Live security platinum

Zpráva

matob · #1 Příspěvek od **matob** » 31 črc 2012 12:42

Zdravim vas,

mam problem s odstranenim "antivirusu" Live security platinum. Vcera som behal po nete a s googla som sa dostal na neznamu stranku, kde sa mi do PC (ani neviem ako) stiahol "antivir" Live security platinum. Eset mi sice ohlasil, ze stranka je zavirena, okamzite som preto zavrel prehliadac, no hned nato mi vyskocilo okno toho "antiviru" a zacalo hladat v PC virusy, naslo ich asi 30 a od vtedy mi neislo spustit ani internet ani mail a ani ziadny program. Cez NB som zistil na nete, ze sa nejedna o antivirus ale ze program je sam vir. Preto som ho chcel odstranit s PC - nejde ani cez tento pocitac odstranenim programu, ani vymazat cez ESET (ESET mi po kontrole PC hlasi 1 infiltraciu najdenu a aj vyliecenu no po dalsej smart konrole PC mi ju hlasi opat) Jedine co mi pomohlo je zadanie reg. cisla ktore som nasiel na internete na vypnutie hlaseni, avsak vir v PC stale ostal. Viete mi poradit ako ho uplne odstranit. Uz od vcera sa s tym babrem a nic nepomaha.

dakujem za pomoc

#2 Příspěvek od **vyosek** » 31 črc 2012 13:20

Zdravim a pekny den preji

Stahnete RKill http://download.bleepingcomputer.com/gr ... /rkill.exe

Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
Na plose vznikne log Rkill.txt ten mi sem vlozte
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895

matob · #3 Příspěvek od **matob** » 31 črc 2012 13:46

Zdravim Vas,

link na ten prvy program RKill nefunguje pise mi 404 - Not Found

#4 Příspěvek od **vyosek** » 31 črc 2012 17:02

Omlouvam se, kolegove z BC jiz jej dalil na standardni download

Takze jej stahnete odsud http://download.bleepingcomputer.com/grinler/rkill.com ci http://download.bleepingcomputer.com/grinler/rkill.exe

matob · #5 Příspěvek od **matob** » 31 črc 2012 18:40

Pripájam logy:

Rkill
Rkill by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/31/2012 07:31:28 PM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Windows\DAODx.exe (PID: 1772) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!

Performing miscellaneous checks.

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 07/31/2012 07:31:47 PM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)

RogueKiller

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ: Mato [Práva Správcu]
Režim: Kontrola -- Dátum: 07/31/2012 19:35:59

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrov: 5 ¤¤¤
[SUSP PATH] RunDAOD.job @ : C:\Windows\DAODx.exe -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač: [NENAHRATÉ] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
127.0.0.1 localhost
127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-00E4A0 ATA Device +++++
--- User ---
[MBR] 4b59bd1d15a0f90646c571c8c6c3acba
[BSP] cc034279497eb46786413160f3ab4652 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončené : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Mato at 2012-07-31 19:37:05
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 321 GB (67%) free of 477 GB
Total RAM: 4094 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:37:07, on 31/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Windows\SysWOW64\svchost.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Users\Mato\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Mato\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files\trend micro\Mato.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mato\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_354A05B57A4B504E6661C4A15ED5CBC2] "C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-21-2946608544-2022577908-253706971-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2946608544-2022577908-253706971-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = Mato\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15316 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
taskeng.exe {EA313275-19CC-46C8-977F-D6A2C43CBC14}
"C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe"
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\ASUS.SYS\config\DVMExportService.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe" -s DefaultInstance
"C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
"c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Users\Mato\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
"C:\Users\Mato\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
"C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\system32\wbem\wmiprvse.exe
WLIDSvcM.exe 2864
"C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/IdleSktToImpact/idle_timeout_10/Instant/INSTANT/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight1.0/OmniboxSearchSuggest/1/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/spdy3/UMA-Uniformity-Trial-1-Percent/group_64/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="2448.0.668373209\1730579011" /prefetch:3
"C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2448.1.1599296934\128004573" --ignored=" --type=renderer " /prefetch:12
"nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe" -s DefaultInstance
"C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/INSTANT/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight1.0/OmniboxSearchSuggest/1/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/spdy3/UMA-Uniformity-Trial-1-Percent/group_64/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="2448.2.787892722\1563991481" /prefetch:3
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files\iPod\bin\iPodService.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Deskjet F4100 series#1316533906" -Startup
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\system32\AUDIODG.EXE 0x898
"C:\Windows\explorer.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4776.150122e0.266558823 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 4776 "\\.\pipe\gecko-crash-server-pipe.4776" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe" --proxy-stub-channel=Flash5652.6341EE30.41 --host-broker-channel=Flash5652.6341EE30.18467 --host-pid=5652 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe" --channel=6424.0029F2FC.180414214 --proxy-stub-channel=Flash5652.6341EE30.41 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll" --host-npapi-version=27 --type=renderer
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe10_ Global\UsGthrCtrlFltPipeMssGthrPipe10 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Mato\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2946608544-2022577908-253706971-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2946608544-2022577908-253706971-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Mato\AppData\Roaming\Mozilla\Firefox\Profiles\hp7w34yb.default

prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "keyword.URL" - "http://isearch.avg.com/search?cid=%7Bfd ... &sap=ku&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.265 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=Zásvuný modul iTunes Detector
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.4.1]
"Description"=
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.265 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
libdivx.dll
np-mswmp.dll
npdivx32.dll
npdivx32.xpt
npwachk.dll
ssldivx.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
avg-secure-search.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
yahoo.xml
zoznam-sk.xml

C:\Users\Mato\AppData\Roaming\Mozilla\Firefox\Profiles\hp7w34yb.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01 1144072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04 157576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01 1144072]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 4035152]
"fssui"=C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [2012-03-08 884584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"Google Update"=C:\Users\Mato\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-29 116648]
"GoogleChromeAutoLaunch_354A05B57A4B504E6661C4A15ED5CBC2"=C:\Users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe [2012-07-10 1250328]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-03-09 336384]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2010-03-15 2369536]
"TurboV EVO"=C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [2010-07-15 9936512]
"Six Engine"=C:\Program Files (x86)\ASUS\EPU\EPU.exe [2010-03-16 5309056]
"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2009-10-26 375000]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-04-27 113288]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2010-01-19 43632]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-05-30 59280]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2012-04-18 421888]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-06-07 421776]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2010-12-02 74752]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Mato\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-09-02 249344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=145
"HideSCAHealth"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - "C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 month======

2012-07-31 19:03:02 ----D---- C:\Program Files (x86)\DivX
2012-07-30 22:39:35 ----D---- C:\ProgramData\Kaspersky Lab
2012-07-30 21:19:09 ----D---- C:\ProgramData\7531E8D90008F2410000F319F875F002
2012-07-29 18:12:11 ----D---- C:\Program Files (x86)\AAALOGO
2012-07-29 14:49:45 ----A---- C:\Windows\iun6002.exe
2012-07-29 14:48:27 ----D---- C:\Program Files (x86)\WYSIWYG Web Builder 8
2012-07-29 14:48:15 ----A---- C:\Windows\WYSIWYG Web Builder 8 Setup Log.txt
2012-07-29 14:41:28 ----D---- C:\Program Files (x86)\Default Company Name
2012-07-23 22:42:26 ----D---- C:\Users\Mato\AppData\Roaming\Common
2012-07-23 22:42:25 ----D---- C:\Jazler Database Backups
2012-07-23 22:39:28 ----A---- C:\Windows\SYSWOW64\SmartSubClass.dll
2012-07-23 22:39:28 ----A---- C:\Windows\SYSWOW64\MSDBRPTR.DLL
2012-07-23 22:39:28 ----A---- C:\Windows\SYSWOW64\hasp_windows_66147.dll
2012-07-23 22:39:28 ----A---- C:\Windows\SYSWOW64\ccrpTmr6.dll
2012-07-23 22:39:28 ----A---- C:\Windows\SYSWOW64\AudioGenie2.dll
2012-07-23 22:39:27 ----A---- C:\Windows\SYSWOW64\MSBIND.DLL
2012-07-23 22:39:26 ----A---- C:\Windows\SYSWOW64\MSDERUN.DLL
2012-07-23 22:39:26 ----A---- C:\Windows\SYSWOW64\actrpt2.dll
2012-07-23 22:39:20 ----D---- C:\Jazler RadioStar 2 Demo
2012-07-21 19:33:57 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-07-21 19:31:24 ----D---- C:\Program Files\Microsoft SQL Server
2012-07-21 19:31:18 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2012-07-21 19:05:03 ----D---- C:\IExp1.tmp
2012-07-21 19:04:56 ----D---- C:\Windows\RegisteredPackages
2012-07-21 19:04:56 ----D---- C:\IExp0.tmp
2012-07-21 19:04:55 ----HD---- C:\Windows\msdownld.tmp
2012-07-21 19:04:54 ----D---- C:\Program Files (x86)\Windows Media Components
2012-07-21 19:04:31 ----D---- C:\MEGAMIX
2012-07-21 17:23:28 ----D---- C:\Program Files (x86)\VirtualDJ
2012-07-21 15:04:20 ----D---- C:\Program Files (x86)\Winamp Detect
2012-07-21 15:04:00 ----D---- C:\Users\Mato\AppData\Roaming\Winamp
2012-07-21 15:04:00 ----D---- C:\Program Files (x86)\Winamp
2012-07-20 21:05:38 ----D---- C:\Program Files (x86)\RadioDJ
2012-07-20 20:49:38 ----D---- C:\Program Files\SHOUTcast
2012-07-20 17:12:53 ----D---- C:\ProgramData\firebird
2012-07-15 13:49:00 ----D---- C:\Program Files (x86)\StationPlaylist
2012-07-14 21:11:10 ----A---- C:\Windows\SYSWOW64\GDS32.DLL
2012-07-14 21:10:53 ----D---- C:\Program Files (x86)\Firebird
2012-07-14 21:10:47 ----D---- C:\Program Files (x86)\SpacialAudio
2012-07-13 22:16:21 ----D---- C:\Program Files (x86)\CamStudio 2.6b
2012-07-12 21:50:20 ----HD---- C:\ProgramData\UZC
2012-07-12 21:50:03 ----D---- C:\Program Files (x86)\Ultimate ZIP Cracker II Evaluation
2012-07-11 21:09:42 ----A---- C:\Windows\system32\win32k.sys
2012-07-11 21:06:59 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-07-11 21:06:59 ----A---- C:\Windows\system32\mshtmled.dll
2012-07-11 21:06:58 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-07-11 21:06:58 ----A---- C:\Windows\SYSWOW64\url.dll
2012-07-11 21:06:58 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-07-11 21:06:58 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-07-11 21:06:58 ----A---- C:\Windows\system32\urlmon.dll
2012-07-11 21:06:58 ----A---- C:\Windows\system32\url.dll
2012-07-11 21:06:58 ----A---- C:\Windows\system32\ieui.dll
2012-07-11 21:06:58 ----A---- C:\Windows\system32\iertutil.dll
2012-07-11 21:06:57 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-07-11 21:06:57 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-07-11 21:06:57 ----A---- C:\Windows\system32\wininet.dll
2012-07-11 21:06:57 ----A---- C:\Windows\system32\jsproxy.dll
2012-07-11 21:06:57 ----A---- C:\Windows\system32\ieUnatt.exe
2012-07-11 21:06:56 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-07-11 21:06:56 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-07-11 21:06:56 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-07-11 21:06:56 ----A---- C:\Windows\system32\jscript9.dll
2012-07-11 21:06:56 ----A---- C:\Windows\system32\jscript.dll
2012-07-11 21:06:55 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-07-11 21:06:54 ----A---- C:\Windows\system32\mshtml.dll
2012-07-11 21:06:54 ----A---- C:\Windows\system32\ieframe.dll
2012-07-11 21:06:53 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-07-11 19:17:02 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2012-07-11 19:17:02 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2012-07-11 19:17:02 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2012-07-11 19:17:02 ----A---- C:\Windows\system32\msxml6.dll
2012-07-11 19:17:02 ----A---- C:\Windows\system32\msxml3r.dll
2012-07-11 19:17:02 ----A---- C:\Windows\system32\msxml3.dll
2012-07-11 19:17:01 ----A---- C:\Windows\system32\shell32.dll
2012-07-11 19:16:59 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-07-11 19:16:57 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-07-11 19:16:57 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-07-11 19:16:57 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-07-11 19:16:57 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2012-07-11 19:16:57 ----A---- C:\Windows\system32\schannel.dll
2012-07-11 19:16:57 ----A---- C:\Windows\system32\ncrypt.dll
2012-07-11 19:16:57 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-07-11 19:16:57 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-07-11 19:16:57 ----A---- C:\Windows\system32\drivers\cng.sys
2012-07-11 19:16:55 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2012-07-11 19:16:54 ----A---- C:\Windows\system32\cdosys.dll
2012-07-10 22:15:46 ----HDC---- C:\ProgramData\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}
2012-07-08 12:32:27 ----D---- C:\Users\Mato\AppData\Roaming\Dropbox
2012-07-03 18:13:13 ----A---- C:\Windows\system32\browserchoice.exe

======List of files/folders modified in the last 1 month======

2012-07-31 19:37:07 ----D---- C:\Program Files\trend micro
2012-07-31 19:33:34 ----D---- C:\Windows\Prefetch
2012-07-31 19:33:09 ----D---- C:\Windows\temp
2012-07-31 19:11:32 ----D---- C:\Users\Mato\AppData\Roaming\FileZilla
2012-07-31 19:03:07 ----SHD---- C:\Windows\Installer
2012-07-31 19:03:07 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2012-07-31 19:03:07 ----D---- C:\Config.Msi
2012-07-31 19:03:03 ----D---- C:\Program Files (x86)\Common Files
2012-07-31 19:03:02 ----RD---- C:\Program Files (x86)
2012-07-31 09:34:29 ----D---- C:\Windows\system32\drivers
2012-07-31 00:53:25 ----D---- C:\Windows\system32\config
2012-07-30 23:02:39 ----D---- C:\Windows\system32\LogFiles
2012-07-30 22:39:41 ----SHD---- C:\System Volume Information
2012-07-30 22:39:35 ----D---- C:\ProgramData
2012-07-29 22:59:34 ----D---- C:\Program Files (x86)\SIGTrader 4
2012-07-29 14:49:45 ----D---- C:\Windows
2012-07-23 22:39:28 ----D---- C:\Windows\SysWOW64
2012-07-23 22:39:21 ----RSD---- C:\Windows\Fonts
2012-07-23 22:39:20 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-07-22 23:04:49 ----RSD---- C:\Windows\assembly
2012-07-22 23:04:44 ----D---- C:\Windows\inf
2012-07-22 23:04:08 ----D---- C:\Windows\Registration
2012-07-22 23:03:48 ----D---- C:\Windows\System32
2012-07-22 20:50:14 ----D---- C:\Program Files (x86)\yBook
2012-07-22 08:58:47 ----D---- C:\Windows\system32\catroot2
2012-07-21 19:32:47 ----D---- C:\Windows\winsxs
2012-07-21 19:32:38 ----D---- C:\Program Files (x86)\Microsoft.NET
2012-07-21 19:31:24 ----RD---- C:\Program Files
2012-07-21 19:05:04 ----D---- C:\Windows\system32\catroot
2012-07-21 19:05:03 ----D---- C:\Windows\system32\DriverStore
2012-07-20 15:14:44 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-19 19:35:41 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-07-14 17:51:51 ----D---- C:\Users\Mato\AppData\Roaming\PSpad
2012-07-14 13:54:22 ----D---- C:\Windows\Tasks
2012-07-14 13:54:22 ----D---- C:\Windows\system32\Tasks
2012-07-12 15:57:29 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-07-12 15:42:21 ----D---- C:\Windows\SYSWOW64\migration
2012-07-12 15:42:21 ----D---- C:\Program Files (x86)\Internet Explorer
2012-07-12 15:42:20 ----D---- C:\Windows\system32\migration
2012-07-12 15:42:20 ----D---- C:\Program Files\Internet Explorer
2012-07-11 21:09:13 ----D---- C:\ProgramData\Microsoft Help
2012-07-11 21:07:39 ----A---- C:\Windows\system32\MRT.exe
2012-07-11 20:17:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-07-10 22:15:48 ----D---- C:\Program Files (x86)\MusicJet
2012-07-02 22:42:39 ----D---- C:\Program Files (x86)\SpeedFan

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2010-01-11 115824]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2010-04-22 13440]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 48488]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-17 283200]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2010-03-02 1301504]
S3 AODDriver4.0;AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-13 5020672]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-21 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-12-10 33344]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-09 365568]
R2 AMD Reservation Manager;AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 DvmMDES;DeviceVM Meta Data Export Service; C:\ASUS.SYS\config\DVMExportService.exe [2009-10-16 319488]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
R2 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-08-03 980072]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-03-28 249648]
R2 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 153440]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 936848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 136176]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe [2011-09-26 21504]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe [2012-01-25 9690112]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-08-13 1255736]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Dakujem za odpoved

#6 Příspěvek od **vyosek** » 31 črc 2012 19:18

Nedavejte prosim logy do code - spatne se to lusti a boli z toho oci

Na ESET Smart Security mate zakoupenou licenci

Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/

C:\Windows\DAODx.exe
Kliknete na Choose file
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Scan It
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

matob · #7 Příspěvek od **matob** » 31 črc 2012 19:34

OK nabuduce teda bez code

ESET je plna licencia original (ziadny crack an inic podobne) to iste plati aj pre windows a aj vsetok soft. v PC mam original resp GPL

preposielam url po analyze: https://www.virustotal.com/file/f44d0a7 ... 343759435/

#8 Příspěvek od **vyosek** » 31 črc 2012 19:38

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

matob · #9 Příspěvek od **matob** » 31 črc 2012 20:22

pripajam log s Combofix. Nakolko sa sem subr nezmestil nakolko obsahuje cez 300 tisic znakov je ulozeny v dokumentoch google pripajam teda link: https://docs.google.com/document/d/1LuA ... MIduA/edit

V pripade, ze chcete nahrat na iny server dajte vediet.

Dakujem

#10 Příspěvek od **vyosek** » 31 črc 2012 20:25

Ja si sem log vlozim bez casti SnapShot

ComboFix 12-07-30.03 - Mato 31/07/2012 20:57:47.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4094.2701 [GMT 2:00]
Running from: c:\users\Mato\Downloads\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\Mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum Support Site.url
c:\users\Mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\users\Mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Uninstall.lnk
c:\users\Mato\Desktop\Setup.exe
c:\windows\iun6002.exe
c:\windows\msxml4-KB2721691-enu.LOG
c:\windows\SysWow64\ccrpTmr6.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-31 19:01 . 2012-07-31 19:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-31 19:01 . 2012-07-31 19:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-31 19:01 . 2012-07-31 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 17:03 . 2012-07-31 17:03 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-07-31 17:03 . 2012-07-31 17:03 -------- d-----w- c:\program files (x86)\DivX
2012-07-30 20:39 . 2012-07-30 20:39 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-30 19:19 . 2012-07-30 20:19 -------- d-----w- c:\programdata\7531E8D90008F2410000F319F875F002
2012-07-29 16:12 . 2012-07-29 16:12 -------- d-----w- c:\program files (x86)\AAALOGO
2012-07-29 12:48 . 2012-07-29 12:49 -------- d-----w- c:\program files (x86)\WYSIWYG Web Builder 8
2012-07-29 12:41 . 2012-07-29 12:41 -------- d-----w- c:\program files (x86)\Default Company Name
2012-07-27 12:16 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{694D3B85-D162-41ED-93F1-42ECD953025E}\mpengine.dll
2012-07-23 20:42 . 2012-07-23 20:42 -------- d-----w- c:\users\Mato\AppData\Roaming\Common
2012-07-23 20:42 . 2012-07-28 19:58 -------- d-----w- C:\Jazler Database Backups
2012-07-21 17:31 . 2012-07-21 17:32 -------- d-----w- c:\program files\Microsoft SQL Server
2012-07-21 17:31 . 2012-07-22 21:04 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-07-21 17:05 . 2012-07-21 17:05 -------- d-----w- C:\IExp1.tmp
2012-07-21 17:04 . 2012-07-21 17:05 -------- d-----w- C:\IExp0.tmp
2012-07-21 17:04 . 2012-07-21 17:05 -------- d--h--w- c:\windows\msdownld.tmp
2012-07-21 17:04 . 2012-07-21 17:04 -------- d-----w- c:\program files (x86)\Windows Media Components
2012-07-21 17:04 . 2012-07-22 18:48 -------- d-----w- C:\MEGAMIX
2012-07-21 17:04 . 2012-07-21 17:04 -------- d-----w- c:\users\Mato\AppData\Local\Seven Zip
2012-07-21 15:23 . 2012-07-21 15:23 -------- d-----w- c:\program files (x86)\VirtualDJ
2012-07-21 13:04 . 2012-07-21 13:04 -------- d-----w- c:\program files (x86)\Winamp Detect
2012-07-21 13:04 . 2012-07-21 13:04 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-07-21 13:04 . 2012-07-23 17:03 -------- d-----w- c:\program files (x86)\Winamp
2012-07-21 13:04 . 2012-07-21 14:01 -------- d-----w- c:\users\Mato\AppData\Roaming\Winamp
2012-07-20 19:05 . 2012-07-20 19:20 -------- d-----w- c:\program files (x86)\RadioDJ
2012-07-20 18:49 . 2012-07-20 18:49 -------- d-----w- c:\program files\SHOUTcast
2012-07-20 15:12 . 2012-07-20 19:20 -------- d-----w- c:\programdata\firebird
2012-07-15 11:49 . 2012-07-22 18:50 -------- d-----w- c:\program files (x86)\StationPlaylist
2012-07-14 19:11 . 2012-07-21 17:54 -------- d-----w- c:\users\Mato\AppData\Local\SpacialAudio
2012-07-14 19:11 . 2010-09-17 09:13 548864 ----a-w- c:\windows\SysWow64\GDS32.DLL
2012-07-14 19:10 . 2012-07-14 19:10 -------- d-----w- c:\program files (x86)\Firebird
2012-07-14 19:10 . 2012-07-20 15:11 -------- d-----w- c:\program files (x86)\SpacialAudio
2012-07-13 20:16 . 2012-07-13 20:16 -------- d-----w- c:\program files (x86)\CamStudio 2.6b
2012-07-12 19:50 . 2012-07-12 19:50 -------- d--h--w- c:\programdata\UZC
2012-07-12 19:50 . 2012-07-12 19:50 -------- d-----w- c:\program files (x86)\Ultimate ZIP Cracker II Evaluation
2012-07-11 19:09 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 17:17 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 17:17 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 17:17 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 17:17 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 17:17 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 17:17 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 17:17 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-10 20:15 . 2012-07-29 14:13 -------- d-----w- c:\users\Mato\AppData\Local\MusicJet
2012-07-10 20:15 . 2012-07-10 20:15 -------- dc-h--w- c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}
2012-07-08 10:35 . 2012-07-31 07:35 -------- d-----r- c:\users\Mato\Dropbox
2012-07-08 10:32 . 2012-07-31 07:35 -------- d-----w- c:\users\Mato\AppData\Roaming\Dropbox
2012-07-03 16:13 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 13:57 . 2012-05-27 14:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 13:57 . 2011-08-12 20:59 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 19:07 . 2011-12-11 11:44 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-17 08:53 . 2012-06-17 08:53 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-02 22:19 . 2012-06-23 10:58 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 10:59 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 10:59 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 10:59 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 10:58 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 10:59 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 10:58 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 10:58 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-23 10:58 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-11 17:16 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 17:16 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-13 15:13 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 15:13 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 15:13 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-01-24 17:33 . 2012-01-24 17:33 494739 ----a-w- c:\program files\Uninstall.exe
2012-01-24 17:33 . 2012-01-24 17:33 2815664 ----a-w- c:\program files\terminal.exe
2012-01-24 17:33 . 2012-01-24 17:33 218864 ----a-w- c:\program files\liveupdate.exe
2012-01-24 17:33 . 2012-01-24 17:33 1413264 ----a-w- c:\program files\metaeditor.exe
2012-01-24 17:33 . 2012-01-24 17:33 1131176 ----a-w- c:\program files\metalang.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"GoogleChromeAutoLaunch_354A05B57A4B504E6661C4A15ED5CBC2"="c:\users\Mato\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-07-10 1250328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-15 9936512]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-02 74752]
.
c:\users\Mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mato\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Slu�ba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 gupdatem;Slu�ba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Slu�ba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-08 365568]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-17 283200]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 13:57]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 16:39]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 16:39]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2946608544-2022577908-253706971-1000Core.job
- c:\users\Mato\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-14 12:09]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2946608544-2022577908-253706971-1000UA.job
- c:\users\Mato\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-14 12:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportova� do programu Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mato\AppData\Roaming\Mozilla\Firefox\Profiles\hp7w34yb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxps://www.google.sk/search?q=
.
.
------- File Associations -------
.
txtfile="c:\program files (x86)\PSPad editor\PSPad.exe" "%1"
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WYSIWYG_Web_Builder_8 - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2946608544-2022577908-253706971-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E687E8C4-ABEA-E053-55FF-215AB4022795}*]
"ianmiiieimmfmplnaj"=hex:6a,61,6b,67,70,6f,67,65,67,68,65,61,64,6b,61,69,65,68,
70,67,00,00
"hahnonmimnckfdmk"=hex:6a,61,6a,67,6d,6f,62,6d,66,64,6e,6d,70,6b,6a,70,69,6a,
6a,6f,00,00
"iajaiakmhgnicahkpd"=hex:63,61,6f,66,70,64,00,01
"dbofkimmnbjddejjokcdomialngajkkblgaokcio"=hex:68,61,63,61,6f,70,65,6d,69,69,
64,70,67,63,62,6a,00,00
"jbofkimmnbjddejjokcdnlgnpnkdjkkjmnbhmbpapokpnmpgdbhg"=hex:68,61,63,61,6f,70,
65,6d,69,69,64,70,67,63,62,6a,00,00
"dbofkimmnbjddejjokcdpkdcdkoaldbaloimicjf"=hex:62,61,68,64,00,fb
.
[HKEY_USERS\S-1-5-21-2946608544-2022577908-253706971-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EC93EA25-6C46-9811-5B57-C8F98A04D47F}*]
"iaaccmodhlihbjliao"=hex:6a,61,65,6c,67,65,61,70,6b,6a,62,67,64,70,6f,69,6b,6b,
6c,61,00,00
"hakcepcnbpekndnk"=hex:6a,61,65,6c,67,65,61,70,6b,6a,62,67,64,70,6f,69,6b,6b,
6c,61,00,00
"iaefcgdcnflcnmdgho"=hex:63,61,64,6c,61,70,00,00
"dbglhkkeijggmgmkkfbahnmonbkphimllonmimka"=hex:68,61,70,65,67,6a,6e,6a,6d,6e,
61,6d,63,65,6b,62,00,00
"jbglhkkeijggmgmkkfbaeogkpokbfojegkhgaodjbibgkoaognfi"=hex:68,61,70,65,67,6a,
6e,6a,6d,6e,61,6d,63,65,6b,62,00,00
"dbglhkkeijggmgmkkfbacpnpeiboppkmhnlohoke"=hex:62,61,6b,69,00,fb
.
[HKEY_USERS\S-1-5-21-2946608544-2022577908-253706971-1000\Software\SecuROM\License information*]
"datasecu"=hex:53,94,b4,20,f6,36,80,66,29,7b,b9,b2,7e,5f,5d,49,c9,2b,42,bb,8d,
f6,09,be,cd,2f,fc,18,28,33,ac,ee,e4,eb,39,26,8f,22,c4,89,78,ae,f6,e4,bf,9b,\
"rkeysecu"=hex:57,14,51,2f,01,bb,ad,63,cf,4c,42,0d,dc,4d,0e,80
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ASUS\TurboV EVO\TurboVHELP.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\DAODx.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-07-31 21:07:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-31 19:07
ComboFix2.txt 2011-12-11 18:56
.
Pre-Run: 342�434�594�816 bytes free
Post-Run: 348�655�919�104 bytes free
.
- - End Of File - - 2677FACAECB4C983809FC4D0A30D49F4

#11 Příspěvek od **vyosek** » 31 črc 2012 20:31

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

RegNull::
[HKEY_USERS\S-1-5-21-2946608544-2022577908-253706971-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EC93EA25-6C46-9811-5B57-C8F98A04D47F}*]
[HKEY_USERS\S-1-5-21-2946608544-2022577908-253706971-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E687E8C4-ABEA-E053-55FF-215AB4022795}*]
[HKEY_USERS\S-1-5-21-2946608544-2022577908-253706971-1000\Software\SecuROM\License information*]

Firefox::
FF - ProfilePath - c:\users\Mato\AppData\Roaming\Mozilla\Firefox\Profiles\hp7w34yb.default\
FF - prefs.js: keyword.URL - hxxps://www.google.sk/search?q=

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"GoogleChromeAutoLaunch_354A05B57A4B504E6661C4A15ED5CBC2"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=-
"BCU"=-
"Adobe ARM"=-
"HP Software Update"=-
"SunJavaUpdateSched"=-
"QuickTime Task"=-
"iTunesHelper"=-
"WinampAgent"=-

Driver::
gupdate
gupdatem

Folder::
c:\programdata\7531E8D90008F2410000F319F875F002
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}
C:\IExp1.tmp
C:\IExp0.tmp
c:\windows\msdownld.tmp

File::
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2946608544-2022577908-253706971-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2946608544-2022577908-253706971-1000UA.job

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

matob · #12 Příspěvek od **matob** » 31 črc 2012 20:55

ComboFix 12-07-30.03 - Mato 31/07/2012 21:45:29.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4094.2391 [GMT 2:00]
Running from: c:\users\Mato\Downloads\ComboFix.exe
Command switches used :: c:\users\Mato\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2946608544-2022577908-253706971-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2946608544-2022577908-253706971-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\IExp0.tmp
C:\IExp1.tmp
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\{683315B1-68E0-4A1B-9397-509C3EB911D2}
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\instance.dat
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\mia.lib
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\MusicJet-Setup.dat
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\MusicJet-Setup.exe
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\MusicJet-Setup.lan
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\MusicJet-Setup.lnk
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\MusicJet-Setup.msi
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\MusicJet-Setup.par
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\MusicJet-Setup.res
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\OFFLINE\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\OFFLINE\1B61B9AE\191E5E31\MusicJet.exe
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\OFFLINE\A1F8C643\191E5E31\TgPlayOgg_vorbisfile.dll
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\OFFLINE\ACE48E3F\2B05D000\Microsoft.DirectX.dll
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\OFFLINE\AFCF7434\2B05D000\Microsoft.DirectX.DirectSound.dll
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\OFFLINE\BDC82C3E\7196064E\channel.txt
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\OFFLINE\D2D1824C\191E5E31\MusicJet.exe.config
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\OFFLINE\D9F6048B\CAA6597\Icon.ico
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\OFFLINE\E8A3FCBE\7196064E\version.txt
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\OFFLINE\mMSI.dll\mMSIExec.dll
c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\OFFLINE\mWinRun.dll\mWinRunExec.dll
c:\programdata\7531E8D90008F2410000F319F875F002
c:\programdata\7531E8D90008F2410000F319F875F002\7531E8D90008F2410000F319F875F002
c:\programdata\7531E8D90008F2410000F319F875F002\7531E8D90008F2410000F319F875F002.ico
c:\windows\msdownld.tmp
c:\windows\tasks\Adobe Flash Player Updater.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2946608544-2022577908-253706971-1000Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2946608544-2022577908-253706971-1000UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-31 19:49 . 2012-07-31 19:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-31 19:49 . 2012-07-31 19:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-31 19:49 . 2012-07-31 19:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 17:03 . 2012-07-31 17:03 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-07-31 17:03 . 2012-07-31 17:03 -------- d-----w- c:\program files (x86)\DivX
2012-07-30 20:39 . 2012-07-30 20:39 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-29 16:12 . 2012-07-29 16:12 -------- d-----w- c:\program files (x86)\AAALOGO
2012-07-29 12:48 . 2012-07-29 12:49 -------- d-----w- c:\program files (x86)\WYSIWYG Web Builder 8
2012-07-29 12:41 . 2012-07-29 12:41 -------- d-----w- c:\program files (x86)\Default Company Name
2012-07-23 20:42 . 2012-07-23 20:42 -------- d-----w- c:\users\Mato\AppData\Roaming\Common
2012-07-23 20:42 . 2012-07-28 19:58 -------- d-----w- C:\Jazler Database Backups
2012-07-21 17:31 . 2012-07-21 17:32 -------- d-----w- c:\program files\Microsoft SQL Server
2012-07-21 17:31 . 2012-07-22 21:04 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-07-21 17:04 . 2012-07-21 17:04 -------- d-----w- c:\program files (x86)\Windows Media Components
2012-07-21 17:04 . 2012-07-22 18:48 -------- d-----w- C:\MEGAMIX
2012-07-21 17:04 . 2012-07-21 17:04 -------- d-----w- c:\users\Mato\AppData\Local\Seven Zip
2012-07-21 15:23 . 2012-07-21 15:23 -------- d-----w- c:\program files (x86)\VirtualDJ
2012-07-21 13:04 . 2012-07-21 13:04 -------- d-----w- c:\program files (x86)\Winamp Detect
2012-07-21 13:04 . 2012-07-21 13:04 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-07-21 13:04 . 2012-07-23 17:03 -------- d-----w- c:\program files (x86)\Winamp
2012-07-21 13:04 . 2012-07-21 14:01 -------- d-----w- c:\users\Mato\AppData\Roaming\Winamp
2012-07-20 19:05 . 2012-07-20 19:20 -------- d-----w- c:\program files (x86)\RadioDJ
2012-07-20 18:49 . 2012-07-20 18:49 -------- d-----w- c:\program files\SHOUTcast
2012-07-20 15:12 . 2012-07-20 19:20 -------- d-----w- c:\programdata\firebird
2012-07-15 11:49 . 2012-07-22 18:50 -------- d-----w- c:\program files (x86)\StationPlaylist
2012-07-14 19:11 . 2012-07-21 17:54 -------- d-----w- c:\users\Mato\AppData\Local\SpacialAudio
2012-07-14 19:11 . 2010-09-17 09:13 548864 ----a-w- c:\windows\SysWow64\GDS32.DLL
2012-07-14 19:10 . 2012-07-14 19:10 -------- d-----w- c:\program files (x86)\Firebird
2012-07-14 19:10 . 2012-07-20 15:11 -------- d-----w- c:\program files (x86)\SpacialAudio
2012-07-13 20:16 . 2012-07-13 20:16 -------- d-----w- c:\program files (x86)\CamStudio 2.6b
2012-07-12 19:50 . 2012-07-12 19:50 -------- d--h--w- c:\programdata\UZC
2012-07-12 19:50 . 2012-07-12 19:50 -------- d-----w- c:\program files (x86)\Ultimate ZIP Cracker II Evaluation
2012-07-11 19:09 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 17:17 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 17:17 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 17:17 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 17:17 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 17:17 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 17:17 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 17:17 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-10 20:15 . 2012-07-29 14:13 -------- d-----w- c:\users\Mato\AppData\Local\MusicJet
2012-07-08 10:35 . 2012-07-31 19:50 -------- d-----r- c:\users\Mato\Dropbox
2012-07-08 10:32 . 2012-07-31 19:50 -------- d-----w- c:\users\Mato\AppData\Roaming\Dropbox
2012-07-03 16:13 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 13:57 . 2012-05-27 14:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 13:57 . 2011-08-12 20:59 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 19:07 . 2011-12-11 11:44 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-29 10:04 . 2012-07-31 19:14 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8716755-E759-4153-ABA4-8A558FD78F86}\mpengine.dll
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-17 08:53 . 2012-06-17 08:53 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-02 22:19 . 2012-06-23 10:58 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 10:59 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 10:59 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 10:59 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 10:58 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 10:59 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 10:58 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 10:58 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-23 10:58 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-11 17:16 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 17:16 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-13 15:13 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 15:13 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 15:13 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-01-24 17:33 . 2012-01-24 17:33 494739 ----a-w- c:\program files\Uninstall.exe
2012-01-24 17:33 . 2012-01-24 17:33 2815664 ----a-w- c:\program files\terminal.exe
2012-01-24 17:33 . 2012-01-24 17:33 218864 ----a-w- c:\program files\liveupdate.exe
2012-01-24 17:33 . 2012-01-24 17:33 1413264 ----a-w- c:\program files\metaeditor.exe
2012-01-24 17:33 . 2012-01-24 17:33 1131176 ----a-w- c:\program files\metalang.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-31_19.02.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-31 19:06 54480 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-31 19:06 38328 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-12 19:08 . 2012-07-31 19:06 16328 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2946608544-2022577908-253706971-1000_UserData.bin
- 2012-07-31 19:02 . 2012-07-31 19:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-31 19:50 . 2012-07-31 19:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-17 17:19 . 2012-07-31 07:34 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-17 17:19 . 2012-07-31 19:03 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-07-31 19:02 281856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-31 19:49 281856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-12 20:03 . 2012-07-31 19:49 3108600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-12 20:03 . 2012-07-31 19:02 3108600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-25 20:58 . 2012-07-31 19:49 62391824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2946608544-2022577908-253706971-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-15 9936512]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
.
c:\users\Mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mato\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-08 365568]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-17 283200]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
"combofix"="c:\combofix\CF7824.3XE" [2010-11-21 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mato\AppData\Roaming\Mozilla\Firefox\Profiles\hp7w34yb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-MusicJet - c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\MusicJet-Setup.exe
AddRemove-{683315B1-68E0-4A1B-9397-509C3EB911D2} - c:\programdata\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}\MusicJet-Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\DAODx.exe
c:\program files\ASUS\TurboV EVO\TurboVHELP.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-07-31 21:53:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-31 19:53
ComboFix2.txt 2012-07-31 19:07
ComboFix3.txt 2011-12-11 18:56
.
Pre-Run: 348 626 247 680 bytes free
Post-Run: 347 991 224 320 bytes free
.
- - End Of File - - A65B93A5D62889A849AB214A46FCB9E0

#13 Příspěvek od **vyosek** » 31 črc 2012 20:57

Jak se chova nas pacient

matob · #14 Příspěvek od **matob** » 31 črc 2012 21:02

no uz nemam odkaz na ten "antivirus" na na ploche ani v starte ale dam este smart kontrolu cez ESET a dam vediet. Inak velka vdaka za pomoc, konecne sa nemusim trapit s virom

#15 Příspěvek od **vyosek** » 31 črc 2012 21:04

Jeste sken ESS nedelejte, najde jej v zalohach, vydrzte par chvil a dam vam navod na uklid

VIRY.CZ

Live security platinum

Live security platinum

Re: Live security platinum

Re: Live security platinum

Re: Live security platinum

Re: Live security platinum

Re: Live security platinum

Re: Live security platinum

Re: Live security platinum

Re: Live security platinum

Re: Live security platinum

Re: Live security platinum

Re: Live security platinum

Re: Live security platinum

Re: Live security platinum

Re: Live security platinum