prosím o kontrolu logu

Zpráva

ferko123 · #16 Příspěvek od **ferko123** » 29 pro 2011 17:09

ComboFix 11-12-29.04 - Michal . 12. 2011 17:01:13.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7600.0.1250.421.1033.18.8154.6719 [GMT 1:00]
Running from: c:\users\Michal\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-29 16:05 . 2011-12-29 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-27 16:06 . 2011-12-27 16:06 -------- d-----w- c:\programdata\Malwarebytes
2011-12-27 16:06 . 2011-12-27 16:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-27 16:06 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-27 11:42 . 2011-12-27 16:07 -------- d-----w- c:\program files\trend micro
2011-12-27 11:42 . 2011-12-27 11:42 -------- d-----w- C:\rsit
2011-12-26 17:01 . 2011-12-26 17:01 -------- d-----w- c:\program files\ESET
2011-12-26 12:28 . 2011-12-26 12:28 -------- d-----w- c:\programdata\NVIDIA
2011-12-26 12:27 . 2011-12-17 20:08 6004544 ----a-w- c:\windows\system32\nvcpl.dll
2011-12-26 12:27 . 2011-12-17 20:08 3028800 ----a-w- c:\windows\system32\nvsvc64.dll
2011-12-26 12:27 . 2011-12-17 20:08 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2011-12-26 12:27 . 2011-12-17 20:08 63296 ----a-w- c:\windows\system32\nvshext.dll
2011-12-26 12:27 . 2011-12-17 20:08 2562368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-12-26 12:27 . 2011-12-17 20:08 118080 ----a-w- c:\windows\system32\nvmctray.dll
2011-12-26 12:27 . 2011-12-26 12:27 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-12-26 12:25 . 2011-12-26 12:27 -------- d-----w- C:\NVIDIA
2011-12-24 20:21 . 2011-12-29 11:46 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-12-24 16:34 . 2011-12-24 16:34 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2011-12-24 16:18 . 2011-12-24 16:18 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-12-24 16:18 . 2011-12-29 11:46 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-12-24 16:18 . 2011-12-29 11:41 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-12-24 16:18 . 2011-12-24 23:22 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-12-24 16:18 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-12-24 16:18 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2011-12-24 16:18 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-12-24 16:18 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2011-12-24 16:18 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-12-24 16:18 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2011-12-24 15:32 . 2010-08-06 09:47 73728 ----a-w- c:\windows\SysWow64\GX900Hook.dll
2011-12-24 15:32 . 2004-03-02 12:19 1638400 ----a-w- c:\windows\SysWow64\GDIPLUS.DLL
2011-12-24 11:58 . 2011-12-24 11:58 -------- d-----w- c:\program files (x86)\Phyxion.net
2011-12-24 11:55 . 2011-12-24 11:55 -------- d-----w- c:\program files\CCleaner
2011-12-21 18:10 . 2011-12-26 16:48 -------- d-----w- C:\Fraps
2011-12-20 19:16 . 2011-12-20 19:16 -------- d-----w- c:\windows\system32\appmgmt
2011-12-20 15:34 . 2011-12-20 15:35 -------- d-----w- c:\programdata\Solidshield
2011-12-20 15:24 . 2011-12-20 15:24 -------- d-----w- c:\programdata\EA Core
2011-12-19 11:36 . 2011-12-19 11:36 -------- d-----w- c:\windows\SysWow64\Wat
2011-12-19 11:36 . 2011-12-19 11:36 -------- d-----w- c:\windows\system32\Wat
2011-12-19 10:55 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-12-18 13:48 . 2011-12-18 13:48 -------- d-sh--w- c:\programdata\SecuROM
2011-12-17 23:52 . 2011-12-24 12:15 -------- d-----w- c:\windows\Panther
2011-12-17 18:38 . 2011-12-17 18:38 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-12-17 18:36 . 2011-12-18 13:44 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-12-17 18:36 . 2011-12-17 18:36 -------- d-----w- c:\windows\SysWow64\xlive
2011-12-17 17:55 . 2011-12-18 13:32 -------- d-----w- c:\program files (x86)\Rockstar Games
2011-12-17 17:45 . 2011-12-17 17:45 -------- d-----w- c:\program files (x86)\FinalWire
2011-12-17 17:44 . 2011-12-17 17:44 -------- d-----w- c:\program files (x86)\VideoLAN
2011-12-17 17:37 . 2011-12-17 17:37 -------- d-----w- c:\windows\SysWow64\drivers\sk-SK
2011-12-17 17:37 . 2011-12-17 17:37 -------- d-----w- c:\windows\SysWow64\wbem\sk-SK
2011-12-17 17:37 . 2011-12-17 17:37 -------- d-----w- c:\windows\sk-SK
2011-12-17 17:37 . 2011-12-17 17:37 -------- d-----w- c:\windows\system32\drivers\sk-SK
2011-12-17 17:37 . 2011-12-17 17:37 -------- d-----w- c:\windows\system32\wbem\sk-SK
2011-12-17 17:32 . 2011-12-17 17:32 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-12-17 17:31 . 2011-12-17 17:31 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-17 17:31 . 2011-12-17 17:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-17 17:30 . 2011-12-17 17:30 -------- d-----w- c:\program files (x86)\Java
2011-12-17 17:23 . 2011-12-17 17:23 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-12-17 17:19 . 2011-12-17 17:19 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-12-17 17:19 . 2011-12-17 17:19 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-17 17:19 . 2011-12-17 17:19 -------- d-----w- c:\program files\Java
2011-12-17 17:13 . 2011-12-17 17:13 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-12-17 17:11 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-12-17 17:11 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-12-17 17:11 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-12-17 17:11 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-12-17 17:11 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-12-17 17:11 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-12-17 17:11 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-12-17 17:11 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-12-17 17:11 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-12-17 17:11 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-12-17 17:08 . 2011-12-24 16:33 -------- d-----w- c:\programdata\Electronic Arts
2011-12-17 17:08 . 2011-12-24 15:53 -------- d-----w- c:\program files (x86)\Origin Games
2011-12-17 17:08 . 2011-12-20 15:24 -------- d-----w- c:\programdata\Origin
2011-12-17 17:08 . 2011-12-17 17:08 -------- d-----w- c:\program files (x86)\Origin
2011-12-17 17:02 . 2010-10-27 01:43 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll
2011-12-17 17:02 . 2011-12-21 14:05 -------- d-----w- c:\program files (x86)\MSI Afterburner
2011-12-17 16:54 . 2011-12-17 16:54 -------- d-----w- c:\programdata\Skype
2011-12-17 16:54 . 2011-12-17 16:54 -------- d-----r- c:\program files (x86)\Skype
2011-12-17 16:52 . 2011-12-17 17:40 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-12-17 16:52 . 2011-12-29 15:36 -------- d-----w- c:\program files (x86)\Steam
2011-12-17 16:49 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-12-17 16:49 . 2010-03-24 06:59 1736608 ----a-w- c:\windows\system32\ntdll.dll
2011-12-17 16:49 . 2010-03-24 06:37 1289528 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-12-17 16:45 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-12-17 16:45 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
2011-12-17 16:40 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-12-17 16:40 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-12-17 16:40 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-12-17 16:40 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-12-17 16:40 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-12-17 16:35 . 2010-12-21 06:13 2003968 ----a-w- c:\windows\system32\msxml6.dll
2011-12-17 16:30 . 2009-12-11 10:29 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-12-17 16:30 . 2009-12-11 09:24 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2011-12-17 16:30 . 2009-12-11 07:39 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2011-12-17 16:30 . 2009-12-11 07:36 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2011-12-17 16:30 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2011-12-17 16:30 . 2010-08-27 03:38 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2011-12-17 16:30 . 2010-08-27 03:37 402944 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-12-17 16:30 . 2009-10-28 06:24 389632 ----a-w- c:\windows\system32\winlogon.exe
2011-12-17 16:30 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-12-17 16:30 . 2010-08-27 03:37 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-12-17 16:14 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-12-17 16:14 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-12-17 16:11 . 2011-12-17 16:11 -------- d-----w- c:\program files (x86)\AMD
2011-12-17 16:04 . 2011-12-17 16:04 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-12-17 15:56 . 2011-12-17 15:56 -------- d-----w- c:\programdata\ASUS OC Profiles
2011-12-17 15:52 . 2010-11-08 13:57 14464 ----a-w- c:\windows\system32\drivers\AiChargerPlus.sys
2011-12-17 15:52 . 2008-12-02 19:05 184320 ----a-w- c:\windows\SysWow64\drivers\UpdateHelper.dll
2011-12-17 15:51 . 2011-12-17 15:51 -------- d-----w- c:\programdata\ASUS
2011-12-17 15:51 . 2011-12-24 15:32 -------- d-----w- c:\program files (x86)\ASUS
2011-12-17 15:51 . 2010-08-24 07:16 13440 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys
2011-12-17 15:51 . 2010-06-29 07:41 28672 ----a-r- c:\windows\SysWow64\AsIO.dll
2011-12-17 15:51 . 2008-01-04 05:34 11832 ------w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2011-12-17 15:41 . 2011-12-17 15:47 -------- d--h--w- c:\windows\msdownld.tmp
2011-12-17 15:35 . 2011-11-30 01:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8933E33-21EE-4EA5-B9A4-74E7716665AD}\mpengine.dll
2011-12-17 15:35 . 2011-11-15 13:29 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-12-17 15:21 . 2011-12-17 15:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-17 15:21 . 2011-12-17 15:21 -------- d-----w- c:\windows\SysWow64\Macromed
2011-12-17 15:21 . 2011-12-17 15:21 -------- d-----w- c:\windows\system32\Macromed
2011-12-17 15:18 . 2011-03-21 13:22 452200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-12-17 15:18 . 2011-03-21 13:22 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-12-17 15:18 . 2011-03-21 13:22 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-12-17 15:17 . 2011-12-17 15:17 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2011-12-17 15:15 . 2009-07-14 01:15 315904 ----a-w- c:\windows\SysWow64\Difxd93e.rra
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 13:45 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-12-18 13:45 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-17 16:06 . 2011-12-17 16:06 249344 ----a-w- c:\windows\system32\webcheck.dll
2011-12-17 16:06 . 2011-12-17 16:06 203776 ----a-w- c:\windows\SysWow64\webcheck.dll
2011-10-22 11:05 . 2011-10-22 11:05 71680 ----a-w- c:\windows\system32\frapsv64.dll
2011-10-22 11:05 . 2011-10-22 11:05 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WLMS;Windows Licensing Monitoring Service;c:\windows\system32\wlms\wlms.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-402294361-126543748-1492989729-1000Core.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-17 15:59]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-402294361-126543748-1492989729-1000UA.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-17 15:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-402294361-126543748-1492989729-1000\Software\SecuROM\License information*]
"datasecu"=hex:af,60,29,e9,18,aa,45,27,c4,b0,2a,3e,e1,50,e2,19,ec,cd,ed,4a,cb,
12,3d,24,02,47,17,1c,3f,55,ca,e5,0e,b7,35,d1,c3,7e,7a,f3,48,7a,be,75,62,e2,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
.
**************************************************************************
.
Completion time: 2011-12-29 17:09:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-29 16:09
.
Pre-Run: 635 226 800 128 bytes free
Post-Run: 634 852 335 616 bytes free
.
- - End Of File - - 3A71F649A9DEB3B73A7B8708AA00777C

chodnik74 · #17 Příspěvek od **chodnik74** » 29 pro 2011 19:11

Otevřeme si Poznámkový blok Obrázek

(stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)

Vložíme do něj následující script:

Kód: Vybrat vše


RegLock::
[HKEY_USERS\S-1-5-21-402294361-126543748-1492989729-1000\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Soubor uložíme na Plochu jako CFScript.txt
Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
Poté Combofix provede všechny operace a udělá nový log,který sem vložte

Může se stát,že po aplikaci scriptu nenaběhne Windows běžným způsobem.V tomto případě restartujte počítač a při startu mačkejte F8 a zvolte možnost Poslední známá funkční konfigurace

Malwarebytes' Anti-Malware Obrázek

Stáhneme,nainstalujeme a spustíme(pokud si nevíte rady jak,klikněte ZDE)
Vybereme Úplná kontrola a klikneme na tlačítko Prohledat
Program provede kontrolu počítače a na konci se vám objeví hláska,že bylo skenování dokončeno,tak potvrdíme tlačítkem OK
Objeví se vám log,který mi sem vložte
NIC NEMAZAT!!Program mívá občas falešné detekce,takže mazat budeme až po konzultaci

ferko123 · #18 Příspěvek od **ferko123** » 29 pro 2011 19:31

ComboFix 11-12-29.04 - Michal . 12. 2011 19:25:01.2.4 - x64
Microsoft Windows 7 Enterprise 6.1.7600.0.1250.421.1033.18.8154.6743 [GMT 1:00]
Running from: c:\users\Michal\Desktop\ComboFix.exe
Command switches used :: c:\users\Michal\Desktop\CFscript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-29 18:27 . 2011-12-29 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-27 16:06 . 2011-12-27 16:06 -------- d-----w- c:\programdata\Malwarebytes
2011-12-27 16:06 . 2011-12-27 16:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-27 16:06 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-27 11:42 . 2011-12-27 16:07 -------- d-----w- c:\program files\trend micro
2011-12-27 11:42 . 2011-12-27 11:42 -------- d-----w- C:\rsit
2011-12-26 17:01 . 2011-12-26 17:01 -------- d-----w- c:\program files\ESET
2011-12-26 12:28 . 2011-12-26 12:28 -------- d-----w- c:\programdata\NVIDIA
2011-12-26 12:27 . 2011-12-17 20:08 6004544 ----a-w- c:\windows\system32\nvcpl.dll
2011-12-26 12:27 . 2011-12-17 20:08 3028800 ----a-w- c:\windows\system32\nvsvc64.dll
2011-12-26 12:27 . 2011-12-17 20:08 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2011-12-26 12:27 . 2011-12-17 20:08 63296 ----a-w- c:\windows\system32\nvshext.dll
2011-12-26 12:27 . 2011-12-17 20:08 2562368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-12-26 12:27 . 2011-12-17 20:08 118080 ----a-w- c:\windows\system32\nvmctray.dll
2011-12-26 12:27 . 2011-12-26 12:27 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-12-26 12:25 . 2011-12-26 12:27 -------- d-----w- C:\NVIDIA
2011-12-24 20:21 . 2011-12-29 17:53 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-12-24 16:34 . 2011-12-24 16:34 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2011-12-24 16:18 . 2011-12-24 16:18 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-12-24 16:18 . 2011-12-29 17:53 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-12-24 16:18 . 2011-12-29 17:51 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-12-24 16:18 . 2011-12-24 23:22 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-12-24 16:18 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-12-24 16:18 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2011-12-24 16:18 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-12-24 16:18 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2011-12-24 16:18 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-12-24 16:18 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2011-12-24 15:32 . 2010-08-06 09:47 73728 ----a-w- c:\windows\SysWow64\GX900Hook.dll
2011-12-24 15:32 . 2004-03-02 12:19 1638400 ----a-w- c:\windows\SysWow64\GDIPLUS.DLL
2011-12-24 11:58 . 2011-12-24 11:58 -------- d-----w- c:\program files (x86)\Phyxion.net
2011-12-24 11:55 . 2011-12-24 11:55 -------- d-----w- c:\program files\CCleaner
2011-12-21 18:10 . 2011-12-26 16:48 -------- d-----w- C:\Fraps
2011-12-20 19:16 . 2011-12-20 19:16 -------- d-----w- c:\windows\system32\appmgmt
2011-12-20 15:34 . 2011-12-20 15:35 -------- d-----w- c:\programdata\Solidshield
2011-12-20 15:24 . 2011-12-20 15:24 -------- d-----w- c:\programdata\EA Core
2011-12-19 11:36 . 2011-12-19 11:36 -------- d-----w- c:\windows\SysWow64\Wat
2011-12-19 11:36 . 2011-12-19 11:36 -------- d-----w- c:\windows\system32\Wat
2011-12-19 10:55 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-12-18 13:48 . 2011-12-18 13:48 -------- d-sh--w- c:\programdata\SecuROM
2011-12-17 23:52 . 2011-12-24 12:15 -------- d-----w- c:\windows\Panther
2011-12-17 18:38 . 2011-12-17 18:38 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-12-17 18:36 . 2011-12-18 13:44 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-12-17 18:36 . 2011-12-17 18:36 -------- d-----w- c:\windows\SysWow64\xlive
2011-12-17 17:55 . 2011-12-18 13:32 -------- d-----w- c:\program files (x86)\Rockstar Games
2011-12-17 17:45 . 2011-12-17 17:45 -------- d-----w- c:\program files (x86)\FinalWire
2011-12-17 17:44 . 2011-12-17 17:44 -------- d-----w- c:\program files (x86)\VideoLAN
2011-12-17 17:37 . 2011-12-17 17:37 -------- d-----w- c:\windows\SysWow64\drivers\sk-SK
2011-12-17 17:37 . 2011-12-17 17:37 -------- d-----w- c:\windows\SysWow64\wbem\sk-SK
2011-12-17 17:37 . 2011-12-17 17:37 -------- d-----w- c:\windows\sk-SK
2011-12-17 17:37 . 2011-12-17 17:37 -------- d-----w- c:\windows\system32\drivers\sk-SK
2011-12-17 17:37 . 2011-12-17 17:37 -------- d-----w- c:\windows\system32\wbem\sk-SK
2011-12-17 17:32 . 2011-12-17 17:32 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-12-17 17:31 . 2011-12-17 17:31 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-17 17:31 . 2011-12-17 17:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-17 17:30 . 2011-12-17 17:30 -------- d-----w- c:\program files (x86)\Java
2011-12-17 17:23 . 2011-12-17 17:23 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-12-17 17:19 . 2011-12-17 17:19 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-12-17 17:19 . 2011-12-17 17:19 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-17 17:19 . 2011-12-17 17:19 -------- d-----w- c:\program files\Java
2011-12-17 17:13 . 2011-12-17 17:13 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-12-17 17:11 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-12-17 17:11 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-12-17 17:11 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-12-17 17:11 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-12-17 17:11 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-12-17 17:11 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-12-17 17:11 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-12-17 17:11 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-12-17 17:11 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-12-17 17:11 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-12-17 17:08 . 2011-12-24 16:33 -------- d-----w- c:\programdata\Electronic Arts
2011-12-17 17:08 . 2011-12-24 15:53 -------- d-----w- c:\program files (x86)\Origin Games
2011-12-17 17:08 . 2011-12-20 15:24 -------- d-----w- c:\programdata\Origin
2011-12-17 17:08 . 2011-12-17 17:08 -------- d-----w- c:\program files (x86)\Origin
2011-12-17 17:02 . 2010-10-27 01:43 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll
2011-12-17 17:02 . 2011-12-21 14:05 -------- d-----w- c:\program files (x86)\MSI Afterburner
2011-12-17 16:54 . 2011-12-17 16:54 -------- d-----w- c:\programdata\Skype
2011-12-17 16:54 . 2011-12-17 16:54 -------- d-----r- c:\program files (x86)\Skype
2011-12-17 16:52 . 2011-12-17 17:40 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-12-17 16:52 . 2011-12-29 18:22 -------- d-----w- c:\program files (x86)\Steam
2011-12-17 16:49 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-12-17 16:49 . 2010-03-24 06:59 1736608 ----a-w- c:\windows\system32\ntdll.dll
2011-12-17 16:49 . 2010-03-24 06:37 1289528 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-12-17 16:45 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-12-17 16:45 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
2011-12-17 16:40 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-12-17 16:40 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-12-17 16:40 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-12-17 16:40 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-12-17 16:40 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-12-17 16:35 . 2010-12-21 06:13 2003968 ----a-w- c:\windows\system32\msxml6.dll
2011-12-17 16:30 . 2009-12-11 10:29 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-12-17 16:30 . 2009-12-11 09:24 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2011-12-17 16:30 . 2009-12-11 07:39 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2011-12-17 16:30 . 2009-12-11 07:36 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2011-12-17 16:30 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2011-12-17 16:30 . 2010-08-27 03:38 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2011-12-17 16:30 . 2010-08-27 03:37 402944 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-12-17 16:30 . 2009-10-28 06:24 389632 ----a-w- c:\windows\system32\winlogon.exe
2011-12-17 16:30 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-12-17 16:30 . 2010-08-27 03:37 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-12-17 16:14 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-12-17 16:14 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-12-17 16:11 . 2011-12-17 16:11 -------- d-----w- c:\program files (x86)\AMD
2011-12-17 16:04 . 2011-12-17 16:04 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-12-17 15:56 . 2011-12-17 15:56 -------- d-----w- c:\programdata\ASUS OC Profiles
2011-12-17 15:52 . 2010-11-08 13:57 14464 ----a-w- c:\windows\system32\drivers\AiChargerPlus.sys
2011-12-17 15:52 . 2008-12-02 19:05 184320 ----a-w- c:\windows\SysWow64\drivers\UpdateHelper.dll
2011-12-17 15:51 . 2011-12-17 15:51 -------- d-----w- c:\programdata\ASUS
2011-12-17 15:51 . 2011-12-24 15:32 -------- d-----w- c:\program files (x86)\ASUS
2011-12-17 15:51 . 2010-08-24 07:16 13440 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys
2011-12-17 15:51 . 2010-06-29 07:41 28672 ----a-r- c:\windows\SysWow64\AsIO.dll
2011-12-17 15:51 . 2008-01-04 05:34 11832 ------w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2011-12-17 15:41 . 2011-12-17 15:47 -------- d--h--w- c:\windows\msdownld.tmp
2011-12-17 15:35 . 2011-11-30 01:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8933E33-21EE-4EA5-B9A4-74E7716665AD}\mpengine.dll
2011-12-17 15:35 . 2011-11-15 13:29 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-12-17 15:21 . 2011-12-17 15:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-17 15:21 . 2011-12-17 15:21 -------- d-----w- c:\windows\SysWow64\Macromed
2011-12-17 15:21 . 2011-12-17 15:21 -------- d-----w- c:\windows\system32\Macromed
2011-12-17 15:18 . 2011-03-21 13:22 452200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-12-17 15:18 . 2011-03-21 13:22 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-12-17 15:18 . 2011-03-21 13:22 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-12-17 15:17 . 2011-12-17 15:17 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2011-12-17 15:15 . 2009-07-14 01:15 315904 ----a-w- c:\windows\SysWow64\Difxd93e.rra
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 13:45 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-12-18 13:45 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-17 16:06 . 2011-12-17 16:06 249344 ----a-w- c:\windows\system32\webcheck.dll
2011-12-17 16:06 . 2011-12-17 16:06 203776 ----a-w- c:\windows\SysWow64\webcheck.dll
2011-10-22 11:05 . 2011-10-22 11:05 71680 ----a-w- c:\windows\system32\frapsv64.dll
2011-10-22 11:05 . 2011-10-22 11:05 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-29_16.07.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-17 15:13 . 2011-12-29 16:08 27576 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-29 16:08 34298 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-17 15:13 . 2011-12-29 16:08 8474 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-402294361-126543748-1492989729-1000_UserData.bin
- 2011-12-29 16:06 . 2011-12-29 16:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-29 18:28 . 2011-12-29 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-29 16:06 . 2011-12-29 16:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-29 18:28 . 2011-12-29 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-12-29 16:10 651450 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-29 15:41 651450 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-29 16:10 120382 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-29 15:41 120382 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-12-29 16:05 226136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-29 18:27 226136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-17 16:31 . 2011-12-29 18:27 2066520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-402294361-126543748-1492989729-1000-8192.dat
- 2011-12-17 16:31 . 2011-12-29 16:05 2066520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-402294361-126543748-1492989729-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WLMS;Windows Licensing Monitoring Service;c:\windows\system32\wlms\wlms.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-402294361-126543748-1492989729-1000Core.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-17 15:59]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-402294361-126543748-1492989729-1000UA.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-17 15:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-402294361-126543748-1492989729-1000\Software\SecuROM\License information*]
"datasecu"=hex:af,60,29,e9,18,aa,45,27,c4,b0,2a,3e,e1,50,e2,19,ec,cd,ed,4a,cb,
12,3d,24,02,47,17,1c,3f,55,ca,e5,0e,b7,35,d1,c3,7e,7a,f3,48,7a,be,75,62,e2,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
.
**************************************************************************
.
Completion time: 2011-12-29 19:30:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-29 18:30
ComboFix2.txt 2011-12-29 16:09
.
Pre-Run: 634 800 414 720 bytes free
Post-Run: 634 745 135 104 bytes free
.
- - End Of File - - E3C6E208A71FF4190008BC542242991E

chodnik74 · #19 Příspěvek od **chodnik74** » 29 pro 2011 21:57

Pokračujte Malwarebytes..

ferko123 · #20 Příspěvek od **ferko123** » 30 pro 2011 14:00

nič nenašlo

chodnik74 · #21 Příspěvek od **chodnik74** » 30 pro 2011 14:15

Stiskněte klávesovou kombinaci WIN+R( nebo start-spustit ),čímž se vám otevře okno pro zadání příkazu pro spuštění a zkopírujte a vložte sem následujíci text: Combofix /Uninstall a dejte enter

OTC

Spustíme,zmáčkneme CleanUp a potvrdíme YES Program uklidí a následně restartuje

T-Cleaner

Spustíme,zmáčkneme klávesu A a potvrdíme ENTER(některé antiviry mohou detekovat utilitu jako vir-jedá se o falešný poplach,proto IGNOROVAT nebo dočasně vypnout antivir )
po použití T-Cleaner smažte

TFC

Stáhneme a spustíme program
Klikneme na Start a potvrdíme OK
Program začne uklízet,poté restartuje pc
po použití program smažte

Jak se chová počítač?

ferko123 · #22 Příspěvek od **ferko123** » 30 pro 2011 14:25

safe mod stále nejde

chodnik74 · #23 Příspěvek od **chodnik74** » 30 pro 2011 14:30

Jinak žádné problémy nejsou? Napadlo mě.. co zkusit pomocí instal. cd opravu spuštění?

Oprava systému Windows 7

ferko123 · #24 Příspěvek od **ferko123** » 30 pro 2011 14:36

skúsil som opravu mbr a nepomohla

chodnik74 · #25 Příspěvek od **chodnik74** » 30 pro 2011 14:43

MBR nemá s nouzovým režimem nic společného.. Zkoušel jste to podle toho návodu, Oprava spouštění systému ? Pohledám zatím alternativní opravu nouzového režimu, když vám nejsou naše utility, nejspíše je to edicí OS

ferko123 · #26 Příspěvek od **ferko123** » 30 pro 2011 17:55

edicí OS asi ťažko lebo ide o originál

chodnik74 · #27 Příspěvek od **chodnik74** » 30 pro 2011 18:26

to je sice pravda, ale enterprise je nedostupná verze běžným uživatelům...

http://www.viry.cz/forum/viewtopic.php?f=46&t=40338

jinak by vám jedna z utilit pomohla

VIRY.CZ

prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu