Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu W7

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
martin1973
Návštěvník
Návštěvník
Příspěvky: 194
Registrován: 13 led 2010 23:10

Prosím o kontrolu logu W7

#1 Příspěvek od martin1973 »

Náhodne som kontroloval dcére pc a vidím tam neaké somariny a aj panda vždy niečo nájde.A asi tam má falošný AV blue dll alebo čo :evil: .Už som ju zjadil a aby hlavne dávala pozor čo sťahuje Logfile of random's system information tool 1.09 (written by random/random)
Run by prestigio at 2011-12-16 21:05:10
Microsoft Windows 7 Home Premium
System drive C: has 203 GB (81%) free of 250 GB
Total RAM: 3071 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:05:31, on 16. 12. 2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2011\WebProxy.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\ApVxdWin.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\PavBckPT.exe
C:\Windows\system32\wuauclt.exe
C:\Users\prestigio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\prestigio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\prestigio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\prestigio\Downloads\RSIT.exe
C:\Program Files\trend micro\prestigio.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\avciman.exe
C:\Windows\system32\rundll32.exe
C:\Users\prestigio\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2011\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Google Update] "C:\Users\prestigio\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Pridať do blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Pridať do blogu v programe Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda security\panda internet security 2011\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2011\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2011\PskSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2011\TPSrv.exe
O23 - Service: Webcam Corp. Service Starter - Unknown owner - C:\Program Files\Webcam\Webcam123\dogsvc.exe

--
End of file - 7262 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2419112330-3943477382-4205184403-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2419112330-3943477382-4205184403-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\prestigio\AppData\Roaming\Mozilla\Firefox\Profiles\mamaav46.default

prefs.js - "browser.startup.homepage" - "http://home.sweetim.com"
prefs.js - "keyword.URL" - "http://search.babylon.com/?AF=100490&ba ... 49cdf15&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
babylon.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\prestigio\AppData\Roaming\Mozilla\Firefox\Profiles\mamaav46.default\extensions\
{EEE6C361-6118-11DC-9C72-001320C79847}

C:\Users\prestigio\AppData\Roaming\Mozilla\Firefox\Profiles\mamaav46.default\searchplugins\
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-29 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2009-10-28 1701888]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-06-22 98304]
"APVXDWIN"=C:\Program Files\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE [2011-09-05 984576]
"SCANINICIO"=C:\Program Files\Panda Security\Panda Internet Security 2011\Inicio.exe [2010-06-11 68928]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-15 1955208]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2011-08-01 114992]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2011-08-31 1047208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\prestigio\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
"msnmsgr"=~C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []
"Steam"=C:\Program Files\Steam\Steam.exe [2011-12-14 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
C:\Windows\system32\avldr.dll [2010-03-24 55552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"vidc.tscc"=tsccvid.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
.vbs - open - C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-12-16 21:05:10 ----D---- C:\rsit
2011-12-16 21:05:10 ----D---- C:\Program Files\trend micro
2011-12-16 21:02:46 ----SHD---- C:\Config.Msi
2011-12-16 17:52:21 ----D---- C:\Users\prestigio\AppData\Roaming\Malwarebytes
2011-12-16 17:52:13 ----D---- C:\ProgramData\Malwarebytes
2011-12-16 17:52:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-12-16 17:52:10 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-12-16 17:42:25 ----D---- C:\ProgramData\Uniblue
2011-12-16 14:29:41 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-12-16 14:29:41 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-12-16 14:29:41 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-12-16 14:29:41 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-12-16 14:29:40 ----A---- C:\Windows\system32\xinput1_3.dll
2011-12-16 14:29:40 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-12-16 14:29:40 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-12-16 14:29:10 ----D---- C:\Program Files\Microsoft XNA
2011-12-15 15:25:07 ----RHD---- C:\Users\prestigio\AppData\Roaming\SecuROM
2011-12-15 15:00:27 ----D---- C:\Program Files\Electronic Arts
2011-12-14 14:25:32 ----A---- C:\Windows\system32\mshtmled.dll
2011-12-14 14:25:32 ----A---- C:\Windows\system32\iertutil.dll
2011-12-14 14:25:31 ----A---- C:\Windows\system32\jsproxy.dll
2011-12-14 14:25:31 ----A---- C:\Windows\system32\jscript9.dll
2011-12-14 14:25:31 ----A---- C:\Windows\system32\jscript.dll
2011-12-14 14:25:30 ----A---- C:\Windows\system32\wininet.dll
2011-12-14 14:25:30 ----A---- C:\Windows\system32\url.dll
2011-12-14 14:25:30 ----A---- C:\Windows\system32\ieui.dll
2011-12-14 14:25:29 ----A---- C:\Windows\system32\urlmon.dll
2011-12-14 14:25:29 ----A---- C:\Windows\system32\mshtml.dll
2011-12-14 14:25:28 ----A---- C:\Windows\system32\ieframe.dll
2011-12-14 13:56:22 ----D---- C:\Program Files\Common Files\Steam
2011-12-14 13:56:21 ----D---- C:\Program Files\Steam
2011-12-14 13:36:11 ----A---- C:\Windows\system32\win32k.sys
2011-12-14 13:36:09 ----A---- C:\Windows\system32\tzres.dll
2011-12-14 13:36:04 ----A---- C:\Windows\system32\EncDec.dll
2011-12-14 13:36:04 ----A---- C:\Windows\system32\csrsrv.dll
2011-12-14 13:36:02 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-12-14 13:36:02 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-12-13 16:42:57 ----D---- C:\ProgramData\SweetIM
2011-12-13 16:42:57 ----D---- C:\Program Files\SweetIM
2011-12-13 16:42:03 ----D---- C:\ProgramData\Premium
2011-12-13 16:42:01 ----D---- C:\ProgramData\InstallMate
2011-12-13 16:33:17 ----D---- C:\Users\prestigio\AppData\Roaming\Spore
2011-12-12 20:22:31 ----A---- C:\user.js
2011-12-12 20:21:59 ----D---- C:\Users\prestigio\AppData\Roaming\Babylon
2011-12-12 20:21:59 ----D---- C:\ProgramData\Babylon
2011-12-12 19:39:32 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-12-04 15:18:40 ----D---- C:\Program Files\LogMeIn Hamachi
2011-12-03 19:53:53 ----D---- C:\Users\prestigio\AppData\Roaming\Unity

======List of files/folders modified in the last 1 month======

2011-12-16 21:05:32 ----D---- C:\Windows\Temp
2011-12-16 21:05:12 ----D---- C:\Windows\system32\drivers
2011-12-16 21:05:10 ----RD---- C:\Program Files
2011-12-16 21:03:11 ----D---- C:\Windows\Tasks
2011-12-16 21:03:11 ----D---- C:\Windows\system32\Tasks
2011-12-16 21:02:48 ----SHD---- C:\Windows\Installer
2011-12-16 21:01:59 ----SD---- C:\Users\prestigio\AppData\Roaming\Microsoft
2011-12-16 21:00:04 ----D---- C:\Windows\system32\drivers\etc
2011-12-16 20:57:20 ----D---- C:\Windows\System32
2011-12-16 20:56:26 ----D---- C:\Windows\system32\config
2011-12-16 19:00:33 ----D---- C:\Windows\pt-PT
2011-12-16 18:18:55 ----RSD---- C:\Windows\assembly
2011-12-16 18:18:55 ----D---- C:\Windows\Microsoft.NET
2011-12-16 17:52:13 ----HD---- C:\ProgramData
2011-12-16 14:53:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-12-16 14:53:25 ----D---- C:\Windows\inf
2011-12-16 14:47:26 ----SHD---- C:\System Volume Information
2011-12-16 14:29:11 ----D---- C:\Windows\Logs
2011-12-16 14:29:10 ----D---- C:\Program Files\Common Files\microsoft shared
2011-12-16 14:26:16 ----D---- C:\Windows
2011-12-16 14:26:13 ----D---- C:\Windows\SoftwareDistribution
2011-12-16 13:41:03 ----D---- C:\Windows\system32\catroot2
2011-12-15 20:02:19 ----HD---- C:\Program Files\InstallShield Installation Information
2011-12-14 14:43:05 ----D---- C:\Windows\winsxs
2011-12-14 14:40:50 ----D---- C:\Windows\system32\sl-SI
2011-12-14 14:40:50 ----D---- C:\Windows\system32\sk-SK
2011-12-14 14:40:50 ----D---- C:\Windows\system32\ru-RU
2011-12-14 14:40:50 ----D---- C:\Windows\system32\ro-RO
2011-12-14 14:40:50 ----D---- C:\Windows\system32\pt-PT
2011-12-14 14:40:50 ----D---- C:\Windows\system32\pl-PL
2011-12-14 14:40:50 ----D---- C:\Windows\system32\nl-NL
2011-12-14 14:40:50 ----D---- C:\Windows\system32\hu-HU
2011-12-14 14:40:50 ----D---- C:\Windows\system32\hr-HR
2011-12-14 14:40:50 ----D---- C:\Windows\system32\en-US
2011-12-14 14:40:50 ----D---- C:\Windows\system32\el-GR
2011-12-14 14:40:50 ----D---- C:\Windows\system32\cs-CZ
2011-12-14 14:40:50 ----D---- C:\Windows\system32\bg-BG
2011-12-14 14:40:48 ----D---- C:\Windows\system32\migration
2011-12-14 14:40:48 ----D---- C:\Program Files\Internet Explorer
2011-12-14 14:26:23 ----D---- C:\Windows\system32\catroot
2011-12-14 13:56:22 ----D---- C:\Program Files\Common Files
2011-12-12 21:25:43 ----D---- C:\Program Files\Mozilla Firefox
2011-12-11 10:25:28 ----D---- C:\Users\prestigio\AppData\Roaming\.minecraft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pavboot;Panda boot driver; C:\Windows\system32\Drivers\pavboot.sys [2010-06-22 26696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 ShldDrv;Panda File Shield Driver; C:\Windows\System32\DRIVERS\ShlDrv51.sys [2009-10-27 37896]
R2 AmFSM;AmFSM; C:\Windows\system32\DRIVERS\amm8660.sys [2010-05-21 54344]
R2 APPFLT;App Filter Plugin; \??\C:\Windows\system32\Drivers\APPFLT.SYS [2010-02-18 76296]
R2 ComFiltr;Panda Anti-Dialer; \??\C:\Windows\system32\DRIVERS\COMFiltr.sys [2011-08-10 13880]
R2 DSAFLT;DSA Filter Plugin; \??\C:\Windows\system32\Drivers\DSAFLT.SYS [2009-09-25 53256]
R2 FNETMON;NetMon Filter Plugin; \??\C:\Windows\system32\Drivers\fnetmon.SYS [2009-09-25 22024]
R2 IDSFLT;Ids Filter Plugin; \??\C:\Windows\system32\Drivers\IDSFLT.SYS [2009-09-25 193800]
R2 NETFLTDI;Panda Net Driver [TDI Layer]; \??\C:\Windows\system32\Drivers\NETFLTDI.SYS [2009-09-25 159112]
R2 PavProc;Panda Process Protection Driver; \??\C:\Windows\system32\DRIVERS\PavProc.sys [2009-09-14 163336]
R2 WNMFLT;Wifi Monitor Filter Plugin; \??\C:\Windows\system32\Drivers\WNMFLT.SYS [2009-09-25 46856]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-06-22 5882880]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-06-22 210944]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-05 108560]
R3 AvFlt;Antivirus Filter Driver; C:\Windows\system32\drivers\av5flt.sys []
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 13216]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42; C:\Windows\system32\DRIVERS\neti1642.sys [2010-02-18 199688]
R3 PavSRK.sys;PavSRK.sys; \??\C:\Windows\system32\PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys; \??\C:\Windows\system32\PavTPK.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-10-21 1102848]
S0 xlsnfid;xlsnfid; C:\Windows\System32\drivers\gpdf.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-06-22 176128]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
R2 Panda Software Controller;Panda Software Controller; C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrls.exe [2009-08-10 173312]
R2 PAVFNSVR;Panda Function Service; C:\Program Files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe [2010-09-13 202048]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe [2008-02-04 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service; C:\Program Files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe [2010-06-04 314176]
R2 PSHost;Panda Host Service; c:\program files\panda security\panda internet security 2011\firewall\PSHOST.EXE [2009-11-26 226560]
R2 PSIMSVC;Panda IManager Service; C:\Program Files\Panda Security\Panda Internet Security 2011\PsImSvc.exe [2008-06-19 108288]
R2 PskSvcRetail;Panda PSK service; C:\Program Files\Panda Security\Panda Internet Security 2011\PskSvc.exe [2010-08-16 28992]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 TPSrv;Panda TPSrv; C:\Program Files\Panda Security\Panda Internet Security 2011\TPSrv.exe [2010-09-29 157504]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-12-14 419624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-26 1343400]
S3 Webcam Corp. Service Starter;Webcam Corp. Service Starter; C:\Program Files\Webcam\Webcam123\dogsvc.exe [2009-09-19 164864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu W7

#2 Příspěvek od vyosek »

Zdravim a pekne sobotni dopoledne preji :)

:arrow: Trvate na antiviru Panda, tohle je dle meho spise parodie na antivir nez ochrana :?:

:arrow: Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
  • Ukoncete vsechny programy
  • Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
  • Zvolte moznost 2 a potvrte enterem
  • Utilita provede svou cinnost a da log - ten sem vlozte
  • Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
martin1973
Návštěvník
Návštěvník
Příspěvky: 194
Registrován: 13 led 2010 23:10

Re: Prosím o kontrolu logu W7

#3 Příspěvek od martin1973 »

RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: prestigio [Admin rights]
Mode: Remove -- Date : 12/17/2011 12:25:45

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] RunAsStdUser Task.job : C:\Users\prestigio\AppData\Local\ClickPotatoLiteSA\bin\12.0.15.0\ClickPotatoLiteSA.exe -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤
--- User ---
[MBR] e3e606213f7e8a079ec9cfd7371f776a
[BSP] ffb4f8bdbd78fc91e59003667bbee32f : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 104 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 206848 | Size: 262041 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 512007615 | Size: 237957 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Nahoru
martin1973
Návštěvník
Návštěvník
Příspěvky: 194
Registrován: 13 led 2010 23:10

Re: Prosím o kontrolu logu W7

#4 Příspěvek od martin1973 »

RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: prestigio [Admin rights]
Mode: HOSTSFix -- Date : 12/17/2011 12:26:51

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ Resetted HOSTS: ¤¤¤


Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Nahoru
martin1973
Návštěvník
Návštěvník
Příspěvky: 194
Registrován: 13 led 2010 23:10

Re: Prosím o kontrolu logu W7

#5 Příspěvek od martin1973 »

RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: prestigio [Admin rights]
Mode: ProxyFix -- Date : 12/17/2011 12:27:36

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu W7

#6 Příspěvek od vyosek »

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
martin1973
Návštěvník
Návštěvník
Příspěvky: 194
Registrován: 13 led 2010 23:10

Re: Prosím o kontrolu logu W7

#7 Příspěvek od martin1973 »

ComboFix 11-12-16.03 - prestigio . 12. 2011 13:08:27.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.421.1051.18.3071.2124 [GMT 1:00]
Running from: c:\users\prestigio\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))
.
.
2011-12-17 12:13 . 2011-12-17 12:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-17 12:12 . 2011-12-17 12:12 -------- d-----w- c:\users\NATALKA\AppData\Local\temp
2011-12-17 12:06 . 2011-12-17 12:06 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12DE5C63-87B5-4947-97E0-2BB118759855}\offreg.dll
2011-12-17 11:42 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-17 11:19 . 2011-12-17 11:27 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-16 20:58 . 2011-12-16 21:30 -------- d-----w- c:\users\prestigio\AppData\Local\Microsoft Games
2011-12-16 20:05 . 2011-12-16 20:05 -------- d-----w- C:\rsit
2011-12-16 20:05 . 2011-12-16 20:05 -------- d-----w- c:\program files\trend micro
2011-12-16 16:52 . 2011-12-16 16:52 -------- d-----w- c:\users\prestigio\AppData\Roaming\Malwarebytes
2011-12-16 16:52 . 2011-12-16 16:52 -------- d-----w- c:\programdata\Malwarebytes
2011-12-16 16:52 . 2011-12-16 16:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-16 16:52 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-16 16:42 . 2011-12-16 16:42 -------- d-----w- c:\programdata\Uniblue
2011-12-16 13:29 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-12-16 13:29 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-12-16 13:29 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-12-16 13:29 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-12-16 13:29 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-12-16 13:29 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-12-16 13:29 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-12-16 13:29 . 2011-12-16 13:29 -------- d-----w- c:\program files\Microsoft XNA
2011-12-16 12:49 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12DE5C63-87B5-4947-97E0-2BB118759855}\mpengine.dll
2011-12-15 14:25 . 2011-12-15 14:25 -------- d--h--r- c:\users\prestigio\AppData\Roaming\SecuROM
2011-12-15 14:00 . 2011-12-15 14:00 -------- d-----w- c:\program files\Electronic Arts
2011-12-14 12:56 . 2011-12-14 12:58 -------- d-----w- c:\program files\Common Files\Steam
2011-12-14 12:56 . 2011-12-17 11:45 -------- d-----w- c:\program files\Steam
2011-12-14 12:36 . 2011-11-24 04:23 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 12:36 . 2011-11-05 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 12:36 . 2011-10-26 04:25 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 12:36 . 2011-10-15 05:48 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 12:36 . 2011-10-26 04:42 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 12:36 . 2011-10-26 04:42 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-13 15:43 . 2011-12-17 11:45 -------- d-----w- c:\users\prestigio\Tracing
2011-12-13 15:42 . 2011-12-16 20:02 -------- d-----w- c:\program files\SweetIM
2011-12-13 15:42 . 2011-12-13 15:42 -------- d-----w- c:\programdata\SweetIM
2011-12-13 15:42 . 2011-12-13 15:42 -------- d-----w- c:\programdata\Premium
2011-12-13 15:42 . 2011-12-13 15:44 -------- d-----w- c:\programdata\InstallMate
2011-12-13 15:33 . 2011-12-13 15:33 -------- d-----w- c:\users\prestigio\AppData\Roaming\Spore
2011-12-12 20:25 . 2011-12-12 20:25 -------- d-----w- c:\users\prestigio\AppData\Local\ClickPotatoLiteSA
2011-12-12 19:22 . 2011-12-12 19:22 59 ----a-w- C:\user.js
2011-12-12 19:22 . 2011-12-12 19:22 -------- d-----w- c:\users\prestigio\AppData\Local\Babylon
2011-12-12 19:21 . 2011-12-12 19:21 -------- d-----w- c:\users\prestigio\AppData\Roaming\Babylon
2011-12-12 19:21 . 2011-12-12 19:21 -------- d-----w- c:\programdata\Babylon
2011-12-12 18:35 . 2011-12-12 19:43 1096 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-12-12 18:34 . 2011-12-12 18:34 -------- d-----w- c:\users\prestigio\AppData\Local\Downloaded Installations
2011-12-05 16:47 . 2011-12-08 16:15 -------- d-----w- c:\users\NATALKA\AppData\Local\LogMeIn Hamachi
2011-12-04 14:19 . 2011-12-17 12:13 -------- d-----w- c:\users\prestigio\AppData\Local\LogMeIn Hamachi
2011-12-04 14:18 . 2011-12-04 14:18 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-12-03 18:53 . 2011-12-03 18:53 -------- d-----w- c:\users\prestigio\AppData\Roaming\Unity
2011-12-03 17:41 . 2011-12-03 17:41 -------- d-----w- c:\users\prestigio\AppData\Local\Unity
2011-11-27 17:05 . 2011-11-27 17:05 -------- d-----w- c:\users\NATALKA\AppData\Local\TechSmith
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 11:56 . 2011-10-28 17:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-29 16:31 . 2011-10-29 16:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-28 17:55 . 2011-10-28 17:55 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-28 17:55 . 2011-10-28 17:55 161792 ----a-w- c:\windows\system32\msls31.dll
2011-10-28 17:55 . 2011-10-28 17:55 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-28 17:55 . 2011-10-28 17:55 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-28 17:55 . 2011-10-28 17:55 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-28 17:55 . 2011-10-28 17:55 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-10-28 17:55 . 2011-10-28 17:55 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-10-28 17:55 . 2011-10-28 17:55 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-28 17:55 . 2011-10-28 17:55 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-28 17:55 . 2011-10-28 17:55 367104 ----a-w- c:\windows\system32\html.iec
2011-10-28 17:55 . 2011-10-28 17:55 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-10-28 17:55 . 2011-10-28 17:55 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-28 17:55 . 2011-10-28 17:55 152064 ----a-w- c:\windows\system32\wextract.exe
2011-10-28 17:55 . 2011-10-28 17:55 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-10-28 17:55 . 2011-10-28 17:55 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-28 17:55 . 2011-10-28 17:55 11776 ----a-w- c:\windows\system32\mshta.exe
2011-10-28 17:55 . 2011-10-28 17:55 101888 ----a-w- c:\windows\system32\admparse.dll
2011-09-29 15:43 . 2011-11-09 12:58 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-14 16:24 . 2011-10-28 17:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-12-14 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 1701888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-22 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R0 xlsnfid;xlsnfid;c:\windows\System32\drivers\gpdf.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-26 1343400]
R3 Webcam Corp. Service Starter;Webcam Corp. Service Starter;c:\program files\Webcam\Webcam123\dogsvc.exe [2009-09-19 164864]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-22 176128]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-06-22 5882880]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-06-22 210944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-21 1102848]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
*Deregistered* - MpNWMon
*Deregistered* - NisDrv
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2419112330-3943477382-4205184403-1000Core.job
- c:\users\prestigio\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-26 10:59]
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2419112330-3943477382-4205184403-1000UA.job
- c:\users\prestigio\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-26 10:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
FF - ProfilePath - c:\users\prestigio\AppData\Roaming\Mozilla\Firefox\Profiles\mamaav46.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100490&babsrc=adbartrp&mntrId=36c98f1e000000000000f46d049cdf15&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2419112330-3943477382-4205184403-1000\Software\SecuROM\License information*]
"datasecu"=hex:fb,1a,7c,a7,8c,92,d4,0e,47,16,da,85,03,e4,eb,d0,39,46,d7,e8,41,
34,c4,4d,e7,ff,b2,62,a5,48,4b,61,13,12,21,8d,2f,f8,b7,ab,23,97,72,b5,ec,eb,\
"rkeysecu"=hex:73,4d,d1,bd,7d,e4,2e,81,e7,c7,60,97,db,8a,7d,55
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-17 13:14:54
ComboFix-quarantined-files.txt 2011-12-17 12:14
.
Pre-Run: 213 993 185 280 bytes free
Post-Run: 216 054 407 168 bytes free
.
- - End Of File - - 77DF5E91C95DA321C93995E6685A1E95
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu W7

#8 Příspěvek od vyosek »

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Folder::
c:\program files\SweetIM
c:\programdata\SweetIM

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"StartCCC"=-
"SunJavaUpdateSched"=-
"LogMeIn Hamachi Ui"=-
"SweetIM"=-
"Malwarebytes' Anti-Malware (reboot)"=-

Collect::
c:\windows\System32\drivers\gpdf.sys

Driver::
xlsnfid

File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2419112330-3943477382-4205184403-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2419112330-3943477382-4205184403-1000UA.job
C:\Users\prestigio\AppData\Roaming\Mozilla\Firefox\Profiles\mamaav46.default\searchplugins\sweetim.xml

Firefox::
FF - ProfilePath - c:\users\prestigio\AppData\Roaming\Mozilla\Firefox\Profiles\mamaav46.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100490&ba ... 49cdf15&q=

RegNull::
[HKEY_USERS\S-1-5-21-2419112330-3943477382-4205184403-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
martin1973
Návštěvník
Návštěvník
Příspěvky: 194
Registrován: 13 led 2010 23:10

Re: Prosím o kontrolu logu W7

#9 Příspěvek od martin1973 »

ComboFix 11-12-17.05 - prestigio . 12. 2011 9:30.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.421.1051.18.3071.1471 [GMT 1:00]
Running from: c:\users\prestigio\Desktop\ComboFix.exe
Command switches used :: c:\users\prestigio\Desktop\CFScript.lnk
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-18 08:37 . 2011-12-18 08:37 -------- d-----w- c:\users\NATALKA\AppData\Local\temp
2011-12-18 08:37 . 2011-12-18 08:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-18 08:01 . 2011-12-18 08:01 -------- d-----w- c:\windows\system32\SPReview
2011-12-18 08:00 . 2011-12-18 08:00 -------- d-----w- c:\windows\system32\EventProviders
2011-12-18 07:54 . 2011-12-18 07:54 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D44F86A4-4F40-4205-B0FB-3222038B4DC8}\MpKslb45fc323.sys
2011-12-18 07:54 . 2011-12-18 07:54 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D44F86A4-4F40-4205-B0FB-3222038B4DC8}\offreg.dll
2011-12-17 17:44 . 2011-12-17 17:44 -------- d-----w- c:\program files\CCleaner
2011-12-17 12:49 . 2011-12-17 12:48 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FBDF8A6-C524-4247-9A62-5EE31E31A4B1}\gapaengine.dll
2011-12-17 12:49 . 2011-11-21 01:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D44F86A4-4F40-4205-B0FB-3222038B4DC8}\mpengine.dll
2011-12-17 12:47 . 2011-12-17 12:47 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-17 11:42 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-17 11:19 . 2011-12-17 11:27 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-16 20:58 . 2011-12-16 21:30 -------- d-----w- c:\users\prestigio\AppData\Local\Microsoft Games
2011-12-16 20:05 . 2011-12-16 20:05 -------- d-----w- C:\rsit
2011-12-16 20:05 . 2011-12-16 20:05 -------- d-----w- c:\program files\trend micro
2011-12-16 16:52 . 2011-12-16 16:52 -------- d-----w- c:\users\prestigio\AppData\Roaming\Malwarebytes
2011-12-16 16:52 . 2011-12-16 16:52 -------- d-----w- c:\programdata\Malwarebytes
2011-12-16 16:52 . 2011-12-16 16:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-16 16:52 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-16 16:42 . 2011-12-16 16:42 -------- d-----w- c:\programdata\Uniblue
2011-12-16 13:29 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-12-16 13:29 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-12-16 13:29 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-12-16 13:29 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-12-16 13:29 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-12-16 13:29 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-12-16 13:29 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-12-16 13:29 . 2011-12-16 13:29 -------- d-----w- c:\program files\Microsoft XNA
2011-12-16 12:49 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12DE5C63-87B5-4947-97E0-2BB118759855}\mpengine.dll
2011-12-15 14:25 . 2011-12-15 14:25 -------- d--h--r- c:\users\prestigio\AppData\Roaming\SecuROM
2011-12-15 14:00 . 2011-12-15 14:00 -------- d-----w- c:\program files\Electronic Arts
2011-12-14 12:56 . 2011-12-14 12:58 -------- d-----w- c:\program files\Common Files\Steam
2011-12-14 12:56 . 2011-12-18 07:57 -------- d-----w- c:\program files\Steam
2011-12-14 12:36 . 2011-11-24 04:23 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 12:36 . 2011-11-05 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 12:36 . 2011-10-26 04:25 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 12:36 . 2011-10-15 05:48 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 12:36 . 2011-10-26 04:42 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 12:36 . 2011-10-26 04:42 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-13 15:43 . 2011-12-17 17:45 -------- d-----w- c:\users\prestigio\Tracing
2011-12-13 15:42 . 2011-12-16 20:02 -------- d-----w- c:\program files\SweetIM
2011-12-13 15:42 . 2011-12-13 15:42 -------- d-----w- c:\programdata\SweetIM
2011-12-13 15:42 . 2011-12-13 15:42 -------- d-----w- c:\programdata\Premium
2011-12-13 15:42 . 2011-12-13 15:44 -------- d-----w- c:\programdata\InstallMate
2011-12-13 15:33 . 2011-12-13 15:33 -------- d-----w- c:\users\prestigio\AppData\Roaming\Spore
2011-12-12 20:25 . 2011-12-12 20:25 -------- d-----w- c:\users\prestigio\AppData\Local\ClickPotatoLiteSA
2011-12-12 19:22 . 2011-12-12 19:22 59 ----a-w- C:\user.js
2011-12-12 19:22 . 2011-12-12 19:22 -------- d-----w- c:\users\prestigio\AppData\Local\Babylon
2011-12-12 19:21 . 2011-12-12 19:21 -------- d-----w- c:\users\prestigio\AppData\Roaming\Babylon
2011-12-12 19:21 . 2011-12-12 19:21 -------- d-----w- c:\programdata\Babylon
2011-12-12 18:35 . 2011-12-12 19:43 1096 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-12-12 18:34 . 2011-12-12 18:34 -------- d-----w- c:\users\prestigio\AppData\Local\Downloaded Installations
2011-12-05 16:47 . 2011-12-08 16:15 -------- d-----w- c:\users\NATALKA\AppData\Local\LogMeIn Hamachi
2011-12-04 14:19 . 2011-12-18 08:37 -------- d-----w- c:\users\prestigio\AppData\Local\LogMeIn Hamachi
2011-12-04 14:18 . 2011-12-04 14:18 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-12-03 18:53 . 2011-12-03 18:53 -------- d-----w- c:\users\prestigio\AppData\Roaming\Unity
2011-12-03 17:41 . 2011-12-03 17:41 -------- d-----w- c:\users\prestigio\AppData\Local\Unity
2011-11-27 17:05 . 2011-11-27 17:05 -------- d-----w- c:\users\NATALKA\AppData\Local\TechSmith
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 11:56 . 2011-10-28 17:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-29 16:31 . 2011-10-29 16:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-28 17:55 . 2011-10-28 17:55 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-28 17:55 . 2011-10-28 17:55 161792 ----a-w- c:\windows\system32\msls31.dll
2011-10-28 17:55 . 2011-10-28 17:55 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-28 17:55 . 2011-10-28 17:55 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-28 17:55 . 2011-10-28 17:55 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-28 17:55 . 2011-10-28 17:55 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-10-28 17:55 . 2011-10-28 17:55 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-10-28 17:55 . 2011-10-28 17:55 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-28 17:55 . 2011-10-28 17:55 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-28 17:55 . 2011-10-28 17:55 367104 ----a-w- c:\windows\system32\html.iec
2011-10-28 17:55 . 2011-10-28 17:55 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-10-28 17:55 . 2011-10-28 17:55 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-28 17:55 . 2011-10-28 17:55 152064 ----a-w- c:\windows\system32\wextract.exe
2011-10-28 17:55 . 2011-10-28 17:55 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-10-28 17:55 . 2011-10-28 17:55 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-28 17:55 . 2011-10-28 17:55 11776 ----a-w- c:\windows\system32\mshta.exe
2011-10-28 17:55 . 2011-10-28 17:55 101888 ----a-w- c:\windows\system32\admparse.dll
2011-09-29 15:43 . 2011-11-09 12:58 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-14 16:24 . 2011-10-28 17:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-12-14 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 1701888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-22 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 xlsnfid;xlsnfid;c:\windows\System32\drivers\gpdf.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-26 1343400]
R3 Webcam Corp. Service Starter;Webcam Corp. Service Starter;c:\program files\Webcam\Webcam123\dogsvc.exe [2009-09-19 164864]
S1 MpKslb45fc323;MpKslb45fc323;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D44F86A4-4F40-4205-B0FB-3222038B4DC8}\MpKslb45fc323.sys [2011-12-18 29904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-22 176128]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-06-22 5882880]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-06-22 210944]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-21 1102848]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLB45FC323
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2419112330-3943477382-4205184403-1000Core.job
- c:\users\prestigio\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-26 10:59]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2419112330-3943477382-4205184403-1000UA.job
- c:\users\prestigio\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-26 10:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
FF - ProfilePath - c:\users\prestigio\AppData\Roaming\Mozilla\Firefox\Profiles\mamaav46.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100490&babsrc=adbartrp&mntrId=36c98f1e000000000000f46d049cdf15&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2419112330-3943477382-4205184403-1000\Software\SecuROM\License information*]
"datasecu"=hex:fb,1a,7c,a7,8c,92,d4,0e,47,16,da,85,03,e4,eb,d0,39,46,d7,e8,41,
34,c4,4d,e7,ff,b2,62,a5,48,4b,61,13,12,21,8d,2f,f8,b7,ab,23,97,72,b5,ec,eb,\
"rkeysecu"=hex:73,4d,d1,bd,7d,e4,2e,81,e7,c7,60,97,db,8a,7d,55
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-18 09:39:32
ComboFix-quarantined-files.txt 2011-12-18 08:39
ComboFix2.txt 2011-12-17 12:14
.
Pre-Run: 225 537 245 184 bytes free
Post-Run: 224 786 857 984 bytes free
.
- - End Of File - - AD9E019D3E7325E43C90034D9310BAE8
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu W7

#10 Příspěvek od vyosek »

Command switches used :: c:\users\prestigio\Desktop\CFScript.lnk
Proto nic nesmazal, tohle ma byt ten CFScript.txt ne jeho zastupce :roll:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
martin1973
Návštěvník
Návštěvník
Příspěvky: 194
Registrován: 13 led 2010 23:10

Re: Prosím o kontrolu logu W7

#11 Příspěvek od martin1973 »

ComboFix 11-12-17.05 - prestigio . 12. 2011 10:28:33.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.421.1051.18.3071.1860 [GMT 1:00]
Running from: c:\users\prestigio\Desktop\ComboFix.exe
Command switches used :: c:\users\prestigio\Documents\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\prestigio\AppData\Roaming\Mozilla\Firefox\Profiles\mamaav46.default\searchplugins\sweetim.xml"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2419112330-3943477382-4205184403-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2419112330-3943477382-4205184403-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SweetIM
c:\program files\SweetIM\Messenger\ContentPackagesActivationHandler.exe
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mghooking.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\resources\images\KeyboardButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\programdata\SweetIM
c:\programdata\SweetIM\Messenger\conf\adapter.xml
c:\programdata\SweetIM\Messenger\conf\autoupdate.xml
c:\programdata\SweetIM\Messenger\conf\contentpackages.xml
c:\programdata\SweetIM\Messenger\conf\logger.xml
c:\programdata\SweetIM\Messenger\conf\messages.xml
c:\programdata\SweetIM\Messenger\conf\sweetim.xml
c:\programdata\SweetIM\Messenger\conf\sweetimapp.xml
c:\programdata\SweetIM\Messenger\conf\users\main_user_config.xml
c:\programdata\SweetIM\Messenger\data\Bars\Default\100\bar.html
c:\programdata\SweetIM\Messenger\data\Bars\Default\100\bar.js
c:\programdata\SweetIM\Messenger\data\Bars\Default\100\bar.swf
c:\programdata\SweetIM\Messenger\data\Bars\Default\200\bar.html
c:\programdata\SweetIM\Messenger\data\Bars\Default\200\bar.js
c:\programdata\SweetIM\Messenger\data\Bars\Default\200\bar.swf
c:\programdata\SweetIM\Messenger\data\Bars\Default\400\bar.html
c:\programdata\SweetIM\Messenger\data\Bars\Default\400\bar.js
c:\programdata\SweetIM\Messenger\data\Bars\Default\400\bar.swf
c:\programdata\SweetIM\Messenger\data\contentdb\cache_indx.dat
c:\programdata\SweetIM\Messenger\data\contentdb\installcontentvalidation.xml
c:\programdata\SweetIM\Messenger\data\packages\FailDialog\activationFail.htm
c:\programdata\SweetIM\Messenger\data\packages\FailDialog\close_but.gif
c:\programdata\SweetIM\Messenger\data\packages\FailDialog\failure_dialog_BG.jpg
c:\users\prestigio\AppData\Roaming\Mozilla\Firefox\Profiles\mamaav46.default\searchplugins\sweetim.xml
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2419112330-3943477382-4205184403-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2419112330-3943477382-4205184403-1000UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xlsnfid
.
.
((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-18 09:37 . 2011-12-18 09:37 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D44F86A4-4F40-4205-B0FB-3222038B4DC8}\MpKslc4641372.sys
2011-12-18 09:36 . 2011-12-18 09:38 -------- d-----w- c:\users\prestigio\AppData\Local\temp
2011-12-18 09:36 . 2011-12-18 09:36 -------- d-----w- c:\users\NATALKA\AppData\Local\temp
2011-12-18 09:36 . 2011-12-18 09:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-18 09:21 . 2011-12-18 09:21 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D44F86A4-4F40-4205-B0FB-3222038B4DC8}\MpKsl9ebe6dd0.sys
2011-12-18 09:21 . 2011-12-18 09:37 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D44F86A4-4F40-4205-B0FB-3222038B4DC8}\offreg.dll
2011-12-18 08:40 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-12-18 08:40 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-12-18 08:40 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-12-18 08:01 . 2011-12-18 08:01 -------- d-----w- c:\windows\system32\SPReview
2011-12-18 08:00 . 2011-12-18 08:00 -------- d-----w- c:\windows\system32\EventProviders
2011-12-17 17:44 . 2011-12-17 17:44 -------- d-----w- c:\program files\CCleaner
2011-12-17 12:49 . 2011-12-17 12:48 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FBDF8A6-C524-4247-9A62-5EE31E31A4B1}\gapaengine.dll
2011-12-17 12:49 . 2011-11-21 01:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D44F86A4-4F40-4205-B0FB-3222038B4DC8}\mpengine.dll
2011-12-17 12:47 . 2011-12-17 12:47 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-17 11:42 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-17 11:19 . 2011-12-17 11:27 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-16 20:58 . 2011-12-16 21:30 -------- d-----w- c:\users\prestigio\AppData\Local\Microsoft Games
2011-12-16 20:05 . 2011-12-16 20:05 -------- d-----w- C:\rsit
2011-12-16 20:05 . 2011-12-16 20:05 -------- d-----w- c:\program files\trend micro
2011-12-16 16:52 . 2011-12-16 16:52 -------- d-----w- c:\users\prestigio\AppData\Roaming\Malwarebytes
2011-12-16 16:52 . 2011-12-16 16:52 -------- d-----w- c:\programdata\Malwarebytes
2011-12-16 16:52 . 2011-12-16 16:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-16 16:52 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-16 16:42 . 2011-12-16 16:42 -------- d-----w- c:\programdata\Uniblue
2011-12-16 13:29 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-12-16 13:29 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-12-16 13:29 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-12-16 13:29 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-12-16 13:29 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-12-16 13:29 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-12-16 13:29 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-12-16 13:29 . 2011-12-16 13:29 -------- d-----w- c:\program files\Microsoft XNA
2011-12-16 12:49 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12DE5C63-87B5-4947-97E0-2BB118759855}\mpengine.dll
2011-12-15 14:25 . 2011-12-15 14:25 -------- d--h--r- c:\users\prestigio\AppData\Roaming\SecuROM
2011-12-15 14:00 . 2011-12-15 14:00 -------- d-----w- c:\program files\Electronic Arts
2011-12-14 12:56 . 2011-12-14 12:58 -------- d-----w- c:\program files\Common Files\Steam
2011-12-14 12:56 . 2011-12-18 09:21 -------- d-----w- c:\program files\Steam
2011-12-14 12:36 . 2011-11-24 04:23 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 12:36 . 2011-11-05 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 12:36 . 2011-10-26 04:25 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 12:36 . 2011-10-15 05:48 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 12:36 . 2011-10-26 04:42 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 12:36 . 2011-10-26 04:42 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-13 15:43 . 2011-12-17 17:45 -------- d-----w- c:\users\prestigio\Tracing
2011-12-13 15:42 . 2011-12-13 15:42 -------- d-----w- c:\programdata\Premium
2011-12-13 15:42 . 2011-12-13 15:44 -------- d-----w- c:\programdata\InstallMate
2011-12-13 15:33 . 2011-12-13 15:33 -------- d-----w- c:\users\prestigio\AppData\Roaming\Spore
2011-12-12 20:25 . 2011-12-12 20:25 -------- d-----w- c:\users\prestigio\AppData\Local\ClickPotatoLiteSA
2011-12-12 19:22 . 2011-12-12 19:22 59 ----a-w- C:\user.js
2011-12-12 19:22 . 2011-12-12 19:22 -------- d-----w- c:\users\prestigio\AppData\Local\Babylon
2011-12-12 19:21 . 2011-12-12 19:21 -------- d-----w- c:\users\prestigio\AppData\Roaming\Babylon
2011-12-12 19:21 . 2011-12-12 19:21 -------- d-----w- c:\programdata\Babylon
2011-12-12 18:35 . 2011-12-12 19:43 1096 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-12-12 18:34 . 2011-12-12 18:34 -------- d-----w- c:\users\prestigio\AppData\Local\Downloaded Installations
2011-12-05 16:47 . 2011-12-08 16:15 -------- d-----w- c:\users\NATALKA\AppData\Local\LogMeIn Hamachi
2011-12-04 14:19 . 2011-12-18 09:36 -------- d-----w- c:\users\prestigio\AppData\Local\LogMeIn Hamachi
2011-12-04 14:18 . 2011-12-04 14:18 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-12-03 18:53 . 2011-12-03 18:53 -------- d-----w- c:\users\prestigio\AppData\Roaming\Unity
2011-12-03 17:41 . 2011-12-03 17:41 -------- d-----w- c:\users\prestigio\AppData\Local\Unity
2011-11-27 17:05 . 2011-11-27 17:05 -------- d-----w- c:\users\NATALKA\AppData\Local\TechSmith
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 11:56 . 2011-10-28 17:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-29 16:31 . 2011-10-29 16:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-28 17:55 . 2011-10-28 17:55 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-28 17:55 . 2011-10-28 17:55 161792 ----a-w- c:\windows\system32\msls31.dll
2011-10-28 17:55 . 2011-10-28 17:55 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-28 17:55 . 2011-10-28 17:55 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-28 17:55 . 2011-10-28 17:55 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-28 17:55 . 2011-10-28 17:55 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-10-28 17:55 . 2011-10-28 17:55 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-10-28 17:55 . 2011-10-28 17:55 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-28 17:55 . 2011-10-28 17:55 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-28 17:55 . 2011-10-28 17:55 367104 ----a-w- c:\windows\system32\html.iec
2011-10-28 17:55 . 2011-10-28 17:55 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-10-28 17:55 . 2011-10-28 17:55 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-28 17:55 . 2011-10-28 17:55 152064 ----a-w- c:\windows\system32\wextract.exe
2011-10-28 17:55 . 2011-10-28 17:55 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-10-28 17:55 . 2011-10-28 17:55 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-28 17:55 . 2011-10-28 17:55 11776 ----a-w- c:\windows\system32\mshta.exe
2011-10-28 17:55 . 2011-10-28 17:55 101888 ----a-w- c:\windows\system32\admparse.dll
2011-09-29 15:43 . 2011-11-09 12:58 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-14 16:24 . 2011-10-28 17:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 1701888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-26 1343400]
R3 Webcam Corp. Service Starter;Webcam Corp. Service Starter;c:\program files\Webcam\Webcam123\dogsvc.exe [2009-09-19 164864]
S1 MpKsl9ebe6dd0;MpKsl9ebe6dd0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D44F86A4-4F40-4205-B0FB-3222038B4DC8}\MpKsl9ebe6dd0.sys [2011-12-18 29904]
S1 MpKslc4641372;MpKslc4641372;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D44F86A4-4F40-4205-B0FB-3222038B4DC8}\MpKslc4641372.sys [2011-12-18 29904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-22 176128]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-06-22 5882880]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-06-22 210944]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-21 1102848]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLC4641372
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
FF - ProfilePath - c:\users\prestigio\AppData\Roaming\Mozilla\Firefox\Profiles\mamaav46.default\
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2011-12-18 10:41:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-18 09:41
ComboFix2.txt 2011-12-18 08:39
ComboFix3.txt 2011-12-17 12:14
.
Pre-Run: 224 412 860 416 bytes free
Post-Run: 224 298 119 168 bytes free
.
- - End Of File - - EF60B5A26AFE4A5083C69B4167D2F745
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu W7

#12 Příspěvek od vyosek »

Jak se chova PC :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
martin1973
Návštěvník
Návštěvník
Příspěvky: 194
Registrován: 13 led 2010 23:10

Re: Prosím o kontrolu logu W7

#13 Příspěvek od martin1973 »

Pc sa je ok,len by som sa chcel ešte zbaviť babylon search v googli chrome ale neviem ako?
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu W7

#14 Příspěvek od vyosek »

:arrow: Stahnete OTL (viz muj podpis) a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Stari souboru zmente z 30 dnu na 7 dnu
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
martin1973
Návštěvník
Návštěvník
Příspěvky: 194
Registrován: 13 led 2010 23:10

Re: Prosím o kontrolu logu W7

#15 Příspěvek od martin1973 »

Akosi sa nedarí to OTL stále vyhodí neakú chybu
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“