VIR RECYCLER (PRO MOTJI)

[Maaca]

Log z USBfixu z notebooku:

############################## | UsbFix V 7.093 | [Deletion]

User: Monika (Administrator) # MONIKA-PC
Updated 08/07/2012 by El Desaparecido
Started at 21:54:58 | 29/07/2012

Website: http://eldesaparecido.com
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: Acer (AO722) (x64-based PC) # Notebook
CPU: AMD C-60 APU with Radeon(tm) HD Graphics (1000)
RAM -> [Total : 3819 | Free : 2321]
BIOS: InsydeH2O Version V1.04
BOOT: Normal boot

OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: ESET NOD32 Antivirus 4.2 [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 452 Gb (343 Mb free - 76%) [Acer] # NTFS
D:\ -> Removable drive # 2 Gb (4 Mb free - 0%) [SD 2GB] # FAT

################## | Active Processes |

C:\Windows\system32\csrss.exe (392)
C:\Windows\system32\wininit.exe (504)
C:\Windows\system32\csrss.exe (528)
C:\Windows\system32\services.exe (568)
C:\Windows\system32\lsass.exe (584)
C:\Windows\system32\lsm.exe (592)
C:\Windows\system32\winlogon.exe (652)
C:\Windows\system32\svchost.exe (748)
C:\Windows\system32\svchost.exe (824)
C:\Windows\system32\atiesrxx.exe (868)
C:\Windows\System32\svchost.exe (952)
C:\Windows\System32\svchost.exe (1004)
C:\Windows\system32\svchost.exe (248)
C:\Windows\system32\svchost.exe (840)
C:\Windows\system32\atieclxx.exe (1028)
C:\Windows\system32\svchost.exe (1152)
C:\Windows\system32\WLANExt.exe (1256)
C:\Windows\system32\conhost.exe (1264)
C:\Windows\System32\spoolsv.exe (1360)
C:\Windows\system32\svchost.exe (1428)
C:\Windows\system32\taskhost.exe (1484)
C:\Windows\system32\Dwm.exe (1560)
C:\Windows\Explorer.EXE (1604)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1832)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1896)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (1964)
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (1972)
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (1984)
C:\Windows\system32\CxAudMsg64.exe (2028)
C:\Program Files\Windows Sidebar\sidebar.exe (2036)
C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (1128)
C:\Program Files (x86)\Launch Manager\dsiwmis.exe (1424)
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (1568)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (1480)
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (1716)
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (1872)
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (1388)
C:\Program Files (x86)\Launch Manager\LMworker.exe (2088)
C:\Program Files (x86)\Launch Manager\LMutilps32.exe (2100)
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (2108)
C:\Program Files (x86)\Launch Manager\LManager.exe (2184)
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (2208)
C:\Windows\system32\svchost.exe (2232)
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (2272)
C:\Program Files\Acer\Acer Updater\UpdaterService.exe (2312)
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (2360)
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (2404)
C:\Windows\system32\svchost.exe (2480)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2520)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2692)
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (2768)
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (2836)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3020)
C:\Windows\system32\wbem\wmiprvse.exe (2336)
C:\Windows\system32\wbem\unsecapp.exe (2940)
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (3296)
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (3392)
C:\Windows\system32\SearchIndexer.exe (3576)
C:\Windows\system32\svchost.exe (3968)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (3492)
C:\Program Files\Windows Media Player\wmpnetwk.exe (3764)
C:\Windows\System32\svchost.exe (4332)
C:\Windows\system32\DllHost.exe (364)
C:\Windows\SysWOW64\RunDll32.exe (1700)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (3996)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (4208)
C:\Windows\System32\svchost.exe (1068)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (1228)
C:\Windows\system32\svchost.exe (4472)
C:\Windows\system32\svchost.exe (4176)
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (984)
C:\Windows\System32\mobsync.exe (1824)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (2864)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4596)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (2664)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (5924)
C:\Windows\system32\WUDFHost.exe (2356)
C:\Windows\system32\SearchProtocolHost.exe (1536)
C:\Windows\system32\SearchFilterHost.exe (7164)
C:\UsbFix\Go.exe (4928)
C:\Windows\system32\wbem\wmiprvse.exe (3504)

################## | Stopped processes |

Stopped! C:\Windows\system32\atiesrxx.exe (868)
Stopped! C:\Windows\system32\atieclxx.exe (1028)
Stopped! C:\Windows\system32\WLANExt.exe (1256)
Stopped! C:\Windows\System32\spoolsv.exe (1360)
Stopped! C:\Windows\system32\taskhost.exe (1484)
Stopped! C:\Windows\Explorer.EXE (1604)
Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1832)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1896)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (1964)
Stopped! C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (1972)
Stopped! C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (1984)
Stopped! C:\Windows\system32\CxAudMsg64.exe (2028)
Stopped! C:\Program Files\Windows Sidebar\sidebar.exe (2036)
Stopped! C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (1128)
Stopped! C:\Program Files (x86)\Launch Manager\dsiwmis.exe (1424)
Stopped! C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (1568)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (1480)
Stopped! C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (1716)
Stopped! C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (1872)
Stopped! C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (1388)
Stopped! C:\Program Files (x86)\Launch Manager\LMworker.exe (2088)
Stopped! C:\Program Files (x86)\Launch Manager\LMutilps32.exe (2100)
Stopped! C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (2108)
Stopped! C:\Program Files (x86)\Launch Manager\LManager.exe (2184)
Stopped! C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (2208)
Stopped! C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (2272)
Stopped! C:\Program Files\Acer\Acer Updater\UpdaterService.exe (2312)
Stopped! c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (2360)
Stopped! C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (2404)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2520)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2692)
Stopped! C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (2768)
Stopped! C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (2836)
Stopped! C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3020)
Stopped! C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (3296)
Stopped! C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (3392)
Stopped! C:\Windows\system32\SearchIndexer.exe (3576)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (3492)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (3764)
Stopped! C:\Windows\system32\DllHost.exe (364)
Stopped! C:\Windows\SysWOW64\RunDll32.exe (1700)
Stopped! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (3996)
Stopped! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (4208)
Stopped! C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (1228)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (984)
Stopped! C:\Windows\System32\mobsync.exe (1824)
Stopped! C:\Program Files (x86)\Mozilla Firefox\firefox.exe (2864)
Stopped! C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4596)
Stopped! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (2664)
Stopped! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (5924)
Stopped! C:\Windows\system32\WUDFHost.exe (2356)
Stopped! C:\Windows\system32\SearchProtocolHost.exe (1536)
Stopped! C:\Windows\system32\SearchFilterHost.exe (7164)

################## | Files # Infected Folders |

Deleted ! C:\$RECYCLE.BIN\S-1-5-20
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-164997144-3361878971-219360879-500
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-2361239559-3042083619-923908226-1001
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-2361239559-3042083619-923908226-500

(!) Temporary files deleted.

################## | Registry |


################## | Mountpoints2 |


################## | Listing |

[29/07/2012 - 21:58:06 | SHD ] C:\$Recycle.Bin
[07/09/2011 - 12:57:21 | D ] C:\book
[22/06/2011 - 15:54:23 | N | 8192] C:\BOOTSECT.BAK
[14/05/2012 - 14:54:28 | N | 4608] C:\DANES_MARTIN_certifikatKB.p12
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[04/12/2011 - 17:42:26 | D ] C:\Downloads
[29/07/2012 - 17:25:40 | ASH | 3003305984] C:\hiberfil.sys
[07/02/2012 - 13:58:41 | N | 132] C:\ICSYSINF.log
[18/06/2012 - 18:15:32 | N | 4635] C:\KOSTALOVA_MONIKA.p12
[09/01/2012 - 16:56:59 | RHD ] C:\MSOCache
[07/09/2011 - 12:57:25 | D ] C:\OEM
[29/07/2012 - 17:25:44 | ASH | 4004409344] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[22/07/2012 - 21:08:39 | D ] C:\Program Files
[24/07/2012 - 15:52:13 | D ] C:\Program Files (x86)
[29/05/2012 - 09:56:18 | HD ] C:\ProgramData
[07/09/2011 - 12:37:06 | SHD ] C:\Recovery
[29/07/2012 - 20:04:05 | SHD ] C:\System Volume Information
[26/07/2012 - 16:30:32 | N | 126128] C:\TDSSKiller.2.7.48.0_26.07.2012_16.29.41_log.txt
[26/07/2012 - 22:50:49 | N | 126128] C:\TDSSKiller.2.7.48.0_26.07.2012_22.49.55_log.txt
[29/07/2012 - 21:58:06 | D ] C:\UsbFix
[29/07/2012 - 21:55:17 | A | 10589] C:\UsbFix.txt
[12/07/2012 - 09:52:53 | N | 447] C:\user.js
[07/09/2011 - 12:39:06 | D ] C:\Users
[23/07/2012 - 18:40:51 | D ] C:\Windows
[29/07/2012 - 19:06:14 | D ] D:\MONIKA-PC
[29/07/2012 - 19:06:14 | N | 528] D:\MediaID.bin

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_MONIKA-PC.zip
http://eldesaparecido.com/upload.php
Thank you for your contribution.

################## | E.O.F |

[Maaca]

TDSS killer potom nenašel nic.

[motji]

A ještě combofix, ale budu tu zase až zítra večer

[Maaca]

ComboFix 12-07-29.02 - Monika 30.07.2012 17:42:42.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3819.2479 [GMT 2:00]
Spuštěný z: c:\users\Monika\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-28 do 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 15:52 . 2012-07-30 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 19:54 . 2012-07-29 20:00 -------- d-----w- C:\UsbFix
2012-07-29 15:49 . 2012-07-29 15:49 -------- d-----w- c:\users\Monika\AppData\Local\Broadcom
2012-07-27 10:42 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF9F7D41-4BFE-42F7-9953-441B125BB463}\mpengine.dll
2012-07-14 10:31 . 2012-07-14 10:31 -------- d-----w- c:\users\Monika\AppData\Roaming\LogoMaker
2012-07-12 07:53 . 2012-07-12 07:53 -------- d-----w- c:\program files (x86)\FilesFrog Update Checker
2012-07-12 07:52 . 2012-07-12 07:52 447 ------w- C:\user.js
2012-07-10 21:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 20:39 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 20:38 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 20:38 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-10 20:38 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-10 20:38 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-10 20:38 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-10 20:38 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-10 20:38 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-10 20:38 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-10 20:38 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-10 20:38 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-10 20:38 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-10 20:38 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-10 20:38 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-03 20:25 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-03 20:24 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-03 20:24 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-29 20:00 . 2012-07-29 20:00 2997168 ----a-w- C:\UsbFix_Upload_Me_MONIKA-PC.zip
2012-07-29 10:21 . 2012-03-29 13:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-29 10:21 . 2011-07-31 07:20 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-10 20:56 . 2011-09-13 13:20 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-22 13:53 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 14:48 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 14:48 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 14:48 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 13:53 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 14:48 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 13:53 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 13:52 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 13:52 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-10 20:39 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-10 20:39 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 17:29 . 2012-03-11 11:13 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 17:29 . 2011-09-08 15:10 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-14 05:49 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 05:49 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 05:49 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SDP"="c:\program files (x86)\FilesFrog Update Checker\update_checker.exe" [2012-05-31 200784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2011-6-22 704104]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-10 1137440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 250056]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-01-10 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-23 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-06-22 22912]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-06-22 20328]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-06-22 62584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 204288]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-01-28 868224]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-24 9359872]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-24 309760]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-28 44672]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-01-28 862088]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout odkaz s použitím BitCometu - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\btu4sk25.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb167/?loc=IB_DS&a=6PQDdI4fC2&&i=26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQDdI4fC2&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 88e96f6f0000000000003859f959bb3e
FF - user.js: extensions.incredibar_i.instlDay - 15533
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.149:52
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQDdI4fC2
FF - user.js: extensions.incredibar_i.upn2n - 92543216392020530
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10671
FF - user.js: extensions.incredibar_i.ppd -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-InterCasinoV9EnglishEUR - c:\windows\system32\UnCasino5.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-07-30 17:57:55
ComboFix-quarantined-files.txt 2012-07-30 15:57
.
Před spuštěním: Volných bajtů: 369 301 573 632
Po spuštění: Volných bajtů: 368 917 979 136
.
- - End Of File - - 5D147C5A003FAE42192F1DFC55CA8639

[motji]

Tento program znáte?
c:\program files (x86)\FilesFrog Update Checker

Jinak domažu jen nějaké zbytečnosti, viry nevidím.

[Maaca]

Ne, neznám ho. Smazat

[motji]

Já Vám ho večer smažu. Ted tu do pátku nebudu

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
c:\program files (x86)\FilesFrog Update Checker

Firefox::
FF - ProfilePath - c:\users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\btu4sk25.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_result ... r=1.3.3&q=
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb167/?lo ... 26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQDdI ... 26&search=
FF - user.js: extensions.incredibar_i.id - 88e96f6f0000000000003859f959bb3e
FF - user.js: extensions.incredibar_i.instlDay - 15533
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.149:52
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQDdI4fC2
FF - user.js: extensions.incredibar_i.upn2n - 92543216392020530
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10671
FF - user.js: extensions.incredibar_i.ppd -
.

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[Maaca]

ComboFix 12-07-29.02 - Monika 04.08.2012 12:43:59.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3819.2428 [GMT 2:00]
Spuštěný z: c:\users\Monika\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Monika\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FilesFrog Update Checker
c:\program files (x86)\FilesFrog Update Checker\uninstall.exe
c:\program files (x86)\FilesFrog Update Checker\update_checker.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-04 do 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 10:53 . 2012-08-04 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 14:51 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE02E72F-3F8F-4723-8253-45A94BCC9380}\mpengine.dll
2012-08-02 17:26 . 2012-08-02 17:26 -------- d-----w- c:\programdata\Ask
2012-07-29 19:54 . 2012-07-29 20:00 -------- d-----w- C:\UsbFix
2012-07-29 15:49 . 2012-07-29 15:49 -------- d-----w- c:\users\Monika\AppData\Local\Broadcom
2012-07-14 10:31 . 2012-07-14 10:31 -------- d-----w- c:\users\Monika\AppData\Roaming\LogoMaker
2012-07-12 07:52 . 2012-07-12 07:52 447 ------w- C:\user.js
2012-07-10 21:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 20:39 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 20:38 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 20:38 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-10 20:38 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-10 20:38 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-10 20:38 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-10 20:38 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-10 20:38 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-10 20:38 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-10 20:38 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-10 20:38 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-10 20:38 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-10 20:38 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-10 20:38 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 15:21 . 2012-03-29 13:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 15:21 . 2011-07-31 07:20 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-29 20:00 . 2012-07-29 20:00 2997168 ----a-w- C:\UsbFix_Upload_Me_MONIKA-PC.zip
2012-07-10 20:56 . 2011-09-13 13:20 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-22 13:53 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 14:48 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 14:48 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 14:48 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 13:53 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 14:48 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 13:53 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 13:52 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 13:52 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-10 20:39 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-10 20:39 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-30_15.53.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-08-03 15:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-29 10:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-29 10:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-03 15:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-29 10:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-03 15:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-08-02 18:27 60106 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-04 08:32 47644 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-09-07 10:40 . 2012-07-30 15:26 10322 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2361239559-3042083619-923908226-1001_UserData.bin
+ 2011-09-07 10:40 . 2012-08-04 08:32 10322 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2361239559-3042083619-923908226-1001_UserData.bin
+ 2011-07-31 07:45 . 2012-08-03 15:21 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-31 07:45 . 2012-07-30 06:35 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-31 07:45 . 2012-08-03 15:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-31 07:45 . 2012-07-30 06:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-03 15:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-30 06:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-30 15:24 . 2012-07-30 15:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-04 08:30 . 2012-08-04 08:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-30 15:24 . 2012-07-30 15:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-04 08:30 . 2012-08-04 08:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-03 15:21 . 2012-08-03 15:21 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe
+ 2012-08-02 19:21 . 2012-08-02 19:21 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
+ 2012-08-02 19:21 . 2012-08-02 19:21 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.dll
+ 2012-03-29 13:02 . 2012-08-03 15:21 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-03-29 13:02 . 2012-07-29 10:21 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-09-07 14:51 . 2012-08-04 10:38 255446 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-30 15:29 616242 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-04 08:35 616242 c:\windows\system32\perfh009.dat
- 2011-07-31 07:36 . 2012-07-30 15:29 631526 c:\windows\system32\perfh005.dat
+ 2011-07-31 07:36 . 2012-08-04 08:35 631526 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-08-04 08:35 106622 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-30 15:29 106622 c:\windows\system32\perfc009.dat
+ 2011-07-31 07:36 . 2012-08-04 08:35 122148 c:\windows\system32\perfc005.dat
- 2011-07-31 07:36 . 2012-07-30 15:29 122148 c:\windows\system32\perfc005.dat
+ 2012-08-03 15:21 . 2012-08-03 15:21 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_Plugin.exe
+ 2012-08-02 19:21 . 2012-08-02 19:21 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_ActiveX.exe
+ 2012-08-02 19:21 . 2012-08-02 19:21 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_ActiveX.dll
- 2009-07-14 05:01 . 2012-07-30 07:26 461948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-03 16:56 461948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-03 15:21 . 2012-08-03 15:21 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
+ 2012-08-03 15:21 . 2012-08-03 15:21 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
- 2011-09-08 11:33 . 2012-07-30 07:26 2298400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-09-08 11:33 . 2012-08-03 16:56 2298400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-08-03 15:21 . 2012-08-03 15:21 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll
+ 2011-09-07 11:19 . 2012-08-03 16:56 25174288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2361239559-3042083619-923908226-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2011-6-22 704104]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-10 1137440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-01-10 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-23 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-06-22 22912]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-06-22 20328]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-06-22 62584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 204288]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-01-28 868224]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-24 9359872]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-24 309760]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-28 44672]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-01-28 862088]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout odkaz s použitím BitCometu - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\btu4sk25.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-SDP - c:\program files (x86)\FilesFrog Update Checker\update_checker.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-FilesFrog Update Checker - c:\program files (x86)\FilesFrog Update Checker\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-08-04 12:58:38
ComboFix-quarantined-files.txt 2012-08-04 10:58
ComboFix2.txt 2012-07-30 15:57
.
Před spuštěním: Volných bajtů: 369 435 086 848
Po spuštění: Volných bajtů: 369 543 626 752
.
- - End Of File - - 68CFBDEC729151EF28A00E31ECED1CC0

[Maaca]

A mám tu ještě třetí počítat z domácnosti, netbook.I ten v sobě měl pametovku a v korenovem adresari je skryta slozka recycler, ktera nejde smazat. Pošlu log z combofixu...

[Maaca]

Tady je log z netbooku...

-ComboFix 12-08-04.02 - Administrator 04.08.2012 15:16:22.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2039.1463 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\system32\msconfig.exe
c:\windows\system32\SET8.tmp
.
c:\windows\system32\srsvc.dll . . . je infikován!!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-04 do 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 13:03 . 2012-08-04 13:03 -------- d-----w- c:\program files\Common Files\Skype
2012-08-04 12:36 . 2012-08-04 12:36 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 12:36 . 2011-05-21 11:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 18:41 . 2012-06-22 18:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-22 18:41 . 2012-06-22 18:42 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-22 18:41 . 2010-04-30 18:06 472840 -c--a-w- c:\windows\system32\deployJava1.dll
2012-08-04 12:38 . 2012-06-22 18:48 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-08-13 . 4092C56967175F009DC8458DC434358E . 359040 . . [5.1.2600.2505] . . c:\windows\system32\drivers\tcpip.sys
.
.
.
.
[-] 2008-03-02 . D1DAE5C69444532AF75839BDDB025E58 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
.
.
[-] 2001-09-20 10:00 . 15AFB5576C32CC292E5DD469D96B4909 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
.
c:\windows\System32\shsvcs.dll ... chybí !!
c:\windows\System32\srsvc.dll ... chybí !!
c:\windows\System32\wscntfy.exe ... chybí !!
c:\windows\System32\regsvc.dll ... chybí !!
c:\windows\System32\schedsvc.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2012-06-12 1368824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusTray"="c:\program files\Asus\EeePC ACPI\AsTray.exe" [2007-09-28 77824]
"AsusACPIServer"="c:\program files\Asus\EeePC ACPI\AsAcpiSvr.exe" [2007-10-02 450560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-22 104984]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-22 121368]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-22 100888]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-18 102400]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2005-11-30 450560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-11-22 2779824]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-11-22 3621040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2004-08-17 136704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 11:21 72624]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [1.12.2011 10:20 32768]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [12.6.2012 13:01 124856]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [1.12.2011 10:19 482992]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4.8.2012 14:36 250056]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [5.11.2011 17:02 100736]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [22.6.2012 20:48 113120]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - AMEISVC
*NewlyCreated* - SKYPEUPDATE
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS MUSÍ BÝT OPRAVENY - dosavadní položky jsou:
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Seclogon
SENS
Sharedaccess
Tapisrv
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
wuauserv
WmdmPmSN
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
ntmssvc
FastUserSwitchingCompatibility
Messenger
Schedule
SRService
Themes
ShellHWDetection
helpsvc
uploadmgr
TermService
wscsvc
napagent
hkmsvc
ip6fwhlp
mhn
sacsvr
trksvr
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\micros~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\u4drps01.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: network.proxy.ftp - proxy.vlp.cz
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - proxy.vlp.cz
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - proxy.vlp.cz
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - proxy.vlp.cz
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - proxy.vlp.cz
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellExecuteHooks-{32CD708B-60A7-4C00-9377-D73EAA495F0F} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Dostihy 3000 deluxe - e:\\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-04 15:30
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-507921405-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,15,8e,b5,0b,17,e3,25,42,bd,4c,58,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,15,8e,b5,0b,17,e3,25,42,bd,4c,58,\
.
Celkový čas: 2012-08-04 15:36:44
ComboFix-quarantined-files.txt 2012-08-04 13:36
.
Před spuštěním: 1 111 527 424
Po spuštění: 1 156 739 072
.
- - End Of File - - AD037117BA5DC0A59F3D2D764C754369

[motji]

Na tom netbooku jsou xp? Tak je to celé nějaké divné

Na tom druhém pc vypadá vše ok, takže uklidíme, pak pořešíme netbook.

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://tharifas.sweb.cz/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

[Maaca]

Vše proběhlo podle instrukcí, C-Cleaner pravidelně používám. Snad už bude notebook vyčištěný.

Co se toho netbooku týče, je už dost starý (ASUS EEE 710) a jsou na něm schválně nějaké osekané XPčka, protože ten model má jen 2GB hardisk a pametovku k tomu.

[motji]

Aha, proto tam možná je tento bug u combofixu. projedte ho ještě mbamem.

[Maaca]

Byl tam jeden nález, dal jsem ho pomécí MBAMu odstranit. Tady je log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Verze databáze: v2012.08.05.03

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: ASUS [administrátor]

5.8.2012 12:26:28
mbam-log-2012-08-05 (12-26-28).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 173695
Uplynulý čas: 3 minut, 17 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Špatný: (1) Dobrý: (0) -> Umístnění do karantény a opravení se zdařilo.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)