti-Malware 5.1 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14775 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
C:\Windows\Explorer.EXE
ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Microsoft Security Client\msseces.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey E82560E5-F8A6-1989-C3BB-08DE88CB70EE -Reinvoke
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\geotest2\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-2983007147-838055934-848710957-1003.job
=========Mozilla firefox=========
ProfilePath - C:\Users\geotest2\AppData\Roaming\Mozilla\Firefox\Profiles\zlzwxgcl.default
prefs.js - "browser.startup.homepage" - "http://webmail.geotest.ba"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669]
"Description"=12.0.1.669
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nppl3260.xpt
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
nsjsrealplayerplugin.xpt
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\geotest2\AppData\Roaming\Mozilla\Firefox\Profiles\zlzwxgcl.default\extensions\
passwordbank@upek.com
vshare@toolbar
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-18 43520]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-10-23 414416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-07-24 7938080]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-07-24 1833504]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-08-03 1815848]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-05 186904]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-18 171520]
"PSQLLauncher"=C:\Program Files\Protector Suite\launcher.exe [2009-07-20 84744]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"=C:\Program Files (x86)\ARO 2011\ARO.exe [2011-10-07 2314608]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-11-07 5495680]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"=C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2009-05-26 317288]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-10 98304]
"MarketingTools"=C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [2009-09-08 26624]
"VMSwitch"=C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe [2009-07-29 538472]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"NokiaMServer"=C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"Print2PDF Print Monitor"=C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe [2010-12-03 141368]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"TkBellExe"=C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2011-10-23 273528]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-10-09 421736]
"ISTray"=C:\Program Files (x86)\PC Tools Security\pctsGui.exe [2010-09-23 1588184]
"a-squared"=C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2guard.exe [2011-11-15 3322256]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2011-08-31 449608]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-08-04 258560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\Protector Suite\psqlpwd.dll [2009-07-20 135944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-04-29 249344]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\Protector Suite\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2011-11-16 03:39:49 ----D---- C:\rsit
2011-11-16 03:39:49 ----D---- C:\Program Files\trend micro
2011-11-16 03:33:47 ----A---- C:\Log.txt
2011-11-16 03:32:51 ----D---- C:\Windows\temp
2011-11-16 03:32:50 ----A---- C:\ComboFix.txt
2011-11-16 02:26:47 ----A---- C:\Windows\zip.exe
2011-11-16 02:26:47 ----A---- C:\Windows\SWSC.exe
2011-11-16 02:26:47 ----A---- C:\Windows\SWREG.exe
2011-11-16 02:26:47 ----A---- C:\Windows\sed.exe
2011-11-16 02:26:47 ----A---- C:\Windows\PEV.exe
2011-11-16 02:26:47 ----A---- C:\Windows\NIRCMD.exe
2011-11-16 02:26:47 ----A---- C:\Windows\MBR.exe
2011-11-16 02:26:47 ----A---- C:\Windows\grep.exe
2011-11-16 02:26:37 ----D---- C:\Windows\ERDNT
2011-11-16 02:26:16 ----D---- C:\Qoobox
2011-11-16 01:08:04 ----D---- C:\Users\geotest2\AppData\Roaming\SUPERAntiSpyware.com
2011-11-16 01:07:40 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2011-11-16 01:07:40 ----D---- C:\Program Files\SUPERAntiSpyware
2011-11-16 01:01:59 ----D---- C:\Users\geotest2\AppData\Roaming\Malwarebytes
2011-11-16 01:01:53 ----D---- C:\ProgramData\Malwarebytes
2011-11-16 01:01:50 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-16 01:01:50 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-11-15 22:21:45 ----D---- C:\Program Files (x86)\Emsisoft Anti-Malware
2011-11-15 21:43:03 ----D---- C:\Users\geotest2\AppData\Roaming\Sammsoft
2011-11-15 21:42:44 ----D---- C:\Program Files (x86)\ARO 2011
2011-11-15 21:16:53 ----A---- C:\Windows\system32\drivers\pctEFA64.sys
2011-11-15 21:16:53 ----A---- C:\Windows\system32\drivers\pctDS64.sys
2011-11-15 21:16:52 ----A---- C:\Windows\system32\drivers\pctwfpfilter64.sys
2011-11-15 21:16:52 ----A---- C:\Windows\system32\drivers\pctgntdi64.sys
2011-11-15 21:16:50 ----A---- C:\Windows\system32\drivers\PCTCore64.sys
2011-11-15 21:16:39 ----A---- C:\Windows\system32\drivers\pctplsg64.sys
2011-11-15 21:16:39 ----A---- C:\Windows\system32\drivers\pctplfw64.sys
2011-11-15 21:16:39 ----A---- C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys
2011-11-15 21:16:39 ----A---- C:\Windows\system32\drivers\pctNdis-DNS64.sys
2011-11-15 21:16:30 ----D---- C:\Users\geotest2\AppData\Roaming\PC Tools
2011-11-15 21:16:30 ----D---- C:\ProgramData\PC Tools
2011-11-15 21:16:30 ----D---- C:\Program Files (x86)\PC Tools Security
2011-11-10 14:20:39 ----D---- C:\Program Files\iPod
2011-11-10 14:20:38 ----D---- C:\Program Files\iTunes
2011-11-10 14:20:38 ----D---- C:\Program Files (x86)\iTunes
2011-11-10 14:17:45 ----D---- C:\Program Files\Bonjour
2011-11-10 14:17:45 ----D---- C:\Program Files (x86)\Bonjour
2011-11-09 10:04:28 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-11-09 10:04:14 ----A---- C:\Windows\system32\win32k.sys
2011-10-23 17:40:14 ----A---- C:\Windows\SYSWOW64\rmoc3260.dll
2011-10-23 17:40:07 ----A---- C:\Windows\SYSWOW64\pndx5032.dll
2011-10-23 17:40:07 ----A---- C:\Windows\SYSWOW64\pndx5016.dll
2011-10-23 17:40:06 ----A---- C:\Windows\SYSWOW64\pncrt.dll
2011-10-23 17:40:03 ----A---- C:\Windows\SYSWOW64\msvcp71.dll
2011-10-21 22:52:21 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-10-21 22:52:21 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-10-21 22:52:21 ----A---- C:\Windows\SYSWOW64\java.exe
2011-10-17 20:06:45 ----A---- C:\Windows\SYSWOW64\xvidvfw.dll
2011-10-17 20:06:45 ----A---- C:\Windows\SYSWOW64\xvidcore.dll
2011-10-17 20:06:43 ----D---- C:\Program Files (x86)\iWisoft Free Video Converter
2011-10-17 19:50:13 ----D---- C:\Program Files (x86)\Avidemux 2.5
2011-10-17 19:38:42 ----D---- C:\Program Files (x86)\DVDVideoSoft
2011-10-17 19:38:42 ----A---- C:\Windows\SYSWOW64\msvcr70.dll
======List of files/folders modified in the last 1 month======
2011-11-16 03:39:49 ----RD---- C:\Program Files
2011-11-16 03:32:52 ----D---- C:\Windows\system32\drivers
2011-11-16 03:32:52 ----A---- C:\Windows\ntbtlog.txt
2011-11-16 03:32:51 ----D---- C:\Windows
2011-11-16 03:29:52 ----A---- C:\Windows\system.ini
2011-11-16 03:27:19 ----D---- C:\Windows\SYSWOW64\drivers
2011-11-16 03:27:19 ----D---- C:\Windows\SysWOW64
2011-11-16 03:27:19 ----D---- C:\Windows\System32
2011-11-16 03:27:19 ----D---- C:\Windows\AppPatch
2011-11-16 03:27:16 ----D---- C:\Program Files\Common Files
2011-11-16 03:27:16 ----D---- C:\Program Files (x86)\Common Files
2011-11-16 03:19:44 ----D---- C:\Windows\Tasks
2011-11-16 02:44:58 ----AD---- C:\ProgramData\TEMP
2011-11-16 02:35:01 ----D---- C:\Windows\system32\drivers\etc
2011-11-16 01:37:47 ----D---- C:\Windows\system32\catroot2
2011-11-16 01:08:04 ----D---- C:\ProgramData
2011-11-16 01:01:50 ----RD---- C:\Program Files (x86)
2011-11-15 21:45:30 ----D---- C:\Windows\system32\config
2011-11-15 20:07:21 ----D---- C:\Windows\system32\Tasks
2011-11-15 15:00:42 ----D---- C:\Users\geotest2\AppData\Roaming\Skype
2011-11-15 11:22:17 ----SHD---- C:\System Volume Information
2011-11-13 19:30:23 ----D---- C:\Users\geotest2\AppData\Roaming\vlc
2011-11-11 10:30:21 ----D---- C:\Windows\system32\catroot
2011-11-10 17:10:04 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-11-10 14:22:52 ----D---- C:\Config.Msi
2011-11-10 14:21:36 ----SHD---- C:\Windows\Installer
2011-11-10 14:18:19 ----D---- C:\Windows\system32\DriverStore
2011-11-10 14:18:19 ----D---- C:\Windows\inf
2011-11-10 11:28:10 ----D---- C:\Windows\Prefetch
2011-11-09 16:48:26 ----D---- C:\Windows\winsxs
2011-11-09 16:14:36 ----D---- C:\Program Files\Common Files\System
2011-11-09 16:07:48 ----A---- C:\Windows\system32\MRT.exe
2011-11-08 17:12:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-27 08:33:02 ----D---- C:\Windows\Minidump
2011-10-23 17:40:45 ----D---- C:\Users\geotest2\AppData\Roaming\Real
2011-10-23 17:40:45 ----D---- C:\ProgramData\Real
2011-10-23 17:40:28 ----D---- C:\Program Files (x86)\Real
2011-10-22 23:48:46 ----D---- C:\Update
2011-10-22 23:45:14 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-10-22 23:25:17 ----D---- C:\Program Files\Sony
2011-10-22 23:25:08 ----D---- C:\ProgramData\Sony Corporation
2011-10-22 23:23:34 ----D---- C:\Program Files (x86)\Sony
2011-10-22 23:22:46 ----D---- C:\Program Files\Common Files\Sony Shared
2011-10-21 22:52:13 ----D---- C:\Program Files (x86)\Java
2011-10-21 08:47:27 ----RD---- C:\Program Files (x86)\Skype
2011-10-21 08:47:23 ----D---- C:\ProgramData\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-05 408600]
R0 PCTCore;PCTools KDS; C:\Windows\system32\drivers\PCTCore64.sys [2010-08-18 254624]
R0 pctDS;PC Tools Data Store; C:\Windows\system32\drivers\pctDS64.sys [2010-06-29 452872]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 shpf;Sony HDD Protection Filter Driver; C:\Windows\system32\DRIVERS\shpf.sys [2009-05-28 25120]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 risdptsk;risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [2009-07-31 76288]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimssn64.sys [2010-01-26 87040]
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-08-03 274480]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2009-07-31 17024]
S3 a2acc;a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-15 63880]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-27 6037504]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-08-03 98344]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2009-08-03 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-08-03 35104]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-08-03 21160]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [2009-07-31 292864]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 48488]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [2009-07-31 1485824]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-08-04 7345632]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-07-24 1822112]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-08-31 25416]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-05 5435904]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-07-24 201472]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl64.sys [2007-07-31 90112]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-02-26 9216]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-08-02 51712]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2010-02-26 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-12 140672]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
S2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-11-15 3045688]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-27 203264]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-09 55144]
S2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-02 864032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-09-21 1420560]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-24 135664]
S2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-05 354840]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-09-21 831760]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
S2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984]
S2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
S2 sdCoreService;PC Tools Security Service; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2010-08-30 1145816]
S2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
S2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
S2 uCamMonitor;CamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Event Service;VAIO Event Service; C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe [2010-05-07 205168]
S2 VAIO Power Management;VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]
S2 VSNService;VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-28 1431888]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-24 135664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-10-09 934760]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-09-29 616448]
S3 SOHCImp;VAIO Media plus Content Importer; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
S3 SOHDms;VAIO Media plus Digital Media Server; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
S3 SOHDs;VAIO Media plus Device Searcher; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
S3 SpfService;VAIO Entertainment Common Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [2010-09-27 74496]
S3 VCFw;VAIO Content Folder Watcher; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager; C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]
S3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2010-09-27 312136]
S3 VUAgent;VUAgent; C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zákeřný vir - Prosím o pomoc
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Zákeřný vir - Prosím o pomoc
Dobrý den,
tak ještě jedna informace.
Program Anti-Malware identifikoval, že v počítači mám virus GEN-BUZUS.
Když jsem ho dal odstranit a restartoval počítač, tak problém přetrval.
Můžete mi prosím nějak pomoci?
Děkuji.
tak ještě jedna informace.
Program Anti-Malware identifikoval, že v počítači mám virus GEN-BUZUS.
Když jsem ho dal odstranit a restartoval počítač, tak problém přetrval.
Můžete mi prosím nějak pomoci?
Děkuji.
Re: Zákeřný vir - Prosím o pomoc
Hezké odpoledne 
Poprosím o log z mbamu (záložka protokoly) a log z combofixu (bude na disku C) co jste dělal.
Poprosím o log z mbamu (záložka protokoly) a log z combofixu (bude na disku C) co jste dělal.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Log z ComboFix
ComboFix 11-11-15.06 - geotest2 16.11.2011 3:20.2.2 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4063.3216 [GMT 1:00]
Spuštěný z: c:\users\geotest2\Desktop\brouk.com.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-16 do 2011-11-16 )))))))))))))))))))))))))))))))
.
.
2011-11-16 02:29 . 2011-11-16 02:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-16 01:39 . 2011-11-16 01:48 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D197B86D-55C0-4083-A80B-370FFA35F9F9}\offreg.dll
2011-11-16 00:08 . 2011-11-16 00:08 -------- d-----w- c:\users\geotest2\AppData\Roaming\SUPERAntiSpyware.com
2011-11-16 00:07 . 2011-11-16 00:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-16 00:07 . 2011-11-16 00:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-16 00:01 . 2011-11-16 00:01 -------- d-----w- c:\users\geotest2\AppData\Roaming\Malwarebytes
2011-11-16 00:01 . 2011-11-16 00:01 -------- d-----w- c:\programdata\Malwarebytes
2011-11-16 00:01 . 2011-11-16 00:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-16 00:01 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 21:21 . 2011-11-15 23:48 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2011-11-15 20:43 . 2011-11-15 20:43 -------- d-----w- c:\users\geotest2\AppData\Roaming\Sammsoft
2011-11-15 20:42 . 2011-11-16 01:43 -------- d-----w- c:\program files (x86)\ARO 2011
2011-11-15 10:22 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D197B86D-55C0-4083-A80B-370FFA35F9F9}\mpengine.dll
2011-11-10 13:20 . 2011-11-10 13:20 -------- d-----w- c:\program files\iPod
2011-11-10 13:20 . 2011-11-10 13:21 -------- d-----w- c:\program files\iTunes
2011-11-10 13:20 . 2011-11-10 13:21 -------- d-----w- c:\program files (x86)\iTunes
2011-11-10 13:17 . 2011-11-10 13:17 -------- d-----w- c:\program files\Bonjour
2011-11-10 13:17 . 2011-11-10 13:17 -------- d-----w- c:\program files (x86)\Bonjour
2011-11-09 09:04 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 09:04 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 09:04 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 09:04 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-10-23 16:40 . 2011-10-23 16:40 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-10-23 16:40 . 2011-10-23 16:40 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-10-23 16:40 . 2011-10-23 16:40 150696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-10-23 16:40 . 2011-10-23 16:40 107008 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-10-23 16:40 . 2011-10-23 16:40 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-10-21 21:52 . 2011-10-21 21:52 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-17 19:06 . 2009-09-29 18:57 758018 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-10-17 19:06 . 2008-12-04 19:46 180224 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-10-17 19:06 . 2008-10-08 08:16 139264 ----a-w- c:\windows\SysWow64\xvid.ax
2011-10-17 19:06 . 2011-10-17 19:08 -------- d-----w- c:\program files (x86)\iWisoft Free Video Converter
2011-10-17 18:50 . 2011-10-17 18:50 -------- d-----w- c:\program files (x86)\Avidemux 2.5
2011-10-17 18:38 . 2011-10-17 18:38 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2011-10-17 18:38 . 2011-10-17 18:38 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2011-10-17 18:38 . 2002-01-05 12:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 17:56 . 2011-04-17 14:21 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-10-11 10:17 . 2011-10-11 10:17 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9478FCA0-3540-405D-AF37-4D0B68C70529}\gapaengine.dll
2011-10-07 04:16 . 2010-01-14 07:13 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 03:06 . 2010-05-05 15:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-01 05:24 . 2011-10-12 14:46 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 14:46 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 14:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 14:46 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 14:46 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 14:46 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-30 22:05 . 2011-08-30 22:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 22:05 . 2011-08-30 22:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-08-27 05:37 . 2011-10-12 09:03 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-12 09:03 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-12 09:03 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 09:03 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-16_01.35.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-11-16 00:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-16 01:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-16 01:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-16 00:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-16 00:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-16 01:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-16 01:39 . 2011-11-16 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-16 01:01 . 2011-11-16 01:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-16 01:39 . 2011-11-16 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-16 01:01 . 2011-11-16 01:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"="c:\program files (x86)\ARO 2011\ARO.exe" [2011-10-07 2314608]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-09-08 26624]
"VMSwitch"="c:\program files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe" [2009-07-29 538472]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Print2PDF Print Monitor"="c:\program files (x86)\Software602\Print2PDF\Print2PDF.exe" [2010-12-03 141368]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-10-23 273528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" [2010-09-23 1588184]
"a-squared"="c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2guard.exe" [2011-11-15 3322256]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-5-10 4554752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-11-15 3045688]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-24 135664]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]
R2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
R2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-05-10 130560]
R2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-05-10 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-05-10 483328]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-15 63880]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-28 1431888]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-24 135664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-24 19:20]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-24 19:20]
.
2011-11-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2983007147-838055934-848710957-1003.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2009-07-20 21:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2009-07-20 21:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-18 171520]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-07-20 84744]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\geotest2\AppData\Roaming\Mozilla\Firefox\Profiles\zlzwxgcl.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.geotest.ba
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2983007147-838055934-848710957-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2983007147-838055934-848710957-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-11-16 03:32:49
ComboFix-quarantined-files.txt 2011-11-16 02:32
ComboFix2.txt 2011-11-16 01:37
.
Před spuštěním: Volných bajtů: 75 376 992 256
Po spuštění: Volných bajtů: 75 056 070 656
.
- - End Of File - - C9A0BDF1299E632EF58EF8A9FE142E8A
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4063.3216 [GMT 1:00]
Spuštěný z: c:\users\geotest2\Desktop\brouk.com.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-16 do 2011-11-16 )))))))))))))))))))))))))))))))
.
.
2011-11-16 02:29 . 2011-11-16 02:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-16 01:39 . 2011-11-16 01:48 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D197B86D-55C0-4083-A80B-370FFA35F9F9}\offreg.dll
2011-11-16 00:08 . 2011-11-16 00:08 -------- d-----w- c:\users\geotest2\AppData\Roaming\SUPERAntiSpyware.com
2011-11-16 00:07 . 2011-11-16 00:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-16 00:07 . 2011-11-16 00:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-16 00:01 . 2011-11-16 00:01 -------- d-----w- c:\users\geotest2\AppData\Roaming\Malwarebytes
2011-11-16 00:01 . 2011-11-16 00:01 -------- d-----w- c:\programdata\Malwarebytes
2011-11-16 00:01 . 2011-11-16 00:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-16 00:01 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 21:21 . 2011-11-15 23:48 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2011-11-15 20:43 . 2011-11-15 20:43 -------- d-----w- c:\users\geotest2\AppData\Roaming\Sammsoft
2011-11-15 20:42 . 2011-11-16 01:43 -------- d-----w- c:\program files (x86)\ARO 2011
2011-11-15 10:22 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D197B86D-55C0-4083-A80B-370FFA35F9F9}\mpengine.dll
2011-11-10 13:20 . 2011-11-10 13:20 -------- d-----w- c:\program files\iPod
2011-11-10 13:20 . 2011-11-10 13:21 -------- d-----w- c:\program files\iTunes
2011-11-10 13:20 . 2011-11-10 13:21 -------- d-----w- c:\program files (x86)\iTunes
2011-11-10 13:17 . 2011-11-10 13:17 -------- d-----w- c:\program files\Bonjour
2011-11-10 13:17 . 2011-11-10 13:17 -------- d-----w- c:\program files (x86)\Bonjour
2011-11-09 09:04 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 09:04 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 09:04 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 09:04 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-10-23 16:40 . 2011-10-23 16:40 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-10-23 16:40 . 2011-10-23 16:40 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-10-23 16:40 . 2011-10-23 16:40 150696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-10-23 16:40 . 2011-10-23 16:40 107008 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-10-23 16:40 . 2011-10-23 16:40 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-10-21 21:52 . 2011-10-21 21:52 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-17 19:06 . 2009-09-29 18:57 758018 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-10-17 19:06 . 2008-12-04 19:46 180224 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-10-17 19:06 . 2008-10-08 08:16 139264 ----a-w- c:\windows\SysWow64\xvid.ax
2011-10-17 19:06 . 2011-10-17 19:08 -------- d-----w- c:\program files (x86)\iWisoft Free Video Converter
2011-10-17 18:50 . 2011-10-17 18:50 -------- d-----w- c:\program files (x86)\Avidemux 2.5
2011-10-17 18:38 . 2011-10-17 18:38 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2011-10-17 18:38 . 2011-10-17 18:38 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2011-10-17 18:38 . 2002-01-05 12:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 17:56 . 2011-04-17 14:21 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-10-11 10:17 . 2011-10-11 10:17 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9478FCA0-3540-405D-AF37-4D0B68C70529}\gapaengine.dll
2011-10-07 04:16 . 2010-01-14 07:13 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 03:06 . 2010-05-05 15:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-01 05:24 . 2011-10-12 14:46 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 14:46 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 14:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 14:46 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 14:46 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 14:46 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-30 22:05 . 2011-08-30 22:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 22:05 . 2011-08-30 22:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-08-27 05:37 . 2011-10-12 09:03 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-12 09:03 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-12 09:03 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 09:03 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-16_01.35.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-11-16 00:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-16 01:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-16 01:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-16 00:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-16 00:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-16 01:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-16 01:39 . 2011-11-16 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-16 01:01 . 2011-11-16 01:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-16 01:39 . 2011-11-16 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-16 01:01 . 2011-11-16 01:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"="c:\program files (x86)\ARO 2011\ARO.exe" [2011-10-07 2314608]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-09-08 26624]
"VMSwitch"="c:\program files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe" [2009-07-29 538472]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Print2PDF Print Monitor"="c:\program files (x86)\Software602\Print2PDF\Print2PDF.exe" [2010-12-03 141368]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-10-23 273528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" [2010-09-23 1588184]
"a-squared"="c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2guard.exe" [2011-11-15 3322256]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-5-10 4554752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-11-15 3045688]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-24 135664]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]
R2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
R2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-05-10 130560]
R2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-05-10 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-05-10 483328]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-15 63880]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-28 1431888]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-24 135664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-24 19:20]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-24 19:20]
.
2011-11-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2983007147-838055934-848710957-1003.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2009-07-20 21:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2009-07-20 21:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-18 171520]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-07-20 84744]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\geotest2\AppData\Roaming\Mozilla\Firefox\Profiles\zlzwxgcl.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.geotest.ba
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2983007147-838055934-848710957-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2983007147-838055934-848710957-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-11-16 03:32:49
ComboFix-quarantined-files.txt 2011-11-16 02:32
ComboFix2.txt 2011-11-16 01:37
.
Před spuštěním: Volných bajtů: 75 376 992 256
Po spuštění: Volných bajtů: 75 056 070 656
.
- - End Of File - - C9A0BDF1299E632EF58EF8A9FE142E8A
Log z SuperAntiSpyware (místo logu z mbamu)
Omlouvám se za nepřesnou informaci. GEN-BUZUZ nebyl odhalen pomocí mbamu, ale pomoci SuperAntiSpywareu. Zde je z něj log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/16/2011 at 10:41 AM
Application Version : 5.0.1136
Core Rules Database Version : 7946
Trace Rules Database Version: 5758
Scan type : Complete Scan
Total Scan Time : 01:45:33
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
Memory items scanned : 460
Memory threats detected : 0
Registry items scanned : 76034
Registry threats detected : 0
File items scanned : 80807
File threats detected : 24
Adware.Tracking Cookie
bc.youporn.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
cdn5.specificclick.net [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
content3.pornkolt.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
files.youporn.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
g.idnes.cz [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
ia.media-imdb.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
macromedia.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
media.ign.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
media.mtvnservices.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
multimedia.cognito.cz [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
objects.tremormedia.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
s0.2mdn.net [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
secure-us.imrworldwide.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
sex-doma.cz [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
static.youporn.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
www.adultblast.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
www.pornhost.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
www.pornhub.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
www.sex-doma.cz [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
www.sexkiste.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
www.sexy-employee.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
wwwstatic.megaporn.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
C:\USERS\GEOTEST2\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GEOTEST2@ADS.VIMG[1].TXT [ /ADS.VIMG ]
Trojan.Agent/Gen-Buzus
C:\USERS\GEOTEST2\DESKTOP\RSITX64.EXE
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/16/2011 at 10:41 AM
Application Version : 5.0.1136
Core Rules Database Version : 7946
Trace Rules Database Version: 5758
Scan type : Complete Scan
Total Scan Time : 01:45:33
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
Memory items scanned : 460
Memory threats detected : 0
Registry items scanned : 76034
Registry threats detected : 0
File items scanned : 80807
File threats detected : 24
Adware.Tracking Cookie
bc.youporn.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
cdn5.specificclick.net [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
content3.pornkolt.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
files.youporn.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
g.idnes.cz [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
ia.media-imdb.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
macromedia.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
media.ign.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
media.mtvnservices.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
multimedia.cognito.cz [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
objects.tremormedia.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
s0.2mdn.net [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
secure-us.imrworldwide.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
sex-doma.cz [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
static.youporn.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
www.adultblast.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
www.pornhost.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
www.pornhub.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
www.sex-doma.cz [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
www.sexkiste.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
www.sexy-employee.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
wwwstatic.megaporn.com [ C:\USERS\GEOTEST2\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3THXVMMQ ]
C:\USERS\GEOTEST2\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GEOTEST2@ADS.VIMG[1].TXT [ /ADS.VIMG ]
Trojan.Agent/Gen-Buzus
C:\USERS\GEOTEST2\DESKTOP\RSITX64.EXE
Re: Zákeřný vir - Prosím o pomoc
Falešná detekce na rsitTrojan.Agent/Gen-Buzus
C:\USERS\GEOTEST2\DESKTOP\RSITX64.EXE
.Ted to s pc vypadá jak?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Zákeřný vir - Prosím o pomoc
Spatne. Zda se, ze to byl vedlejsi problem. Notebook se nyni kouse a jede pomalu i v nouzovem rezimu. Jsem z toho docela zoufaly
Re: Zákeřný vir - Prosím o pomoc
stáhnětehttp://www.slunecnice.cz/sw/crystaldiskinfo/
- spusťte ho a v nabídce zvolte Kopírovat.
-Data ze schránky sem pak vložte pomocí Ctrl+V
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
LOG Z ANTI-MALWARE
Nyní jsem udělal test i v Anti-Malware a bohužel nic nového neodhalil:
Malwarebytes' Anti-Malware 1.51.2.1300
http://www.malwarebytes.org
Verze databáze: 8175
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421
16.11.2011 21:45:05
mbam-log-2011-11-16 (21-45-05).txt
Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 374947
Uplynulý čas: 55 minut, 39 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Malwarebytes' Anti-Malware 1.51.2.1300
http://www.malwarebytes.org
Verze databáze: 8175
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421
16.11.2011 21:45:05
mbam-log-2011-11-16 (21-45-05).txt
Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 374947
Uplynulý čas: 55 minut, 39 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Re: Zákeřný vir - Prosím o pomoc
Bohuzel se mi Vami zaslany program nedari spustit v nouzovem rezimu. Existuje nejaka alternativa? Jinak je hlavnim problemem stale to, ze notebook jede neskutecne pomalu, nefunguje windows update, centrum zabezpeceni. Pisu nyni z mobilu, jelikoz mi obcas nechce otevrit prohlizec v nouzovem rezimu. Normalni rezim je nepouzitelny . Mate nejake tuseni, co by to mohlo byt?
. Mate nejake tuseni, co by to mohlo byt?Re: Zákeřný vir - Prosím o pomoc
Dobrý večer,
konečně se mi podařilo rozjet systém v normálním režimu díky programu Trojan Remover. Antivir a windows update již fungují.
Nicméně stále nevím, co přesně s notebookem bylo a zda byl problém trvale vyřešen. Notebook sice nyní jede rychleji, ale pořád to není jako dříve, je stále o něco pomalejší. Zde jsou vyžadované údaje:
----------------------------------------------------------------------------
CrystalDiskInfo 4.1.3 (C) 2008-2011 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------
OS : Windows 7 SP1 [6.1 Build 7601] (x64)
Date : 2011/11/16 23:57:17
-- Controller Map ----------------------------------------------------------
-- Disk List ---------------------------------------------------------------
(1) ST9500325AS : 500.1 GB [0-X-X, pd1]
----------------------------------------------------------------------------
(1) ST9500325AS
----------------------------------------------------------------------------
Model : ST9500325AS
Firmware : 0004SDM2
Serial Number : 5VE6HE2J
Disk Size : 500.1 GB (8.4/137.4/500.1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : SATA/150
Power On Hours : 5460 hod.
Power On Count : 1799 krát
Temparature : 40 C (104 F)
Health Status : Pozor
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 _88 _82 __6 00000240B8D5 Počet chyb čtení
03 _99 _98 __0 000000000000 Čas na roztočení ploten
04 _99 _99 _20 00000000070B Počet spuštění/zastavení
05 100 100 _36 00000000000A Počet přemapovaných sektorů
07 _78 _60 _30 000104C85719 Počet chybných hledání
09 _94 _94 __0 000000001554 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _99 _37 _20 000000000707 Počet cyklů zapnutí zařízení
B8 100 100 _99 000000000000 Ukončovacích chyb
BB __1 __1 __0 000000000F8E Ohlášeno neopravitelných chyb
BC 100 _99 __0 000100010003 Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _60 _57 _45 000028260028 Teplota toku vzduchu
BF 100 100 __0 000000000060 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 0000000002DA Počet vypnutí disku
C1 _40 _40 __0 00000001D667 Počet cyklů načítání/vymazání
C2 _40 _43 __0 000E00000028 Teplota
C3 _50 _43 __0 00000240B8D5 Počet oprav chybného čtení
C5 100 100 __0 000000000067 Počet podezřelých sektorů
C6 100 100 __0 000000000067 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
FE 100 100 __0 000000000000 Ochrana proti pádu
-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0C 5A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 20 20 20 20 20 20 20
020: 35 56 45 36 48 45 32 4A 00 00 40 00 00 04 30 30
030: 30 34 53 44 4D 32 53 54 39 35 30 30 33 32 35 41
040: 53 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 2F 00 40 00 02 00 02 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 FF FF 0F FF 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 1F 05 02 00 00 00 48 00 40
0A0: 01 F0 00 29 34 6B 7D 09 61 23 34 69 BC 09 61 23
0B0: 40 7F 00 43 00 43 80 80 FF FE 00 00 FE 00 00 00
0C0: 00 00 00 00 00 00 00 00 60 30 3A 38 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 50 00 C5 00 1E 05 3B 07
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 1E
0F0: 40 1C 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 29 60 30 3A 38 60 30 3A 38 20 20 00 02 01 40
110: 01 00 50 00 3C 06 3C 0A 00 00 00 3C 00 00 00 08
120: 00 00 00 00 00 1F 02 80 00 00 00 00 00 08 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 3C 00 80 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 10 3B 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 15 18 00 00 00 00 00 00 00 00 10 10 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3D A5
konečně se mi podařilo rozjet systém v normálním režimu díky programu Trojan Remover. Antivir a windows update již fungují.
Nicméně stále nevím, co přesně s notebookem bylo a zda byl problém trvale vyřešen. Notebook sice nyní jede rychleji, ale pořád to není jako dříve, je stále o něco pomalejší. Zde jsou vyžadované údaje:
----------------------------------------------------------------------------
CrystalDiskInfo 4.1.3 (C) 2008-2011 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------
OS : Windows 7 SP1 [6.1 Build 7601] (x64)
Date : 2011/11/16 23:57:17
-- Controller Map ----------------------------------------------------------
-- Disk List ---------------------------------------------------------------
(1) ST9500325AS : 500.1 GB [0-X-X, pd1]
----------------------------------------------------------------------------
(1) ST9500325AS
----------------------------------------------------------------------------
Model : ST9500325AS
Firmware : 0004SDM2
Serial Number : 5VE6HE2J
Disk Size : 500.1 GB (8.4/137.4/500.1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : SATA/150
Power On Hours : 5460 hod.
Power On Count : 1799 krát
Temparature : 40 C (104 F)
Health Status : Pozor
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 _88 _82 __6 00000240B8D5 Počet chyb čtení
03 _99 _98 __0 000000000000 Čas na roztočení ploten
04 _99 _99 _20 00000000070B Počet spuštění/zastavení
05 100 100 _36 00000000000A Počet přemapovaných sektorů
07 _78 _60 _30 000104C85719 Počet chybných hledání
09 _94 _94 __0 000000001554 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _99 _37 _20 000000000707 Počet cyklů zapnutí zařízení
B8 100 100 _99 000000000000 Ukončovacích chyb
BB __1 __1 __0 000000000F8E Ohlášeno neopravitelných chyb
BC 100 _99 __0 000100010003 Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _60 _57 _45 000028260028 Teplota toku vzduchu
BF 100 100 __0 000000000060 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 0000000002DA Počet vypnutí disku
C1 _40 _40 __0 00000001D667 Počet cyklů načítání/vymazání
C2 _40 _43 __0 000E00000028 Teplota
C3 _50 _43 __0 00000240B8D5 Počet oprav chybného čtení
C5 100 100 __0 000000000067 Počet podezřelých sektorů
C6 100 100 __0 000000000067 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
FE 100 100 __0 000000000000 Ochrana proti pádu
-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0C 5A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 20 20 20 20 20 20 20
020: 35 56 45 36 48 45 32 4A 00 00 40 00 00 04 30 30
030: 30 34 53 44 4D 32 53 54 39 35 30 30 33 32 35 41
040: 53 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 2F 00 40 00 02 00 02 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 FF FF 0F FF 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 1F 05 02 00 00 00 48 00 40
0A0: 01 F0 00 29 34 6B 7D 09 61 23 34 69 BC 09 61 23
0B0: 40 7F 00 43 00 43 80 80 FF FE 00 00 FE 00 00 00
0C0: 00 00 00 00 00 00 00 00 60 30 3A 38 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 50 00 C5 00 1E 05 3B 07
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 1E
0F0: 40 1C 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 29 60 30 3A 38 60 30 3A 38 20 20 00 02 01 40
110: 01 00 50 00 3C 06 3C 0A 00 00 00 3C 00 00 00 08
120: 00 00 00 00 00 1F 02 80 00 00 00 00 00 08 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 3C 00 80 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 10 3B 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 15 18 00 00 00 00 00 00 00 00 10 10 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3D A5
Re: Zákeřný vir - Prosím o pomoc
A trojan remover něco mazal? Já totiž žádnou havět nevidím. Spíš budete mít nabořený systém v důsledku špatného stavu disku. Jestli crystal disk nekecá, tak je disk v háji 
.
Raději si hned zazálohujte důležitá data.
Stahněte HD tune http://www.slunecnice.cz/sw/hd-tune/
-zvolete poslední záložku Error scan
-dejte skenovat, trvá to kolem hodiny.
-pak napište jestli jste měl nějaká políčka červená
.Raději si hned zazálohujte důležitá data.
Stahněte HD tune http://www.slunecnice.cz/sw/hd-tune/-zvolete poslední záložku Error scan
-dejte skenovat, trvá to kolem hodiny.
-pak napište jestli jste měl nějaká políčka červená
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Zákeřný vir - Prosím o pomoc
Dobrý den,
problém se vrátil. Trojan dříve něco mazal, nyní již žádný problém nezjistil.
Problém s diskem asi nebude (viz příloha).
Máte nějaký nápad, jak problém vyřešit? Jsem již docela zoufalý, protože jsem překladatel a má práce je závislá na funkčním počítači
Děkuji za všechny dosavadní nápady a za snahu.
problém se vrátil. Trojan dříve něco mazal, nyní již žádný problém nezjistil.
Problém s diskem asi nebude (viz příloha).
Máte nějaký nápad, jak problém vyřešit? Jsem již docela zoufalý, protože jsem překladatel a má práce je závislá na funkčním počítači
Děkuji za všechny dosavadní nápady a za snahu.
- Přílohy
-
- Sken.jpg (220.91 KiB) Zobrazeno 822 x
Re: Zákeřný vir - Prosím o pomoc
Vidíte, ale přece jen tam jsou dvě červená políčka, disk prostě ok není. Poprosím kolegu at na to mrkne.
Opět nefunguje správce uloh? Já bych Vám doporučila uplný formát . Určitě si hned zazálohujte data a zkusíme mrknout ještě na ty brebery.
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:
- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde
Opět nefunguje správce uloh? Já bych Vám doporučila uplný formát
. Určitě si hned zazálohujte data a zkusíme mrknout ještě na ty brebery. Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:
Kód: Vybrat vše
netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop
C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Zákeřný vir - Prosím o pomoc
Ahoj, ten disk není vůbec dobrý. Poškozené image soubory na disku, budou pravděpodobnou příčinou problémů. Disk bude třeba vyměnit, opravit se nedá.
1)V Ovládací panely->Nástroje pro správu->Prohlížeč událostí->Protokoly systému Windows->klikni pravým myšítkem na protokol Systém, vyber Uložit všechny události jako, ulož to jako .evtx soubor a ten upni na http://www.leteckaposta.cz
2)Stáhni a nainstaluj SeaTools for Windows a spusť long test.
1)V Ovládací panely->Nástroje pro správu->Prohlížeč událostí->Protokoly systému Windows->klikni pravým myšítkem na protokol Systém, vyber Uložit všechny události jako, ulož to jako .evtx soubor a ten upni na http://www.leteckaposta.cz
2)Stáhni a nainstaluj SeaTools for Windows a spusť long test.
Pokud jste s naší pomocí spokojeni, můžete nás podpořit. Informace zde
Přispějete na provoz fóra?