kontrola logu

[k1ea]

Dobrý večer, chtěla bych požádat o kontrolu logu. při otevřeném prohlížeči se náhodně otevírá nový panel, na fb se rozesílají spemy přátelům.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Klea at 2011-11-22 19:26:49
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 231 GB (81%) free of 286 GB
Total RAM: 4094 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:26:53, on 22.11.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\Klea.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D95B431-BDC6-437E-88F9-E434FFE3380B}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{5D95B431-BDC6-437E-88F9-E434FFE3380B}: NameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{5D95B431-BDC6-437E-88F9-E434FFE3380B}: NameServer = 10.0.0.138
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6068 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{EE3E6756-2314-41C9-B629-4DCC6D054E0E}
{CBC31F76-E65D-41EE-9D88-94FE1CF4FC8C}
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Users\Klea\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Klea\AppData\Roaming\Mozilla\Firefox\Profiles\1m0rqiwz.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Klea\AppData\Roaming\Mozilla\Firefox\Profiles\1m0rqiwz.default\extensions\
jid1-npQlxRhRimvmWZ@jetpack

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-08-16 12673128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2011-06-16 1500160]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-09-08 343168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-11-21 21:49:14 ----D---- C:\Program Files\trend micro
2011-11-21 21:49:13 ----D---- C:\rsit
2011-11-19 10:03:56 ----A---- C:\Windows\CD-Start.INI
2011-11-08 22:20:00 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-11-08 22:19:59 ----A---- C:\Windows\system32\win32k.sys
2011-11-02 21:10:52 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-10-26 17:46:44 ----D---- C:\Users\Klea\AppData\Roaming\Might & Magic Heroes VI
2011-10-26 17:44:27 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2011-10-26 17:44:27 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2011-10-26 17:44:27 ----A---- C:\Windows\system32\XAudio2_7.dll
2011-10-26 17:44:27 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2011-10-26 17:44:26 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2011-10-26 17:44:26 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2011-10-26 17:44:26 ----A---- C:\Windows\system32\xactengine3_7.dll
2011-10-26 17:44:26 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2011-10-26 17:44:25 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2011-10-26 17:44:25 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2011-10-26 17:44:25 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2011-10-26 17:44:25 ----A---- C:\Windows\system32\d3dx11_43.dll
2011-10-26 17:44:25 ----A---- C:\Windows\system32\d3dx10_43.dll
2011-10-26 17:44:25 ----A---- C:\Windows\system32\d3dcsx_43.dll
2011-10-26 17:44:24 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2011-10-26 17:44:24 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2011-10-26 17:44:24 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2011-10-26 17:44:24 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-10-26 17:44:24 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-10-26 17:44:24 ----A---- C:\Windows\system32\D3DX9_43.dll
2011-10-26 17:44:23 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2011-10-26 17:44:23 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2011-10-26 17:44:23 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-10-26 17:44:23 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-10-26 17:44:22 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2011-10-26 17:44:22 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2011-10-26 17:44:22 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-10-26 17:44:22 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-10-26 17:44:21 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2011-10-26 17:44:21 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-10-26 17:44:18 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2011-10-26 17:44:18 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-10-26 17:44:17 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2011-10-26 17:44:17 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2011-10-26 17:44:17 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-10-26 17:44:17 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-10-26 17:44:16 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2011-10-26 17:44:16 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2011-10-26 17:44:16 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2011-10-26 17:44:16 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-10-26 17:44:16 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-10-26 17:44:16 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-10-26 17:44:15 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2011-10-26 17:44:15 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-10-26 17:44:14 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2011-10-26 17:44:14 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2011-10-26 17:44:14 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2011-10-26 17:44:14 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2011-10-26 17:44:14 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-10-26 17:44:14 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-10-26 17:44:14 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-10-26 17:44:14 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-10-26 17:44:13 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2011-10-26 17:44:13 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2011-10-26 17:44:13 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-10-26 17:44:13 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-10-26 17:44:12 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2011-10-26 17:44:12 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-10-26 17:44:11 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2011-10-26 17:44:11 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2011-10-26 17:44:11 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2011-10-26 17:44:11 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2011-10-26 17:44:11 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-10-26 17:44:11 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-10-26 17:44:11 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-10-26 17:44:11 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-10-26 17:44:10 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2011-10-26 17:44:10 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2011-10-26 17:44:10 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2011-10-26 17:44:10 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-10-26 17:44:10 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-10-26 17:44:10 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-10-26 17:44:09 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2011-10-26 17:44:09 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2011-10-26 17:44:09 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-10-26 17:44:09 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-10-26 17:44:08 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2011-10-26 17:44:08 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2011-10-26 17:44:08 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-10-26 17:44:08 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-10-26 17:44:07 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2011-10-26 17:44:07 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2011-10-26 17:44:07 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2011-10-26 17:44:07 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-10-26 17:44:07 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-10-26 17:44:07 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-10-26 17:44:06 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2011-10-26 17:44:06 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2011-10-26 17:44:06 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-10-26 17:44:06 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-10-26 17:44:05 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2011-10-26 17:44:05 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2011-10-26 17:44:05 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2011-10-26 17:44:05 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-10-26 17:44:05 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-10-26 17:44:05 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-10-26 17:44:04 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2011-10-26 17:44:04 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2011-10-26 17:44:04 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2011-10-26 17:44:04 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-10-26 17:44:04 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-10-26 17:44:04 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-10-26 17:44:03 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2011-10-26 17:44:03 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-10-26 17:44:02 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2011-10-26 17:44:02 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2011-10-26 17:44:02 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2011-10-26 17:44:02 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-10-26 17:44:02 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-10-26 17:44:02 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-10-26 17:44:01 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2011-10-26 17:44:01 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-10-26 17:44:00 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2011-10-26 17:44:00 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2011-10-26 17:44:00 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2011-10-26 17:44:00 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-10-26 17:44:00 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-10-26 17:44:00 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-10-26 17:43:59 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2011-10-26 17:43:59 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-10-26 17:43:58 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2011-10-26 17:43:58 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2011-10-26 17:43:58 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-10-26 17:43:58 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2011-10-26 17:38:36 ----D---- C:\Program Files (x86)\Ubisoft

======List of files/folders modified in the last 1 month======

2011-11-22 19:26:47 ----D---- C:\Windows\Temp
2011-11-22 18:55:11 ----D---- C:\Windows\System32
2011-11-22 18:55:11 ----D---- C:\Windows\inf
2011-11-22 18:55:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-11-22 18:54:59 ----D---- C:\Windows\Prefetch
2011-11-22 18:54:47 ----SHD---- C:\System Volume Information
2011-11-22 18:53:46 ----D---- C:\Windows\system32\config
2011-11-21 22:11:08 ----D---- C:\Windows\SysWOW64
2011-11-21 22:11:04 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2011-11-21 21:49:14 ----RD---- C:\Program Files
2011-11-19 10:03:56 ----D---- C:\Windows
2011-11-16 21:28:48 ----D---- C:\Windows\Downloaded Program Files
2011-11-12 23:01:56 ----D---- C:\Windows\system32\catroot
2011-11-10 20:34:32 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-11-09 19:48:33 ----D---- C:\Windows\winsxs
2011-11-09 19:47:20 ----D---- C:\Program Files\Common Files\System
2011-11-09 19:47:19 ----D---- C:\Windows\system32\drivers
2011-11-08 23:52:04 ----A---- C:\Windows\system32\MRT.exe
2011-11-08 22:19:51 ----D---- C:\Windows\system32\catroot2
2011-11-02 21:45:47 ----SD---- C:\Users\Klea\AppData\Roaming\Microsoft
2011-11-02 21:35:55 ----D---- C:\Windows\system32\drivers\UMDF
2011-11-02 21:11:02 ----SHD---- C:\Windows\Installer
2011-11-02 21:11:02 ----SD---- C:\ProgramData\Microsoft
2011-11-02 21:10:52 ----RD---- C:\Program Files (x86)
2011-10-28 08:05:03 ----D---- C:\Windows\system32\wdi
2011-10-26 20:09:57 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-10-26 17:43:49 ----RSD---- C:\Windows\assembly
2011-10-26 17:43:22 ----D---- C:\Windows\Logs
2011-10-26 17:42:24 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-10-25 20:45:35 ----D---- C:\Windows\Tasks
2011-10-25 20:45:35 ----D---- C:\Windows\system32\wfp
2011-10-25 20:45:34 ----D---- C:\Windows\system32\wbem
2011-10-25 20:44:48 ----D---- C:\Windows\system32\DriverStore
2011-10-25 20:44:45 ----D---- C:\Windows\system32\NDF
2011-10-25 20:44:44 ----D---- C:\Users\Klea\AppData\Roaming\Ventrilo
2011-10-25 20:44:43 ----D---- C:\Windows\registration
2011-10-23 11:18:44 ----D---- C:\Windows\AppCompat

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-09-06 42328]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-09-06 601944]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-09-06 301912]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-09-06 58200]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-12 270912]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-09-06 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-09-06 65368]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-09-08 10203648]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-09-08 310784]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-08-16 3056360]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-09-08 10203648]
S3 cpuz130;cpuz130; \??\C:\Users\Klea\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-05-18 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-05-18 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-05-18 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-05-18 9216]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-09-08 204288]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-10-13 75136]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-11 1255736]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny vecer preji

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[k1ea]

Moc děkuji za tak rychlé jednání. MBAM se zdá být v pořádku

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 8218

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

22.11.2011 20:28:07
mbam-log-2011-11-22 (20-28-07).txt

Typ kontroly: Rychlý test
Testované objekty: 166294
Uplynulý čas: 2 minut, 39 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[vyosek]

Jak se tem spam na FB projevuje

[k1ea]

rozrsílají se různé pozvánky a reklamy ze stránek které jsem ani nenavštívila

[vyosek]

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[k1ea]

ComboFix 11-11-22.01 - Klea 22.11.2011 22:57:39.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4094.2860 [GMT 1:00]
Spuštěný z: c:\users\Klea\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Klea\Desktop\Internet Explorer.lnk
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-22 do 2011-11-22 )))))))))))))))))))))))))))))))
.
.
2011-11-22 22:10 . 2011-11-22 22:10 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BE7B7E4-9189-49D5-9E3E-A1A4EFA7EA13}\offreg.dll
2011-11-22 22:07 . 2011-11-22 22:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-22 19:24 . 2011-11-22 19:24 -------- d-----w- c:\users\Klea\AppData\Roaming\Malwarebytes
2011-11-22 19:24 . 2011-11-22 19:24 -------- d-----w- c:\programdata\Malwarebytes
2011-11-22 19:24 . 2010-11-29 16:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-11-22 19:24 . 2011-11-22 19:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-22 19:24 . 2010-11-29 16:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-22 17:54 . 2011-10-18 00:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BE7B7E4-9189-49D5-9E3E-A1A4EFA7EA13}\mpengine.dll
2011-11-21 20:49 . 2011-11-22 18:26 -------- d-----w- c:\program files\trend micro
2011-11-21 20:49 . 2011-11-21 20:49 -------- d-----w- C:\rsit
2011-11-08 22:49 . 2011-11-08 22:49 -------- d-----w- c:\users\Klea\AppData\Local\Apps
2011-11-08 21:20 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 21:20 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-08 21:20 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 21:19 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-02 20:10 . 2011-11-02 20:10 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-10-29 00:07 . 2011-10-29 00:08 -------- d-----w- c:\users\Klea\AppData\Local\Microsoft Games
2011-10-26 16:46 . 2011-10-26 19:08 -------- d-----w- c:\users\Klea\AppData\Local\Ubisoft Game Launcher
2011-10-26 16:46 . 2011-11-05 10:02 -------- d-----w- c:\users\Klea\AppData\Roaming\Might & Magic Heroes VI
2011-10-26 16:43 . 2007-07-19 16:14 5073256 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-10-26 16:43 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2011-10-26 16:43 . 2007-10-22 01:37 17928 ----a-w- c:\windows\SysWow64\X3DAudio1_2.dll
2011-10-26 16:43 . 2007-10-22 01:37 21000 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2011-10-26 16:43 . 2007-06-20 18:49 409960 ----a-w- c:\windows\system32\xactengine2_8.dll
2011-10-26 16:43 . 2007-06-20 18:46 266088 ----a-w- c:\windows\SysWow64\xactengine2_8.dll
2011-10-26 16:38 . 2011-10-26 16:42 -------- d-----w- c:\program files (x86)\Ubisoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 21:11 . 2011-10-13 20:03 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-21 21:11 . 2011-10-12 19:22 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-21 21:10 . 2011-10-12 19:22 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-11-16 20:28 . 2011-10-11 21:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-13 19:57 . 2011-10-12 19:22 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-12 17:03 . 2011-10-12 17:03 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-11 22:23 . 2011-10-11 22:23 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-10-11 22:23 . 2011-10-11 22:23 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-10-11 22:23 . 2011-10-11 22:23 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-10-11 22:23 . 2011-10-11 22:23 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-10-11 20:55 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-11 20:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-10-11 19:50 . 2011-10-11 19:50 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-11 19:50 . 2011-10-11 19:50 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-11 19:50 . 2011-10-11 19:50 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-10-11 19:50 . 2011-10-11 19:50 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-10-11 19:50 . 2011-10-11 19:50 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-10-11 19:50 . 2011-10-11 19:50 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-10-11 19:50 . 2011-10-11 19:50 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-10-11 19:50 . 2011-10-11 19:50 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-10-11 19:50 . 2011-10-11 19:50 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-10-11 19:50 . 2011-10-11 19:50 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-10-11 19:50 . 2011-10-11 19:50 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-10-11 19:50 . 2011-10-11 19:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-10-11 19:50 . 2011-10-11 19:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-11 19:50 . 2011-10-11 19:50 448512 ----a-w- c:\windows\system32\html.iec
2011-10-11 19:50 . 2011-10-11 19:50 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-10-11 19:50 . 2011-10-11 19:50 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-10-11 19:50 . 2011-10-11 19:50 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-10-11 19:50 . 2011-10-11 19:50 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-11 19:50 . 2011-10-11 19:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-11 19:50 . 2011-10-11 19:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-11 19:50 . 2011-10-11 19:50 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-10-11 19:50 . 2011-10-11 19:50 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-10-11 19:50 . 2011-10-11 19:50 222208 ----a-w- c:\windows\system32\msls31.dll
2011-10-11 19:50 . 2011-10-11 19:50 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-10-11 19:50 . 2011-10-11 19:50 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-11 19:50 . 2011-10-11 19:50 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-10-11 19:50 . 2011-10-11 19:50 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-10-11 19:50 . 2011-10-11 19:50 160256 ----a-w- c:\windows\system32\wextract.exe
2011-10-11 19:50 . 2011-10-11 19:50 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-10-11 19:50 . 2011-10-11 19:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-10-11 19:50 . 2011-10-11 19:50 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-11 19:50 . 2011-10-11 19:50 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-10-11 19:50 . 2011-10-11 19:50 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-10-11 19:50 . 2011-10-11 19:50 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-10-11 19:50 . 2011-10-11 19:50 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-11 19:50 . 2011-10-11 19:50 12288 ----a-w- c:\windows\system32\mshta.exe
2011-10-11 19:50 . 2011-10-11 19:50 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-10-11 19:50 . 2011-10-11 19:50 114176 ----a-w- c:\windows\system32\admparse.dll
2011-10-11 19:50 . 2011-10-11 19:50 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-10-11 19:50 . 2011-10-11 19:50 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-11 19:50 . 2011-10-11 19:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-10-11 19:50 . 2011-10-11 19:50 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-14 09:47 . 2011-09-14 09:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-09-14 09:47 . 2011-09-14 09:47 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-14 09:47 . 2011-09-14 09:47 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-09-14 09:47 . 2011-09-14 09:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll
2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2011-09-08 17:34 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2011-09-08 17:32 862720 ----a-w- c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-09-08 17:30 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-09-08 17:28 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2011-09-08 17:24 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-09-08 17:18 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2009-07-13 21:59 4944896 ----a-w- c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-09-08 17:00 5428736 ----a-w- c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2011-09-08 16:59 58880 ----a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-09-08 16:53 381952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz130;cpuz130;c:\users\Klea\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{5D95B431-BDC6-437E-88F9-E434FFE3380B}: NameServer = 10.0.0.138
FF - ProfilePath - c:\users\Klea\AppData\Roaming\Mozilla\Firefox\Profiles\1m0rqiwz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2011-11-22 23:22:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-22 22:22
.
Před spuštěním: Volných bajtů: 241 540 947 968
Po spuštění: Volných bajtů: 241 368 928 256
.
- - End Of File - - FC2ADF4C14EEE9C02EE24DB72B4F685E

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  "PC Suite Tray"=-
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[k1ea]

snad jsem to provedla správně

ComboFix 11-11-23.01 - Klea 23.11.2011 19:39:51.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4094.2854 [GMT 1:00]
Spuštěný z: c:\users\Klea\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Klea\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-23 do 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-23 18:46 . 2011-11-23 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-22 19:24 . 2011-11-22 19:24 -------- d-----w- c:\users\Klea\AppData\Roaming\Malwarebytes
2011-11-22 19:24 . 2011-11-22 19:24 -------- d-----w- c:\programdata\Malwarebytes
2011-11-22 19:24 . 2010-11-29 16:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-11-22 19:24 . 2011-11-22 19:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-22 19:24 . 2010-11-29 16:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-22 17:54 . 2011-10-18 00:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BE7B7E4-9189-49D5-9E3E-A1A4EFA7EA13}\mpengine.dll
2011-11-21 20:49 . 2011-11-22 18:26 -------- d-----w- c:\program files\trend micro
2011-11-21 20:49 . 2011-11-21 20:49 -------- d-----w- C:\rsit
2011-11-08 22:49 . 2011-11-08 22:49 -------- d-----w- c:\users\Klea\AppData\Local\Apps
2011-11-08 21:20 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 21:20 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-08 21:20 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 21:19 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-02 20:10 . 2011-11-02 20:10 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-10-29 00:07 . 2011-10-29 00:08 -------- d-----w- c:\users\Klea\AppData\Local\Microsoft Games
2011-10-26 16:46 . 2011-10-26 19:08 -------- d-----w- c:\users\Klea\AppData\Local\Ubisoft Game Launcher
2011-10-26 16:46 . 2011-11-05 10:02 -------- d-----w- c:\users\Klea\AppData\Roaming\Might & Magic Heroes VI
2011-10-26 16:43 . 2007-07-19 16:14 5073256 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-10-26 16:43 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2011-10-26 16:43 . 2007-10-22 01:37 17928 ----a-w- c:\windows\SysWow64\X3DAudio1_2.dll
2011-10-26 16:43 . 2007-10-22 01:37 21000 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2011-10-26 16:43 . 2007-06-20 18:49 409960 ----a-w- c:\windows\system32\xactengine2_8.dll
2011-10-26 16:43 . 2007-06-20 18:46 266088 ----a-w- c:\windows\SysWow64\xactengine2_8.dll
2011-10-26 16:38 . 2011-10-26 16:42 -------- d-----w- c:\program files (x86)\Ubisoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 21:11 . 2011-10-13 20:03 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-21 21:11 . 2011-10-12 19:22 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-21 21:10 . 2011-10-12 19:22 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-11-16 20:28 . 2011-10-11 21:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-13 19:57 . 2011-10-12 19:22 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-12 17:03 . 2011-10-12 17:03 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-11 22:23 . 2011-10-11 22:23 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-10-11 22:23 . 2011-10-11 22:23 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-10-11 22:23 . 2011-10-11 22:23 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-10-11 22:23 . 2011-10-11 22:23 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-10-11 20:55 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-11 20:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-10-11 19:50 . 2011-10-11 19:50 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-11 19:50 . 2011-10-11 19:50 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-11 19:50 . 2011-10-11 19:50 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-10-11 19:50 . 2011-10-11 19:50 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-10-11 19:50 . 2011-10-11 19:50 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-10-11 19:50 . 2011-10-11 19:50 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-10-11 19:50 . 2011-10-11 19:50 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-10-11 19:50 . 2011-10-11 19:50 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-10-11 19:50 . 2011-10-11 19:50 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-10-11 19:50 . 2011-10-11 19:50 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-10-11 19:50 . 2011-10-11 19:50 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-10-11 19:50 . 2011-10-11 19:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-10-11 19:50 . 2011-10-11 19:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-11 19:50 . 2011-10-11 19:50 448512 ----a-w- c:\windows\system32\html.iec
2011-10-11 19:50 . 2011-10-11 19:50 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-10-11 19:50 . 2011-10-11 19:50 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-10-11 19:50 . 2011-10-11 19:50 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-10-11 19:50 . 2011-10-11 19:50 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-11 19:50 . 2011-10-11 19:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-11 19:50 . 2011-10-11 19:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-11 19:50 . 2011-10-11 19:50 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-10-11 19:50 . 2011-10-11 19:50 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-10-11 19:50 . 2011-10-11 19:50 222208 ----a-w- c:\windows\system32\msls31.dll
2011-10-11 19:50 . 2011-10-11 19:50 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-10-11 19:50 . 2011-10-11 19:50 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-11 19:50 . 2011-10-11 19:50 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-10-11 19:50 . 2011-10-11 19:50 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-10-11 19:50 . 2011-10-11 19:50 160256 ----a-w- c:\windows\system32\wextract.exe
2011-10-11 19:50 . 2011-10-11 19:50 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-10-11 19:50 . 2011-10-11 19:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-10-11 19:50 . 2011-10-11 19:50 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-11 19:50 . 2011-10-11 19:50 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-10-11 19:50 . 2011-10-11 19:50 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-10-11 19:50 . 2011-10-11 19:50 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-10-11 19:50 . 2011-10-11 19:50 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-11 19:50 . 2011-10-11 19:50 12288 ----a-w- c:\windows\system32\mshta.exe
2011-10-11 19:50 . 2011-10-11 19:50 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-10-11 19:50 . 2011-10-11 19:50 114176 ----a-w- c:\windows\system32\admparse.dll
2011-10-11 19:50 . 2011-10-11 19:50 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-10-11 19:50 . 2011-10-11 19:50 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-11 19:50 . 2011-10-11 19:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-10-11 19:50 . 2011-10-11 19:50 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-14 09:47 . 2011-09-14 09:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-09-14 09:47 . 2011-09-14 09:47 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-14 09:47 . 2011-09-14 09:47 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-09-14 09:47 . 2011-09-14 09:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll
2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2011-09-08 17:34 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2011-09-08 17:32 862720 ----a-w- c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-09-08 17:30 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-09-08 17:28 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2011-09-08 17:24 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-09-08 17:18 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2009-07-13 21:59 4944896 ----a-w- c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-09-08 17:00 5428736 ----a-w- c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2011-09-08 16:59 58880 ----a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-09-08 16:53 381952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-22_22.09.24 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-11-22 22:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-23 18:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-22 22:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-23 18:47 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-23 18:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-22 22:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-11 19:44 . 2011-11-23 18:17 23056 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-23 18:17 34398 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-11 18:26 . 2011-11-23 18:17 5866 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3282816963-1808374634-2102609162-1000_UserData.bin
- 2011-11-22 22:08 . 2011-11-22 22:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-23 18:47 . 2011-11-23 18:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-11-22 17:55 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-23 18:20 615810 c:\windows\system32\perfh009.dat
- 2009-07-14 15:18 . 2011-11-22 17:55 631054 c:\windows\system32\perfh005.dat
+ 2009-07-14 15:18 . 2011-11-23 18:20 631054 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2011-11-23 18:20 106190 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-22 17:55 106190 c:\windows\system32\perfc009.dat
+ 2009-07-14 15:18 . 2011-11-23 18:20 121708 c:\windows\system32\perfc005.dat
- 2009-07-14 15:18 . 2011-11-22 17:55 121708 c:\windows\system32\perfc005.dat
- 2011-10-11 21:50 . 2011-11-21 22:20 363952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-11 21:50 . 2011-11-23 18:46 363952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2011-11-22 22:07 389728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-23 18:46 389728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-11 21:50 . 2011-11-23 18:46 7688252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3282816963-1808374634-2102609162-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz130;cpuz130;c:\users\Klea\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{5D95B431-BDC6-437E-88F9-E434FFE3380B}: NameServer = 10.0.0.138
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Klea\AppData\Roaming\Mozilla\Firefox\Profiles\1m0rqiwz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2011-11-23 19:51:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-23 18:51
ComboFix2.txt 2011-11-22 22:22
.
Před spuštěním: Volných bajtů: 240 891 850 752
Po spuštění: Volných bajtů: 240 874 618 880
.
- - End Of File - - 14B78F2D569BE43F7FCC9FE1789CEBAE

[vyosek]

Ano provedla, jak se chova PC

[k1ea]

pořád to stejné, jen se lognu na fb odešle se mím přátelům ne zeď spam, v internetovém prohlížeči se občas samo otevírá nový panel

[vyosek]

Pustte tam SAS http://www.viry.cz/forum/viewtopic.php?f=29&t=51359

[k1ea]

tak jsem to projela SUPERAntiSpywarem, ale problém přetrvává

[vyosek]

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  CREATERESTOREPOINT
  
  netsvcs
  drivers32
  savembr:0
  
  /md5start
  adp3132.sys
  AGP440.sys
  ahcix86.sys
  ahcix86s.sys
  atapi.sys
  autochk.exe
  cdrom.sys
  cngaudit.dll
  cryptsvc.dll
  eNetHook.dll
  eventlog.dll
  explorer.exe
  hal.dll
  Changer.sys
  iaStor.sys
  iastorv.sys
  IdeChnDr.sys
  isapnp.sys
  JakNDis.sys
  KR10N.sys
  logevent.dll
  lsass.exe
  mv61xx.sys
  ndis.sys
  netlogon.dll
  ntelogon.dll
  nvata.sys
  nvatabus.sys
  nvgts.sys
  nvraid.sys
  nvrd32.sys
  nvstor.sys
  nvstor32.sys
  scecli.dll
  sceclt.dll
  smss.exe
  svchost.exe
  symmpi.sys
  tcpip.sys
  userinit.exe
  vaxscsi.sys
  viamraid.sys
  viasraid.sys
  ViPrt.sys
  winlogon.exe
  ws2_32.dll
  /md5stop
  
  %systemroot%*.* /U /s
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  %SYSTEMDRIVE%\*.exe
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
  reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
  reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
  
  type c:\boot.ini >> test.txt /c
  %SystemDrive%\PhysicalMBR.bin /md5

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

[k1ea]

něco dělám asi špatně, nechce mi to to vytvořit soubor