Dobrý den.
Chtěl jsem se zeptat jestli je možné, aby můj počítač ovládal někdo jiný přes internet aniž bych zaznamenal jakoukoliv změnu systému (vir, cizí program, apod) Mám podezření že můj notebook někdo ovládá na dálku a vidí přesně co dělám. Pohybuje myší tam kam nechci, brání odpojení od internetu. Děkuji za jakékoliv odpovědi. OS Win.7
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Napadený notebook, ovládaný z jiného PC
Moderátor: Moderátoři
Re: Napadený notebook, ovládaný z jiného PC
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Napadený notebook, ovládaný z jiného PC
Díky za bleskovou odezvu.
Logfile of random's system information tool 1.09 (written by random/random)
Run by dell at 2012-03-12 23:12:21
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 112 GB (74%) free of 153 GB
Total RAM: 3574 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:12:33, on 12.3.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskmgr.exe
C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\dell\Downloads\RSIT.exe
C:\Program Files\trend micro\dell.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\system32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\dell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/ ... emLite.CAB
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: NIHardwareService - Unknown owner - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 4294 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-521157358-41544738-843639662-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-521157358-41544738-843639662-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-521157358-41544738-843639662-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-521157358-41544738-843639662-1003UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"M-Audio Taskbar Icon"=C:\Windows\system32\M-AudioTaskBarIcon.exe [2010-03-16 644104]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"Google Update"=C:\Users\dell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-03-12 23:12:22 ----D---- C:\Program Files\trend micro
2012-03-12 23:12:21 ----D---- C:\rsit
2012-03-12 21:18:04 ----SHD---- C:\Config.Msi
2012-03-10 23:00:44 ----A---- C:\Windows\system32\ReWire.dll
2012-03-10 21:52:25 ----D---- C:\Program Files\VirtualDJ
2012-03-10 20:36:02 ----D---- C:\Program Files\Common Files\Native Instruments
2012-03-10 20:35:58 ----D---- C:\ProgramData\Native Instruments
2012-03-10 18:06:53 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2012-03-10 18:01:52 ----D---- C:\Program Files\Adobe Media Player
2012-03-10 17:59:45 ----D---- C:\Program Files\Common Files\Adobe AIR
2012-03-10 17:59:42 ----D---- C:\Program Files\Adobe
2012-03-10 17:58:43 ----D---- C:\ProgramData\Adobe
2012-03-10 17:56:04 ----D---- C:\Program Files\Common Files\Adobe
2012-03-09 07:18:17 ----D---- C:\Users\dell\AppData\Roaming\M-Audio
2012-03-08 08:05:32 ----A---- C:\Windows\system32\xactengine2_8.dll
2012-03-08 08:05:32 ----A---- C:\Windows\system32\x3daudio1_2.dll
2012-03-08 08:05:31 ----A---- C:\Windows\system32\d3dx10_34.dll
2012-03-08 08:05:31 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2012-03-08 08:05:30 ----A---- C:\Windows\system32\xinput1_3.dll
2012-03-08 08:05:30 ----A---- C:\Windows\system32\d3dx9_34.dll
2012-03-08 08:05:29 ----A---- C:\Windows\system32\xactengine2_7.dll
2012-03-08 08:05:28 ----A---- C:\Windows\system32\d3dx9_33.dll
2012-03-08 08:05:28 ----A---- C:\Windows\system32\d3dx10_33.dll
2012-03-08 08:05:28 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2012-03-08 08:05:27 ----A---- C:\Windows\system32\xactengine2_6.dll
2012-03-08 08:05:25 ----A---- C:\Windows\system32\xactengine2_5.dll
2012-03-08 08:05:25 ----A---- C:\Windows\system32\d3dx10.dll
2012-03-08 08:05:24 ----A---- C:\Windows\system32\xactengine2_4.dll
2012-03-08 08:05:24 ----A---- C:\Windows\system32\x3daudio1_1.dll
2012-03-08 08:05:24 ----A---- C:\Windows\system32\d3dx9_32.dll
2012-03-08 08:05:23 ----A---- C:\Windows\system32\d3dx9_31.dll
2012-03-08 08:05:22 ----A---- C:\Windows\system32\xinput1_2.dll
2012-03-08 08:05:22 ----A---- C:\Windows\system32\xactengine2_3.dll
2012-03-08 08:05:21 ----A---- C:\Windows\system32\xinput1_1.dll
2012-03-08 08:05:21 ----A---- C:\Windows\system32\xactengine2_2.dll
2012-03-08 08:05:20 ----A---- C:\Windows\system32\xactengine2_1.dll
2012-03-08 08:05:09 ----A---- C:\Windows\system32\d3dx9_30.dll
2012-03-08 08:05:08 ----A---- C:\Windows\system32\xactengine2_0.dll
2012-03-08 08:05:08 ----A---- C:\Windows\system32\x3daudio1_0.dll
2012-03-08 08:05:07 ----A---- C:\Windows\system32\d3dx9_29.dll
2012-03-08 08:05:07 ----A---- C:\Windows\system32\d3dx9_28.dll
2012-03-08 08:05:06 ----A---- C:\Windows\system32\d3dx9_27.dll
2012-03-08 08:05:05 ----A---- C:\Windows\system32\d3dx9_26.dll
2012-03-08 08:05:04 ----A---- C:\Windows\system32\d3dx9_25.dll
2012-03-08 08:05:04 ----A---- C:\Windows\system32\d3dx9_24.dll
2012-03-08 07:54:41 ----D---- C:\Program Files\FlatOut2
2012-03-07 23:04:08 ----D---- C:\ProgramData\TOSHIBA
2012-03-07 22:01:37 ----D---- C:\ProgramData\Pinnacle
2012-03-07 13:34:06 ----D---- C:\Program Files\7-Zip
2012-03-06 22:46:52 ----D---- C:\Program Files\PlayReady
2012-03-06 22:44:44 ----A---- C:\Windows\system32\AF15BDAEX.dll
2012-03-06 22:44:40 ----A---- C:\Windows\system32\drivers\AF15BDA.sys
2012-03-06 22:33:32 ----D---- C:\Program Files\M-Audio
2012-03-06 13:31:55 ----D---- C:\Windows\system32\Lang
2012-03-06 13:31:55 ----A---- C:\Windows\system32\TVWizudlg.exe
2012-03-06 13:31:55 ----A---- C:\Windows\system32\igfxtvcx.dll
2012-03-06 13:31:54 ----D---- C:\Program Files\Intel
2012-03-06 13:23:42 ----D---- C:\Intel
2012-03-06 13:20:36 ----D---- C:\dell
2012-03-06 13:14:05 ----D---- C:\Windows\system32\x64
2012-03-06 13:14:05 ----A---- C:\Windows\system32\igxpun.exe
2012-03-06 12:57:11 ----D---- C:\Program Files\Microsoft Security Client
2012-03-05 16:38:18 ----D---- C:\Windows\Minidump
2012-03-02 20:14:55 ----A---- C:\Windows\system32\drivers\SL2Usb.sys
2012-03-02 20:13:45 ----SHD---- C:\Windows\Installer
2012-03-02 20:13:42 ----D---- C:\Windows\Downloaded Installations
2012-03-02 17:09:02 ----D---- C:\music
2012-02-13 16:46:54 ----N---- C:\Windows\system32\MpSigStub.exe
2012-02-13 16:31:30 ----D---- C:\Users\dell\AppData\Roaming\Macromedia
2012-02-13 16:31:28 ----D---- C:\Users\dell\AppData\Roaming\Adobe
2012-02-13 16:31:22 ----D---- C:\Windows\system32\Macromed
======List of files/folders modified in the last 1 month======
2012-03-12 23:12:22 ----RD---- C:\Program Files
2012-03-12 23:11:55 ----D---- C:\Windows\Temp
2012-03-12 22:31:01 ----D---- C:\Windows\System32
2012-03-12 22:31:01 ----D---- C:\Windows\inf
2012-03-12 22:31:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-12 16:22:42 ----D---- C:\Windows\system32\config
2012-03-12 16:12:56 ----SD---- C:\Users\dell\AppData\Roaming\Microsoft
2012-03-12 16:12:29 ----D---- C:\Windows\winsxs
2012-03-12 16:11:12 ----SHD---- C:\System Volume Information
2012-03-11 00:31:58 ----D---- C:\Windows\system32\NDF
2012-03-10 23:14:10 ----HD---- C:\ProgramData
2012-03-10 23:13:17 ----D---- C:\Windows\system32\catroot
2012-03-10 23:13:16 ----D---- C:\Windows\system32\DriverStore
2012-03-10 22:27:56 ----D---- C:\Windows\system32\FxsTmp
2012-03-10 21:52:59 ----RSD---- C:\Windows\Fonts
2012-03-10 21:46:24 ----D---- C:\Program Files\Common Files
2012-03-10 16:51:44 ----D---- C:\Windows\Prefetch
2012-03-10 11:46:47 ----D---- C:\Windows\system32\catroot2
2012-03-10 06:52:17 ----D---- C:\Windows
2012-03-09 13:29:59 ----D---- C:\Windows\Tasks
2012-03-09 13:29:59 ----D---- C:\Windows\system32\Tasks
2012-03-09 07:35:14 ----D---- C:\Windows\system32\wdi
2012-03-08 10:42:48 ----D---- C:\Windows\system32\LogFiles
2012-03-08 08:05:20 ----RSD---- C:\Windows\assembly
2012-03-08 08:05:11 ----D---- C:\Windows\Microsoft.NET
2012-03-07 23:14:32 ----D---- C:\Windows\Downloaded Program Files
2012-03-07 22:52:37 ----D---- C:\Windows\system32\drivers
2012-03-07 11:05:29 ----SHD---- C:\$Recycle.Bin
2012-03-07 11:05:17 ----RD---- C:\Users
2012-03-06 22:46:52 ----SD---- C:\ProgramData\Microsoft
2012-03-02 17:08:04 ----D---- C:\Windows\system32\drivers\UMDF
2012-02-13 16:45:48 ----D---- C:\Windows\SoftwareDistribution
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WinUsb;Ovladač WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 35968]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 AF15BDA;AF9015 BDA Device; C:\Windows\system32\DRIVERS\AF15BDA.sys [2012-03-06 483200]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 MADFUCONECTIV;Service for M-Audio Conectiv DFU; C:\Windows\system32\DRIVERS\MAudioConectiv_DFU.sys [2010-03-16 42248]
S3 MAUSBCONECTIV;Service for M-Audio Conectiv; C:\Windows\system32\DRIVERS\MAudioConectiv.sys [2010-03-16 158344]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SL2Usb;SL2 Driver; C:\Windows\System32\Drivers\SL2Usb.sys [2011-09-13 46200]
S3 SL2UsbNoSSL;SL2 Driver No SSL; C:\Windows\System32\Drivers\SL2UsbNoSSL.sys [2011-09-13 46200]
S3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2009-06-17 46984]
S3 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2009-07-28 69480]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe []
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by dell at 2012-03-12 23:12:21
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 112 GB (74%) free of 153 GB
Total RAM: 3574 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:12:33, on 12.3.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskmgr.exe
C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\dell\Downloads\RSIT.exe
C:\Program Files\trend micro\dell.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\system32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\dell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/ ... emLite.CAB
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: NIHardwareService - Unknown owner - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 4294 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-521157358-41544738-843639662-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-521157358-41544738-843639662-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-521157358-41544738-843639662-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-521157358-41544738-843639662-1003UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"M-Audio Taskbar Icon"=C:\Windows\system32\M-AudioTaskBarIcon.exe [2010-03-16 644104]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"Google Update"=C:\Users\dell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-03-12 23:12:22 ----D---- C:\Program Files\trend micro
2012-03-12 23:12:21 ----D---- C:\rsit
2012-03-12 21:18:04 ----SHD---- C:\Config.Msi
2012-03-10 23:00:44 ----A---- C:\Windows\system32\ReWire.dll
2012-03-10 21:52:25 ----D---- C:\Program Files\VirtualDJ
2012-03-10 20:36:02 ----D---- C:\Program Files\Common Files\Native Instruments
2012-03-10 20:35:58 ----D---- C:\ProgramData\Native Instruments
2012-03-10 18:06:53 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2012-03-10 18:01:52 ----D---- C:\Program Files\Adobe Media Player
2012-03-10 17:59:45 ----D---- C:\Program Files\Common Files\Adobe AIR
2012-03-10 17:59:42 ----D---- C:\Program Files\Adobe
2012-03-10 17:58:43 ----D---- C:\ProgramData\Adobe
2012-03-10 17:56:04 ----D---- C:\Program Files\Common Files\Adobe
2012-03-09 07:18:17 ----D---- C:\Users\dell\AppData\Roaming\M-Audio
2012-03-08 08:05:32 ----A---- C:\Windows\system32\xactengine2_8.dll
2012-03-08 08:05:32 ----A---- C:\Windows\system32\x3daudio1_2.dll
2012-03-08 08:05:31 ----A---- C:\Windows\system32\d3dx10_34.dll
2012-03-08 08:05:31 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2012-03-08 08:05:30 ----A---- C:\Windows\system32\xinput1_3.dll
2012-03-08 08:05:30 ----A---- C:\Windows\system32\d3dx9_34.dll
2012-03-08 08:05:29 ----A---- C:\Windows\system32\xactengine2_7.dll
2012-03-08 08:05:28 ----A---- C:\Windows\system32\d3dx9_33.dll
2012-03-08 08:05:28 ----A---- C:\Windows\system32\d3dx10_33.dll
2012-03-08 08:05:28 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2012-03-08 08:05:27 ----A---- C:\Windows\system32\xactengine2_6.dll
2012-03-08 08:05:25 ----A---- C:\Windows\system32\xactengine2_5.dll
2012-03-08 08:05:25 ----A---- C:\Windows\system32\d3dx10.dll
2012-03-08 08:05:24 ----A---- C:\Windows\system32\xactengine2_4.dll
2012-03-08 08:05:24 ----A---- C:\Windows\system32\x3daudio1_1.dll
2012-03-08 08:05:24 ----A---- C:\Windows\system32\d3dx9_32.dll
2012-03-08 08:05:23 ----A---- C:\Windows\system32\d3dx9_31.dll
2012-03-08 08:05:22 ----A---- C:\Windows\system32\xinput1_2.dll
2012-03-08 08:05:22 ----A---- C:\Windows\system32\xactengine2_3.dll
2012-03-08 08:05:21 ----A---- C:\Windows\system32\xinput1_1.dll
2012-03-08 08:05:21 ----A---- C:\Windows\system32\xactengine2_2.dll
2012-03-08 08:05:20 ----A---- C:\Windows\system32\xactengine2_1.dll
2012-03-08 08:05:09 ----A---- C:\Windows\system32\d3dx9_30.dll
2012-03-08 08:05:08 ----A---- C:\Windows\system32\xactengine2_0.dll
2012-03-08 08:05:08 ----A---- C:\Windows\system32\x3daudio1_0.dll
2012-03-08 08:05:07 ----A---- C:\Windows\system32\d3dx9_29.dll
2012-03-08 08:05:07 ----A---- C:\Windows\system32\d3dx9_28.dll
2012-03-08 08:05:06 ----A---- C:\Windows\system32\d3dx9_27.dll
2012-03-08 08:05:05 ----A---- C:\Windows\system32\d3dx9_26.dll
2012-03-08 08:05:04 ----A---- C:\Windows\system32\d3dx9_25.dll
2012-03-08 08:05:04 ----A---- C:\Windows\system32\d3dx9_24.dll
2012-03-08 07:54:41 ----D---- C:\Program Files\FlatOut2
2012-03-07 23:04:08 ----D---- C:\ProgramData\TOSHIBA
2012-03-07 22:01:37 ----D---- C:\ProgramData\Pinnacle
2012-03-07 13:34:06 ----D---- C:\Program Files\7-Zip
2012-03-06 22:46:52 ----D---- C:\Program Files\PlayReady
2012-03-06 22:44:44 ----A---- C:\Windows\system32\AF15BDAEX.dll
2012-03-06 22:44:40 ----A---- C:\Windows\system32\drivers\AF15BDA.sys
2012-03-06 22:33:32 ----D---- C:\Program Files\M-Audio
2012-03-06 13:31:55 ----D---- C:\Windows\system32\Lang
2012-03-06 13:31:55 ----A---- C:\Windows\system32\TVWizudlg.exe
2012-03-06 13:31:55 ----A---- C:\Windows\system32\igfxtvcx.dll
2012-03-06 13:31:54 ----D---- C:\Program Files\Intel
2012-03-06 13:23:42 ----D---- C:\Intel
2012-03-06 13:20:36 ----D---- C:\dell
2012-03-06 13:14:05 ----D---- C:\Windows\system32\x64
2012-03-06 13:14:05 ----A---- C:\Windows\system32\igxpun.exe
2012-03-06 12:57:11 ----D---- C:\Program Files\Microsoft Security Client
2012-03-05 16:38:18 ----D---- C:\Windows\Minidump
2012-03-02 20:14:55 ----A---- C:\Windows\system32\drivers\SL2Usb.sys
2012-03-02 20:13:45 ----SHD---- C:\Windows\Installer
2012-03-02 20:13:42 ----D---- C:\Windows\Downloaded Installations
2012-03-02 17:09:02 ----D---- C:\music
2012-02-13 16:46:54 ----N---- C:\Windows\system32\MpSigStub.exe
2012-02-13 16:31:30 ----D---- C:\Users\dell\AppData\Roaming\Macromedia
2012-02-13 16:31:28 ----D---- C:\Users\dell\AppData\Roaming\Adobe
2012-02-13 16:31:22 ----D---- C:\Windows\system32\Macromed
======List of files/folders modified in the last 1 month======
2012-03-12 23:12:22 ----RD---- C:\Program Files
2012-03-12 23:11:55 ----D---- C:\Windows\Temp
2012-03-12 22:31:01 ----D---- C:\Windows\System32
2012-03-12 22:31:01 ----D---- C:\Windows\inf
2012-03-12 22:31:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-12 16:22:42 ----D---- C:\Windows\system32\config
2012-03-12 16:12:56 ----SD---- C:\Users\dell\AppData\Roaming\Microsoft
2012-03-12 16:12:29 ----D---- C:\Windows\winsxs
2012-03-12 16:11:12 ----SHD---- C:\System Volume Information
2012-03-11 00:31:58 ----D---- C:\Windows\system32\NDF
2012-03-10 23:14:10 ----HD---- C:\ProgramData
2012-03-10 23:13:17 ----D---- C:\Windows\system32\catroot
2012-03-10 23:13:16 ----D---- C:\Windows\system32\DriverStore
2012-03-10 22:27:56 ----D---- C:\Windows\system32\FxsTmp
2012-03-10 21:52:59 ----RSD---- C:\Windows\Fonts
2012-03-10 21:46:24 ----D---- C:\Program Files\Common Files
2012-03-10 16:51:44 ----D---- C:\Windows\Prefetch
2012-03-10 11:46:47 ----D---- C:\Windows\system32\catroot2
2012-03-10 06:52:17 ----D---- C:\Windows
2012-03-09 13:29:59 ----D---- C:\Windows\Tasks
2012-03-09 13:29:59 ----D---- C:\Windows\system32\Tasks
2012-03-09 07:35:14 ----D---- C:\Windows\system32\wdi
2012-03-08 10:42:48 ----D---- C:\Windows\system32\LogFiles
2012-03-08 08:05:20 ----RSD---- C:\Windows\assembly
2012-03-08 08:05:11 ----D---- C:\Windows\Microsoft.NET
2012-03-07 23:14:32 ----D---- C:\Windows\Downloaded Program Files
2012-03-07 22:52:37 ----D---- C:\Windows\system32\drivers
2012-03-07 11:05:29 ----SHD---- C:\$Recycle.Bin
2012-03-07 11:05:17 ----RD---- C:\Users
2012-03-06 22:46:52 ----SD---- C:\ProgramData\Microsoft
2012-03-02 17:08:04 ----D---- C:\Windows\system32\drivers\UMDF
2012-02-13 16:45:48 ----D---- C:\Windows\SoftwareDistribution
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WinUsb;Ovladač WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 35968]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 AF15BDA;AF9015 BDA Device; C:\Windows\system32\DRIVERS\AF15BDA.sys [2012-03-06 483200]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 MADFUCONECTIV;Service for M-Audio Conectiv DFU; C:\Windows\system32\DRIVERS\MAudioConectiv_DFU.sys [2010-03-16 42248]
S3 MAUSBCONECTIV;Service for M-Audio Conectiv; C:\Windows\system32\DRIVERS\MAudioConectiv.sys [2010-03-16 158344]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SL2Usb;SL2 Driver; C:\Windows\System32\Drivers\SL2Usb.sys [2011-09-13 46200]
S3 SL2UsbNoSSL;SL2 Driver No SSL; C:\Windows\System32\Drivers\SL2UsbNoSSL.sys [2011-09-13 46200]
S3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2009-06-17 46984]
S3 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2009-07-28 69480]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe []
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
-----------------EOF-----------------
Re: Napadený notebook, ovládaný z jiného PC
Systém je legální?
Stáhněte TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
- a uložte ho na plochu.
- 2x klikněte na ikonu programu a spusťte
- dejte volbu Spustit kontrolu - pak potvrdte start sken
- pokud program najde infikovaný soubor, ukáže se Vám předvolená akce Cure, v tom případě potvrdte tlačítko Continue
- pokud bude chtít program restartovat počítač, klikněte na tlačítko Reboot Now
- pokud si restart nevyžádá, klikněte na tlačítko Report. Měl vy na Vás vyskočit log, obsah logu zkopírujte do svého topicu.
- pokud se log nezobrazí, je uložený ve Vašem kořenovém adresáři.
Stáhněte TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe- a uložte ho na plochu.
- 2x klikněte na ikonu programu a spusťte
- dejte volbu Spustit kontrolu - pak potvrdte start sken
- pokud program najde infikovaný soubor, ukáže se Vám předvolená akce Cure, v tom případě potvrdte tlačítko Continue
- pokud bude chtít program restartovat počítač, klikněte na tlačítko Reboot Now
- pokud si restart nevyžádá, klikněte na tlačítko Report. Měl vy na Vás vyskočit log, obsah logu zkopírujte do svého topicu.
- pokud se log nezobrazí, je uložený ve Vašem kořenovém adresáři.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Napadený notebook, ovládaný z jiného PC
Systém se tváří legálně je aktivován a je tam ta modrá cihlička. Notebook jsem v tomto stavu nedávno zakoupil přes internet. Licenční štítek nemá. TDSSKiller neobjevil nic.
Re: Napadený notebook, ovládaný z jiného PC
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Napadený notebook, ovládaný z jiného PC
ComboFix 12-03-12.03 - dell 13.03.2012 6:57.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3574.2649 [GMT 1:00]
Spuštěný z: c:\users\dell\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\AF15BDAEX.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-13 do 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 06:10 . 2012-03-13 06:10 -------- d-----w- c:\users\dell\AppData\Local\temp
2012-03-13 06:10 . 2012-03-13 06:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-12 22:12 . 2012-03-12 22:12 -------- d-----w- c:\program files\trend micro
2012-03-12 22:12 . 2012-03-12 22:12 -------- d-----w- C:\rsit
2012-03-12 13:52 . 2012-02-07 21:03 6552120 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5AC9F215-73E3-41D7-93B3-C75ED1626C3F}\mpengine.dll
2012-03-10 22:00 . 2007-03-26 07:12 368640 ----a-w- c:\windows\system32\ReWire.dll
2012-03-10 20:52 . 2012-03-10 21:01 -------- d-----w- c:\program files\VirtualDJ
2012-03-10 19:36 . 2012-03-10 20:51 -------- d-----w- c:\program files\Common Files\Native Instruments
2012-03-10 19:35 . 2012-03-10 20:26 -------- d-----w- c:\programdata\Native Instruments
2012-03-10 17:06 . 2012-03-10 17:06 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-03-10 17:01 . 2012-03-10 17:01 -------- d-----w- c:\program files\Adobe Media Player
2012-03-10 16:59 . 2012-03-10 16:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-03-10 16:56 . 2012-03-12 15:12 -------- d-----w- c:\program files\Common Files\Adobe
2012-03-10 16:52 . 2012-03-12 15:12 -------- d-----w- c:\users\dell\AppData\Local\Adobe
2012-03-09 06:18 . 2012-03-09 06:18 -------- d-----w- c:\users\dell\AppData\Roaming\M-Audio
2012-03-08 12:12 . 2012-03-08 12:12 -------- d-----w- c:\users\dell\AppData\Local\Diagnostics
2012-03-08 06:54 . 2012-03-08 07:01 -------- d-----w- c:\program files\FlatOut2
2012-03-07 22:04 . 2012-03-09 07:08 -------- d-----w- c:\programdata\TOSHIBA
2012-03-07 22:02 . 2012-03-07 22:02 -------- d-----w- c:\users\dell\AppData\Local\Toshiba
2012-03-07 21:09 . 2012-02-07 21:03 6552120 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-07 21:01 . 2012-03-07 21:01 -------- d-----w- c:\programdata\Pinnacle
2012-03-07 12:34 . 2012-03-07 12:34 -------- d-----w- c:\program files\7-Zip
2012-03-07 10:05 . 2012-03-07 10:05 -------- d-----w- c:\users\Jomana Hjubá
2012-03-06 21:46 . 2012-03-06 21:46 -------- d-----w- c:\program files\PlayReady
2012-03-06 21:44 . 2012-03-06 21:44 245 ----a-w- c:\windows\system32\AF15IRTBL.bin
2012-03-06 21:44 . 2012-03-06 21:44 483200 ----a-w- c:\windows\system32\drivers\AF15BDA.sys
2012-03-06 21:33 . 2012-03-10 22:00 -------- d-----w- c:\program files\M-Audio
2012-03-06 12:31 . 2012-03-06 12:31 -------- d-----w- c:\windows\system32\Lang
2012-03-06 12:31 . 2009-09-23 10:50 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2012-03-06 12:31 . 2009-09-23 10:49 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2012-03-06 12:31 . 2012-03-06 12:31 -------- d-----w- c:\program files\Intel
2012-03-06 12:23 . 2012-03-06 12:23 -------- d-----w- C:\Intel
2012-03-06 12:20 . 2012-03-06 12:20 -------- d-----w- C:\dell
2012-03-06 12:14 . 2012-03-06 12:14 -------- d-----w- c:\windows\system32\x64
2012-03-06 12:14 . 2009-09-23 18:30 1002008 ----a-w- c:\windows\system32\igxpun.exe
2012-03-06 12:03 . 2012-03-06 12:03 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E6093FB-BEA0-4167-8D2C-E2D585F35D5D}\gapaengine.dll
2012-03-06 12:00 . 2012-03-06 12:01 -------- d-----w- c:\users\dell\AppData\Local\Google
2012-03-06 11:59 . 2012-03-06 11:59 -------- d-----w- c:\users\dell\AppData\Local\Apps
2012-03-06 11:59 . 2012-03-06 12:00 -------- d-----w- c:\users\dell\AppData\Local\Deployment
2012-03-06 11:57 . 2012-03-06 11:57 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-02 19:14 . 2011-09-13 11:48 46200 ----a-w- c:\windows\system32\drivers\SL2Usb.sys
2012-03-02 19:13 . 2012-03-12 20:19 -------- d-sh--w- c:\windows\Installer
2012-03-02 19:13 . 2012-03-02 19:13 -------- d-----w- c:\windows\Downloaded Installations
2012-03-02 16:09 . 2012-03-07 21:34 -------- d-----w- C:\music
2012-02-13 15:46 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-13 15:46 . 2012-01-17 03:39 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2069BF7-2C93-421B-AC2F-F118CC48DA50}\mpengine.dll
2012-02-13 15:31 . 2012-03-12 18:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-13 15:31 . 2012-02-13 15:31 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-03-16 644104]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
R3 MADFUCONECTIV;Service for M-Audio Conectiv DFU;c:\windows\system32\DRIVERS\MAudioConectiv_DFU.sys [2010-03-16 42248]
R3 MAUSBCONECTIV;Service for M-Audio Conectiv;c:\windows\system32\DRIVERS\MAudioConectiv.sys [2010-03-16 158344]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 SL2Usb;SL2 Driver;c:\windows\system32\Drivers\SL2Usb.sys [2011-09-13 46200]
R3 SL2UsbNoSSL;SL2 Driver No SSL;c:\windows\system32\Drivers\SL2UsbNoSSL.sys [2011-09-13 46200]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-521157358-41544738-843639662-1000Core.job
- c:\users\dell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 12:00]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-521157358-41544738-843639662-1000UA.job
- c:\users\dell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 12:00]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-03-13 07:14:57
ComboFix-quarantined-files.txt 2012-03-13 06:14
.
Před spuštěním: Volných bajtů: 117 854 806 016
Po spuštění: Volných bajtů: 117 678 407 680
.
- - End Of File - - 619F4ED96C7ECB11CB47F99DD90FF414
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3574.2649 [GMT 1:00]
Spuštěný z: c:\users\dell\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\AF15BDAEX.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-13 do 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 06:10 . 2012-03-13 06:10 -------- d-----w- c:\users\dell\AppData\Local\temp
2012-03-13 06:10 . 2012-03-13 06:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-12 22:12 . 2012-03-12 22:12 -------- d-----w- c:\program files\trend micro
2012-03-12 22:12 . 2012-03-12 22:12 -------- d-----w- C:\rsit
2012-03-12 13:52 . 2012-02-07 21:03 6552120 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5AC9F215-73E3-41D7-93B3-C75ED1626C3F}\mpengine.dll
2012-03-10 22:00 . 2007-03-26 07:12 368640 ----a-w- c:\windows\system32\ReWire.dll
2012-03-10 20:52 . 2012-03-10 21:01 -------- d-----w- c:\program files\VirtualDJ
2012-03-10 19:36 . 2012-03-10 20:51 -------- d-----w- c:\program files\Common Files\Native Instruments
2012-03-10 19:35 . 2012-03-10 20:26 -------- d-----w- c:\programdata\Native Instruments
2012-03-10 17:06 . 2012-03-10 17:06 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-03-10 17:01 . 2012-03-10 17:01 -------- d-----w- c:\program files\Adobe Media Player
2012-03-10 16:59 . 2012-03-10 16:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-03-10 16:56 . 2012-03-12 15:12 -------- d-----w- c:\program files\Common Files\Adobe
2012-03-10 16:52 . 2012-03-12 15:12 -------- d-----w- c:\users\dell\AppData\Local\Adobe
2012-03-09 06:18 . 2012-03-09 06:18 -------- d-----w- c:\users\dell\AppData\Roaming\M-Audio
2012-03-08 12:12 . 2012-03-08 12:12 -------- d-----w- c:\users\dell\AppData\Local\Diagnostics
2012-03-08 06:54 . 2012-03-08 07:01 -------- d-----w- c:\program files\FlatOut2
2012-03-07 22:04 . 2012-03-09 07:08 -------- d-----w- c:\programdata\TOSHIBA
2012-03-07 22:02 . 2012-03-07 22:02 -------- d-----w- c:\users\dell\AppData\Local\Toshiba
2012-03-07 21:09 . 2012-02-07 21:03 6552120 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-07 21:01 . 2012-03-07 21:01 -------- d-----w- c:\programdata\Pinnacle
2012-03-07 12:34 . 2012-03-07 12:34 -------- d-----w- c:\program files\7-Zip
2012-03-07 10:05 . 2012-03-07 10:05 -------- d-----w- c:\users\Jomana Hjubá
2012-03-06 21:46 . 2012-03-06 21:46 -------- d-----w- c:\program files\PlayReady
2012-03-06 21:44 . 2012-03-06 21:44 245 ----a-w- c:\windows\system32\AF15IRTBL.bin
2012-03-06 21:44 . 2012-03-06 21:44 483200 ----a-w- c:\windows\system32\drivers\AF15BDA.sys
2012-03-06 21:33 . 2012-03-10 22:00 -------- d-----w- c:\program files\M-Audio
2012-03-06 12:31 . 2012-03-06 12:31 -------- d-----w- c:\windows\system32\Lang
2012-03-06 12:31 . 2009-09-23 10:50 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2012-03-06 12:31 . 2009-09-23 10:49 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2012-03-06 12:31 . 2012-03-06 12:31 -------- d-----w- c:\program files\Intel
2012-03-06 12:23 . 2012-03-06 12:23 -------- d-----w- C:\Intel
2012-03-06 12:20 . 2012-03-06 12:20 -------- d-----w- C:\dell
2012-03-06 12:14 . 2012-03-06 12:14 -------- d-----w- c:\windows\system32\x64
2012-03-06 12:14 . 2009-09-23 18:30 1002008 ----a-w- c:\windows\system32\igxpun.exe
2012-03-06 12:03 . 2012-03-06 12:03 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E6093FB-BEA0-4167-8D2C-E2D585F35D5D}\gapaengine.dll
2012-03-06 12:00 . 2012-03-06 12:01 -------- d-----w- c:\users\dell\AppData\Local\Google
2012-03-06 11:59 . 2012-03-06 11:59 -------- d-----w- c:\users\dell\AppData\Local\Apps
2012-03-06 11:59 . 2012-03-06 12:00 -------- d-----w- c:\users\dell\AppData\Local\Deployment
2012-03-06 11:57 . 2012-03-06 11:57 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-02 19:14 . 2011-09-13 11:48 46200 ----a-w- c:\windows\system32\drivers\SL2Usb.sys
2012-03-02 19:13 . 2012-03-12 20:19 -------- d-sh--w- c:\windows\Installer
2012-03-02 19:13 . 2012-03-02 19:13 -------- d-----w- c:\windows\Downloaded Installations
2012-03-02 16:09 . 2012-03-07 21:34 -------- d-----w- C:\music
2012-02-13 15:46 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-13 15:46 . 2012-01-17 03:39 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2069BF7-2C93-421B-AC2F-F118CC48DA50}\mpengine.dll
2012-02-13 15:31 . 2012-03-12 18:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-13 15:31 . 2012-02-13 15:31 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-03-16 644104]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
R3 MADFUCONECTIV;Service for M-Audio Conectiv DFU;c:\windows\system32\DRIVERS\MAudioConectiv_DFU.sys [2010-03-16 42248]
R3 MAUSBCONECTIV;Service for M-Audio Conectiv;c:\windows\system32\DRIVERS\MAudioConectiv.sys [2010-03-16 158344]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 SL2Usb;SL2 Driver;c:\windows\system32\Drivers\SL2Usb.sys [2011-09-13 46200]
R3 SL2UsbNoSSL;SL2 Driver No SSL;c:\windows\system32\Drivers\SL2UsbNoSSL.sys [2011-09-13 46200]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-521157358-41544738-843639662-1000Core.job
- c:\users\dell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 12:00]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-521157358-41544738-843639662-1000UA.job
- c:\users\dell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 12:00]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-03-13 07:14:57
ComboFix-quarantined-files.txt 2012-03-13 06:14
.
Před spuštěním: Volných bajtů: 117 854 806 016
Po spuštění: Volných bajtů: 117 678 407 680
.
- - End Of File - - 619F4ED96C7ECB11CB47F99DD90FF414
Re: Napadený notebook, ovládaný z jiného PC
Po použití combofixu to vypadá jak?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?