Zdravim potřebuji pomoc. mám v pc vir který pokaždé když se připojim na facebook pošle online přátelům zprávu typu : hahahaahahaah a odkaz na mediafire na nějaký obrázek
zde je log :
ComboFix 13-02-03.02 - Uživatel 03.02.2013 18:03:38.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2014.852 [GMT 1:00]
Spuštěný z: c:\users\Uživatel\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-03 do 2013-02-03 )))))))))))))))))))))))))))))))
.
.
2013-02-03 17:11 . 2013-02-03 17:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-03 17:11 . 2013-02-03 17:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-03 17:09 . 2013-02-03 17:09 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC7F8125-3FE1-4D5F-8C73-FBEFBB7ABA83}\offreg.dll
2013-02-01 10:46 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC7F8125-3FE1-4D5F-8C73-FBEFBB7ABA83}\mpengine.dll
2013-02-01 10:13 . 2013-02-01 10:23 139424 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-02-01 10:13 . 2013-02-01 10:22 282104 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-02-01 10:13 . 2013-02-01 10:23 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-01-31 20:00 . 2013-01-31 20:00 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-01-31 18:37 . 2013-01-31 18:37 -------- d-----w- c:\program files\Lame For Audacity
2013-01-31 17:48 . 2013-01-31 18:42 -------- d-----w- c:\users\Uživatel\AppData\Roaming\Audacity
2013-01-31 17:48 . 2013-01-31 17:48 -------- d-----w- c:\program files\Audacity
2013-01-31 16:45 . 2010-07-10 23:28 416522 ----a-w- c:\windows\AutoKMS.exe
2013-01-31 16:30 . 2013-01-31 16:30 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-01-31 16:29 . 2013-01-31 16:29 -------- d-----w- c:\windows\PCHEALTH
2013-01-31 16:29 . 2013-01-31 16:29 -------- d-----w- c:\program files\Microsoft Sync Framework
2013-01-31 16:29 . 2013-01-31 16:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-01-31 16:28 . 2013-01-31 16:28 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2013-01-31 16:26 . 2013-01-31 16:26 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-01-31 16:26 . 2013-01-31 16:26 -------- d-----w- c:\users\Uživatel\AppData\Local\Microsoft Help
2013-01-31 16:25 . 2013-02-01 13:22 -------- d-----w- c:\programdata\Microsoft Help
2013-01-31 16:25 . 2013-01-31 16:25 -------- d-----r- C:\MSOCache
2013-01-30 15:59 . 2013-01-30 15:59 -------- d-----w- c:\users\Uživatel\AppData\Roaming\Publish Providers
2013-01-29 16:16 . 2013-01-29 16:16 -------- d-----w- c:\users\Uživatel\AppData\Local\Avg2013
2013-01-27 17:16 . 2013-01-30 15:59 -------- d-----w- c:\users\Uživatel\AppData\Roaming\Sony
2013-01-27 17:16 . 2013-01-27 17:17 -------- d-----w- c:\users\Uživatel\AppData\Local\Sony
2013-01-27 17:13 . 2013-01-27 17:13 -------- d-----w- c:\programdata\Sony
2013-01-27 17:12 . 2013-01-27 17:12 -------- d-----w- c:\program files\Sony
2013-01-27 16:29 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-27 16:29 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-27 16:29 . 2012-10-15 16:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-01-27 16:29 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-27 16:29 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-27 16:29 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-01-27 16:28 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-27 16:28 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-27 16:28 . 2013-01-27 16:28 -------- d-----w- c:\programdata\AVAST Software
2013-01-27 16:28 . 2013-01-27 16:28 -------- d-----w- c:\program files\AVAST Software
2013-01-26 21:38 . 2013-01-27 10:50 -------- d-sh--r- c:\users\Uživatel\46357865364647353
2013-01-26 09:36 . 2013-01-26 09:36 -------- d-----w- c:\program files\MSI Kombustor 2.5
2013-01-26 09:36 . 2013-01-26 09:36 -------- d-----w- c:\users\Uživatel\AppData\Local\Programs
2013-01-26 09:27 . 2013-01-26 09:28 -------- d-----w- c:\program files\MSI Afterburner
2013-01-25 10:02 . 2013-01-25 10:02 -------- d-----w- c:\program files\Common Files\Skype
2013-01-25 10:02 . 2013-01-25 10:02 -------- d-----r- c:\program files\Skype
2013-01-24 10:32 . 2013-01-24 10:32 -------- d-----w- c:\program files\VirtualDJ
2013-01-23 20:55 . 2013-01-23 20:56 -------- d-----w- c:\users\Uživatel\AppData\Local\Anvil Studio
2013-01-23 15:22 . 2013-01-23 15:22 -------- d-----w- c:\program files\BitTorrent
2013-01-23 15:22 . 2013-01-31 19:56 -------- d-----w- c:\users\Uživatel\AppData\Roaming\BitTorrent
2013-01-21 16:13 . 2013-01-21 16:13 -------- d-----w- c:\programdata\Electronic Arts
2013-01-21 15:39 . 2013-01-21 15:39 -------- d-----w- c:\program files\Microsoft WSE
2013-01-21 15:25 . 2013-01-21 15:25 -------- d-----w- c:\program files\Electronic Arts
2013-01-20 16:53 . 2013-01-20 16:53 -------- d-----w- c:\users\Uživatel\AppData\Local\AVG Secure Search
2013-01-20 16:53 . 2013-01-20 16:53 -------- d-----w- c:\programdata\AVG Security Toolbar
2013-01-20 16:53 . 2013-01-20 16:53 -------- d-----w- c:\programdata\AVG Secure Search
2013-01-20 16:52 . 2013-01-20 16:52 31576 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-01-20 16:52 . 2013-01-20 16:52 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-01-20 16:52 . 2013-01-20 16:52 -------- d-----w- c:\program files\AVG Secure Search
2013-01-20 16:45 . 2013-01-20 16:47 -------- d-----w- c:\programdata\AVG January 2013 Campaign
2013-01-20 12:10 . 2013-01-20 12:10 -------- d-----w- c:\programdata\Orbit
2013-01-20 10:25 . 2009-03-11 20:57 6257467 ----a-w- c:\program files\Microsoft Games\Age of Empires III\aoe3cz1.01a.exe
2013-01-19 20:00 . 2013-01-19 20:02 -------- d-----w- c:\program files\Counter-Strike 1.6
2013-01-19 19:52 . 2013-01-19 19:53 -------- d-----w- c:\program files\TeamSpeak 3 Client
2013-01-19 15:35 . 2013-01-19 15:35 -------- d-----w- c:\users\Uživatel\AppData\Local\Application Data
2013-01-19 15:34 . 2013-01-24 10:29 -------- d-----w- c:\program files\Mixxx
2013-01-19 15:24 . 2013-01-12 02:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-18 15:23 . 2013-01-18 15:23 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-01-18 15:23 . 2013-01-18 15:23 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-01-17 16:03 . 2013-01-17 16:03 -------- d-----w- c:\users\Uživatel\AppData\Roaming\Leadertech
2013-01-17 15:09 . 2012-12-29 10:26 8904632 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-01-17 15:09 . 2012-12-29 10:26 889784 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-01-17 15:09 . 2012-12-29 10:26 7931896 ----a-w- c:\windows\system32\nvcuda.dll
2013-01-17 15:09 . 2012-12-29 10:26 6263784 ----a-w- c:\windows\system32\nvopencl.dll
2013-01-17 15:09 . 2012-12-29 10:26 2720696 ----a-w- c:\windows\system32\nvcuvid.dll
2013-01-17 15:09 . 2012-12-29 10:26 20450232 ----a-w- c:\windows\system32\nvoglv32.dll
2013-01-17 15:09 . 2012-12-29 10:26 1985976 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-01-17 15:09 . 2012-12-29 10:26 17560504 ----a-w- c:\windows\system32\nvcompiler.dll
2013-01-17 15:09 . 2012-12-29 10:26 15129064 ----a-w- c:\windows\system32\nvd3dum.dll
2013-01-17 15:09 . 2012-12-29 10:26 12641120 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-01-17 15:09 . 2012-12-29 10:26 1017272 ----a-w- c:\windows\system32\nvdispco32.dll
2013-01-17 14:35 . 2013-01-17 14:35 -------- d-----w- c:\program files\EA Sports
2013-01-11 15:42 . 2013-01-11 16:02 -------- d-----w- c:\users\Uživatel\AppData\Roaming\Notepad++
2013-01-11 15:42 . 2013-01-11 15:42 -------- d-----w- c:\program files\Notepad++
2013-01-11 13:52 . 2013-01-11 13:52 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-01-10 19:02 . 2013-01-10 19:02 -------- d-----w- c:\program files\MSXML 4.0
2013-01-09 12:51 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-07 15:43 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2013-01-07 15:43 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2013-01-07 15:21 . 2013-01-07 15:21 -------- d-----w- c:\users\Uživatel\AppData\Roaming\Ubisoft
2013-01-07 15:09 . 2013-01-07 15:09 -------- d-----w- c:\programdata\Ubisoft
2013-01-07 14:58 . 2013-01-20 12:08 -------- d-----w- c:\program files\Ubisoft
2013-01-07 14:57 . 2013-01-07 14:57 -------- d-----w- c:\users\Uživatel\AppData\Roaming\InstallShield
2013-01-06 11:14 . 2013-01-06 11:14 -------- d--h--w- c:\program files\Common Files\EAInstaller
2013-01-06 11:14 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2013-01-06 11:14 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2013-01-06 11:14 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2013-01-04 19:08 . 2013-01-04 19:09 -------- d-----w- c:\program files\Clownfish
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-01 10:22 . 2012-12-27 11:56 282104 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-02-01 10:13 . 2012-12-27 11:42 138056 ----a-w- c:\users\Uživatel\AppData\Roaming\PnkBstrK.sys
2013-02-01 10:13 . 2012-12-27 11:42 138056 ----a-w- c:\users\Uživatel\AppData\Roaming\PnkBstrK.sys
2013-01-29 20:49 . 2012-12-27 11:42 281688 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-01-17 00:28 . 2012-10-18 15:01 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-29 10:26 . 2012-12-22 13:43 2504248 ----a-w- c:\windows\system32\nvapi.dll
2012-12-29 08:26 . 2012-12-22 13:44 4129720 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:26 . 2012-12-22 13:44 3001272 ----a-w- c:\windows\system32\nvsvc.dll
2012-12-29 08:25 . 2012-12-22 13:44 639928 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:25 . 2012-12-22 13:44 62904 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:25 . 2012-12-22 13:44 108984 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-29 01:54 . 2012-12-29 01:54 550328 ----a-w- c:\windows\system32\nvStreaming.exe
2012-12-25 16:44 . 2012-12-25 16:44 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-12-22 21:09 . 2012-12-22 21:09 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-12-22 13:32 . 2012-12-22 13:32 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-22 13:32 . 2012-12-22 13:32 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-22 12:46 . 2012-12-22 12:46 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-12-22 12:46 . 2012-12-22 12:46 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-12-22 12:46 . 2012-12-22 12:46 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-12-22 12:46 . 2012-12-22 12:46 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-12-22 12:46 . 2012-12-22 12:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-12-22 12:46 . 2012-12-22 12:46 367104 ----a-w- c:\windows\system32\html.iec
2012-12-22 12:46 . 2012-12-22 12:46 161792 ----a-w- c:\windows\system32\msls31.dll
2012-12-22 12:46 . 2012-12-22 12:46 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-12-22 12:46 . 2012-12-22 12:46 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-12-22 12:46 . 2012-12-22 12:46 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-12-22 12:46 . 2012-12-22 12:46 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-12-22 12:46 . 2012-12-22 12:46 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-12-22 12:46 . 2012-12-22 12:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-22 12:46 . 2012-12-22 12:46 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-22 12:46 . 2012-12-22 12:46 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-12-22 12:46 . 2012-12-22 12:46 152064 ----a-w- c:\windows\system32\wextract.exe
2012-12-22 12:46 . 2012-12-22 12:46 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-12-22 12:46 . 2012-12-22 12:46 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-12-22 12:46 . 2012-12-22 12:46 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-22 12:46 . 2012-12-22 12:46 11776 ----a-w- c:\windows\system32\mshta.exe
2012-12-22 12:46 . 2012-12-22 12:46 101888 ----a-w- c:\windows\system32\admparse.dll
2012-12-16 14:13 . 2012-12-22 23:10 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 23:10 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-03 15:39 . 2012-12-22 13:44 52584 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-01 04:37 . 2012-12-22 13:44 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-09 04:42 . 2012-12-22 13:10 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-01-20 16:52 1883824 ----a-w- c:\program files\AVG Secure Search\14.0.0.14\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.0.0.14\AVG Secure Search_toolbar.dll" [2013-01-20 1883824]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Clownfish"="c:\program files\Clownfish\Clownfish.exe" [2012-09-27 1122040]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-14 2255360]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-01-20 1101488]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 08:06 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-22 12:59]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-22 12:59]
.
2013-01-21 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-20 16:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-RGSC - c:\program files\Rockstar Games(GTA)\Rockstar Games Social Club\RGSCLauncher.exe
HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1960281371-784375549-2458736988-1000\Software\SecuROM\License information*]
"datasecu"=hex:52,3d,71,21,f8,7a,ae,b3,34,4f,9b,3d,9f,dc,c0,f4,14,12,54,b8,fc,
b7,d2,e8,ef,86,1d,98,57,1a,06,2f,11,7e,b7,b7,85,fc,99,3a,8c,94,15,06,20,78,\
"rkeysecu"=hex:26,f7,83,91,40,da,8a,b4,79,8c,9a,4c,92,dd,17,c3
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-02-03 18:12:46
ComboFix-quarantined-files.txt 2013-02-03 17:12
.
Před spuštěním: Volných bajtů: 80 924 196 864
Po spuštění: Volných bajtů: 82 663 886 848
.
- - End Of File - - 91DC24D3BC5924DD66E56C4287896C8E
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Facebook virus
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119524
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Facebook virus
Zdravím!
Proč spouštíte ComboFix, utilitu určenou pouze odborníkům bez předchozí konzultace s rádcem? Hodláte si zbořit systém?
Další věc. Nejprve odinstalujte cracklé Office. Toto fórum nepodporuje pirátský software. Pak dejte log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=105895 .
Proč spouštíte ComboFix, utilitu určenou pouze odborníkům bez předchozí konzultace s rádcem? Hodláte si zbořit systém?
Další věc. Nejprve odinstalujte cracklé Office. Toto fórum nepodporuje pirátský software. Pak dejte log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=105895 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Facebook virus
Logfile of random's system information tool 1.09 (written by random/random)
Run by Uživatel at 2013-02-03 19:06:17
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 79 GB (52%) free of 153 GB
Total RAM: 2014 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:06:24, on 3.2.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Clownfish\Clownfish.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Uživatel\Downloads\RSIT.exe
C:\Program Files\trend micro\Uživatel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.0.14\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.0.14\AVG Secure Search_toolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Clownfish] "C:\Program Files\Clownfish\Clownfish.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-21-1960281371-784375549-2458736988-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1960281371-784375549-2458736988-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: vToolbarUpdater14.0.1 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
--
End of file - 7454 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\ROC_REG_JAN_DELETE.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-12 461216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\14.0.0.14\AVG Secure Search_toolbar.dll [2013-01-20 1883824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-12 170912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\14.0.0.14\AVG Secure Search_toolbar.dll [2013-01-20 1883824]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-12-14 2255360]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2013-01-20 1101488]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-11-06 3673728]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"Clownfish"=C:\Program Files\Clownfish\Clownfish.exe [2012-09-27 1122040]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-01-08 18705664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"VIDC.RTV1"=rtvcvfw32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2013-02-03 19:06:17 ----D---- C:\rsit
2013-02-03 19:06:17 ----D---- C:\Program Files\trend micro
2013-02-03 18:12:50 ----SHD---- C:\$RECYCLE.BIN
2013-02-03 18:12:48 ----D---- C:\Windows\temp
2013-02-03 18:12:46 ----A---- C:\ComboFix.txt
2013-02-03 17:59:59 ----A---- C:\Windows\zip.exe
2013-02-03 17:59:59 ----A---- C:\Windows\SWSC.exe
2013-02-03 17:59:59 ----A---- C:\Windows\SWREG.exe
2013-02-03 17:59:59 ----A---- C:\Windows\sed.exe
2013-02-03 17:59:59 ----A---- C:\Windows\PEV.exe
2013-02-03 17:59:59 ----A---- C:\Windows\NIRCMD.exe
2013-02-03 17:59:59 ----A---- C:\Windows\MBR.exe
2013-02-03 17:59:59 ----A---- C:\Windows\grep.exe
2013-02-03 17:59:14 ----D---- C:\Qoobox
2013-02-03 17:58:52 ----D---- C:\Windows\erdnt
2013-02-01 11:13:59 ----A---- C:\Windows\system32\drivers\PnkBstrK.sys
2013-02-01 11:13:43 ----A---- C:\Windows\system32\PnkBstrB.exe
2013-02-01 11:13:37 ----A---- C:\Windows\system32\PnkBstrA.exe
2013-01-31 19:37:28 ----D---- C:\Program Files\Lame For Audacity
2013-01-31 18:48:42 ----D---- C:\Users\Uživatel\AppData\Roaming\Audacity
2013-01-31 18:48:23 ----D---- C:\Program Files\Audacity
2013-01-31 17:45:04 ----A---- C:\Windows\AutoKMS.exe
2013-01-31 17:30:30 ----D---- C:\Program Files\Microsoft Synchronization Services
2013-01-31 17:30:28 ----D---- C:\Program Files\Common Files\DESIGNER
2013-01-31 17:29:51 ----D---- C:\Windows\PCHEALTH
2013-01-31 17:29:50 ----D---- C:\Program Files\Microsoft Sync Framework
2013-01-31 17:29:50 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2013-01-31 17:28:24 ----D---- C:\Program Files\Microsoft Visual Studio 8
2013-01-31 17:26:45 ----D---- C:\Program Files\Microsoft Analysis Services
2013-01-31 17:25:45 ----D---- C:\ProgramData\Microsoft Help
2013-01-31 17:25:01 ----RD---- C:\MSOCache
2013-01-30 16:59:19 ----D---- C:\Users\Uživatel\AppData\Roaming\Publish Providers
2013-01-27 18:16:58 ----D---- C:\Users\Uživatel\AppData\Roaming\Sony
2013-01-27 18:13:10 ----D---- C:\ProgramData\Sony
2013-01-27 18:12:48 ----D---- C:\Program Files\Sony
2013-01-27 17:29:49 ----A---- C:\Windows\system32\drivers\aswSP.sys
2013-01-27 17:29:49 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2013-01-27 17:29:43 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2013-01-27 17:29:42 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2013-01-27 17:29:40 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2013-01-27 17:29:37 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2013-01-27 17:28:57 ----A---- C:\Windows\avastSS.scr
2013-01-27 17:28:54 ----A---- C:\Windows\system32\aswBoot.exe
2013-01-27 17:28:26 ----D---- C:\ProgramData\AVAST Software
2013-01-27 17:28:26 ----D---- C:\Program Files\AVAST Software
2013-01-26 10:36:34 ----D---- C:\Program Files\MSI Kombustor 2.5
2013-01-26 10:27:17 ----D---- C:\Program Files\MSI Afterburner
2013-01-25 11:02:47 ----RD---- C:\Program Files\Skype
2013-01-25 11:02:47 ----D---- C:\Program Files\Common Files\Skype
2013-01-24 12:17:19 ----RASH---- C:\MSDOS.SYS
2013-01-24 12:17:19 ----RASH---- C:\IO.SYS
2013-01-24 11:32:26 ----D---- C:\Program Files\VirtualDJ
2013-01-23 16:22:47 ----D---- C:\Program Files\BitTorrent
2013-01-23 16:22:05 ----D---- C:\Users\Uživatel\AppData\Roaming\BitTorrent
2013-01-21 17:13:54 ----D---- C:\ProgramData\Electronic Arts
2013-01-21 16:39:54 ----D---- C:\Program Files\Microsoft WSE
2013-01-21 16:25:53 ----D---- C:\Program Files\Electronic Arts
2013-01-20 17:53:05 ----D---- C:\ProgramData\AVG Security Toolbar
2013-01-20 17:53:02 ----D---- C:\ProgramData\AVG Secure Search
2013-01-20 17:52:50 ----A---- C:\Windows\system32\drivers\avgtpx86.sys
2013-01-20 17:52:46 ----D---- C:\Program Files\Common Files\AVG Secure Search
2013-01-20 17:52:44 ----D---- C:\Program Files\AVG Secure Search
2013-01-20 17:45:04 ----D---- C:\ProgramData\AVG January 2013 Campaign
2013-01-20 13:10:03 ----D---- C:\ProgramData\Orbit
2013-01-19 21:00:20 ----D---- C:\Program Files\Counter-Strike 1.6
2013-01-19 20:52:52 ----D---- C:\Program Files\TeamSpeak 3 Client
2013-01-19 16:34:00 ----D---- C:\Program Files\Mixxx
2013-01-19 16:24:48 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-01-19 16:24:48 ----A---- C:\Windows\system32\javaw.exe
2013-01-19 16:24:48 ----A---- C:\Windows\system32\java.exe
2013-01-18 16:23:50 ----A---- C:\Windows\system32\msvcr100.dll
2013-01-18 16:23:50 ----A---- C:\Windows\system32\msvcp100.dll
2013-01-17 17:03:27 ----D---- C:\Users\Uživatel\AppData\Roaming\Leadertech
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvwgf2um.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvopencl.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvoglv32.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvdispgenco32.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvdispco32.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvd3dum.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvcuvid.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvcuvenc.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvcuda.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvcompiler.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2013-01-17 15:35:39 ----D---- C:\Program Files\EA Sports
2013-01-11 16:42:16 ----D---- C:\Users\Uživatel\AppData\Roaming\Notepad++
2013-01-11 16:42:16 ----D---- C:\Program Files\Notepad++
2013-01-10 20:02:42 ----D---- C:\Program Files\MSXML 4.0
2013-01-09 13:51:54 ----A---- C:\Windows\system32\usp10.dll
2013-01-09 13:51:53 ----A---- C:\Windows\system32\win32k.sys
2013-01-09 13:51:50 ----A---- C:\Windows\system32\win32spl.dll
2013-01-09 13:51:39 ----A---- C:\Windows\system32\msxml6.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 13:51:35 ----A---- C:\Windows\system32\winsrv.dll
2013-01-09 13:51:35 ----A---- C:\Windows\system32\KernelBase.dll
2013-01-09 13:51:35 ----A---- C:\Windows\system32\kernel32.dll
2013-01-09 13:51:35 ----A---- C:\Windows\system32\conhost.exe
2013-01-09 13:51:17 ----A---- C:\Windows\system32\gameux.dll
2013-01-09 13:51:16 ----A---- C:\Windows\system32\Wpc.dll
2013-01-09 13:51:08 ----A---- C:\Windows\system32\ncrypt.dll
2013-01-09 13:51:07 ----A---- C:\Windows\system32\taskhost.exe
2013-01-07 16:43:55 ----A---- C:\Windows\system32\FntCache.dll
2013-01-07 16:43:54 ----A---- C:\Windows\system32\d2d1.dll
2013-01-07 16:21:40 ----D---- C:\Users\Uživatel\AppData\Roaming\Ubisoft
2013-01-07 16:09:36 ----D---- C:\ProgramData\Ubisoft
2013-01-07 15:58:03 ----D---- C:\Program Files\Ubisoft
2013-01-07 15:57:38 ----D---- C:\Users\Uživatel\AppData\Roaming\InstallShield
2013-01-06 12:14:17 ----HD---- C:\Program Files\Common Files\EAInstaller
2013-01-06 12:14:06 ----A---- C:\Windows\system32\d3dx10_40.dll
2013-01-06 12:14:06 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2013-01-06 12:14:05 ----A---- C:\Windows\system32\D3DX9_40.dll
2013-01-04 20:08:59 ----D---- C:\Program Files\Clownfish
======List of files/folders modified in the last 1 month======
2013-02-03 19:06:17 ----RD---- C:\Program Files
2013-02-03 18:12:48 ----D---- C:\Windows
2013-02-03 18:11:23 ----A---- C:\Windows\system.ini
2013-02-03 18:11:17 ----D---- C:\Windows\system32\drivers\etc
2013-02-03 18:07:56 ----D---- C:\Windows\system32\drivers
2013-02-03 18:07:56 ----D---- C:\Windows\System32
2013-02-03 18:07:56 ----D---- C:\Windows\AppPatch
2013-02-03 18:07:54 ----D---- C:\Program Files\Common Files
2013-02-03 18:01:15 ----D---- C:\Windows\Prefetch
2013-02-03 18:00:20 ----SHD---- C:\System Volume Information
2013-02-03 17:59:04 ----D---- C:\ProgramData
2013-02-03 17:46:09 ----D---- C:\Users\Uživatel\AppData\Roaming\Skype
2013-02-03 17:36:43 ----D---- C:\ProgramData\NVIDIA
2013-02-01 20:32:48 ----D---- C:\Windows\system32\config
2013-02-01 20:17:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-02-01 20:17:31 ----D---- C:\Windows\inf
2013-02-01 14:22:11 ----SHD---- C:\Windows\Installer
2013-02-01 14:19:01 ----D---- C:\Program Files\Common Files\System
2013-02-01 14:19:01 ----A---- C:\Windows\win.ini
2013-02-01 14:05:06 ----D---- C:\Users\Uživatel\AppData\Roaming\.minecraft
2013-02-01 12:23:13 ----D---- C:\Windows\Microsoft.NET
2013-02-01 12:22:53 ----RSD---- C:\Windows\assembly
2013-01-31 21:10:33 ----D---- C:\Windows\winsxs
2013-01-31 17:45:04 ----D---- C:\Windows\system32\Tasks
2013-01-31 17:44:06 ----SD---- C:\Users\Uživatel\AppData\Roaming\Microsoft
2013-01-31 17:32:07 ----RSD---- C:\Windows\Fonts
2013-01-31 17:31:44 ----D---- C:\Windows\ShellNew
2013-01-31 17:31:38 ----D---- C:\Program Files\Common Files\microsoft shared
2013-01-31 17:31:25 ----D---- C:\Program Files\MSBuild
2013-01-31 17:29:51 ----SD---- C:\ProgramData\Microsoft
2013-01-31 17:29:50 ----D---- C:\Program Files\Microsoft.NET
2013-01-30 16:24:48 ----HD---- C:\Program Files\InstallShield Installation Information
2013-01-29 17:43:35 ----D---- C:\ProgramData\MFAData
2013-01-27 17:48:35 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2013-01-27 17:47:30 ----D---- C:\Program Files\Common Files\Adobe
2013-01-26 10:27:52 ----D---- C:\Windows\system32\directx
2013-01-26 10:27:43 ----HD---- C:\Windows\msdownld.tmp
2013-01-26 10:16:13 ----D---- C:\Program Files\EA Games
2013-01-25 11:02:55 ----D---- C:\ProgramData\Skype
2013-01-24 20:26:56 ----D---- C:\Program Files\2K Games
2013-01-23 16:24:01 ----D---- C:\Users\Uživatel\AppData\Roaming\uTorrent
2013-01-23 16:12:31 ----D---- C:\Windows\system32\wdi
2013-01-20 17:47:00 ----D---- C:\Windows\Tasks
2013-01-20 12:50:14 ----D---- C:\Windows\system32\catroot2
2013-01-19 16:33:27 ----D---- C:\Windows\system32\en-US
2013-01-19 16:33:26 ----D---- C:\Windows\system32\pt-PT
2013-01-19 16:33:26 ----D---- C:\Windows\system32\pt-BR
2013-01-19 16:33:26 ----D---- C:\Windows\system32\nl-NL
2013-01-19 16:33:26 ----D---- C:\Windows\system32\it-IT
2013-01-19 16:33:26 ----D---- C:\Windows\system32\fr-FR
2013-01-19 16:33:26 ----D---- C:\Windows\system32\es-ES
2013-01-19 16:33:26 ----D---- C:\Windows\system32\drivers\UMDF
2013-01-19 16:33:26 ----D---- C:\Windows\system32\de-DE
2013-01-19 16:33:19 ----D---- C:\Windows\system32\catroot
2013-01-19 16:33:18 ----D---- C:\Windows\system32\DriverStore
2013-01-19 16:24:48 ----D---- C:\Program Files\Java
2013-01-17 16:12:30 ----D---- C:\Program Files\NVIDIA Corporation
2013-01-17 01:28:58 ----N---- C:\Windows\system32\MpSigStub.exe
2013-01-10 20:01:26 ----D---- C:\Windows\rescache
2013-01-09 17:42:21 ----D---- C:\Windows\system32\cs-CZ
2013-01-09 15:36:15 ----A---- C:\Windows\system32\MRT.exe
2013-01-09 15:28:13 ----D---- C:\Program Files\Microsoft Games
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-10-15 44784]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-10-30 54232]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [2013-01-20 31576]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-22 242240]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680]
R3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-13 211456]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2009-09-18 45184]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2012-07-03 149352]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2010-10-18 32408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\UIVATE~1\AppData\Local\Temp\catchme.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter_hs.sys [2011-03-07 15896]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 winusb;Ovladač WinUsb; C:\Windows\system32\DRIVERS\winusb.sys [2010-11-20 35968]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary; C:\Windows\system32\DRIVERS\zghsmdm.sys [2011-03-07 113432]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 1436160]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-12-29 639928]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-12-29 1260472]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2013-02-01 76888]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-20 945328]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-22 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-22 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-12-22 1343400]
-----------------EOF-----------------
Run by Uživatel at 2013-02-03 19:06:17
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 79 GB (52%) free of 153 GB
Total RAM: 2014 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:06:24, on 3.2.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Clownfish\Clownfish.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Uživatel\Downloads\RSIT.exe
C:\Program Files\trend micro\Uživatel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.0.14\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.0.14\AVG Secure Search_toolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Clownfish] "C:\Program Files\Clownfish\Clownfish.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-21-1960281371-784375549-2458736988-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1960281371-784375549-2458736988-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: vToolbarUpdater14.0.1 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
--
End of file - 7454 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\ROC_REG_JAN_DELETE.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-12 461216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\14.0.0.14\AVG Secure Search_toolbar.dll [2013-01-20 1883824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-12 170912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\14.0.0.14\AVG Secure Search_toolbar.dll [2013-01-20 1883824]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-12-14 2255360]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2013-01-20 1101488]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-11-06 3673728]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"Clownfish"=C:\Program Files\Clownfish\Clownfish.exe [2012-09-27 1122040]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-01-08 18705664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"VIDC.RTV1"=rtvcvfw32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2013-02-03 19:06:17 ----D---- C:\rsit
2013-02-03 19:06:17 ----D---- C:\Program Files\trend micro
2013-02-03 18:12:50 ----SHD---- C:\$RECYCLE.BIN
2013-02-03 18:12:48 ----D---- C:\Windows\temp
2013-02-03 18:12:46 ----A---- C:\ComboFix.txt
2013-02-03 17:59:59 ----A---- C:\Windows\zip.exe
2013-02-03 17:59:59 ----A---- C:\Windows\SWSC.exe
2013-02-03 17:59:59 ----A---- C:\Windows\SWREG.exe
2013-02-03 17:59:59 ----A---- C:\Windows\sed.exe
2013-02-03 17:59:59 ----A---- C:\Windows\PEV.exe
2013-02-03 17:59:59 ----A---- C:\Windows\NIRCMD.exe
2013-02-03 17:59:59 ----A---- C:\Windows\MBR.exe
2013-02-03 17:59:59 ----A---- C:\Windows\grep.exe
2013-02-03 17:59:14 ----D---- C:\Qoobox
2013-02-03 17:58:52 ----D---- C:\Windows\erdnt
2013-02-01 11:13:59 ----A---- C:\Windows\system32\drivers\PnkBstrK.sys
2013-02-01 11:13:43 ----A---- C:\Windows\system32\PnkBstrB.exe
2013-02-01 11:13:37 ----A---- C:\Windows\system32\PnkBstrA.exe
2013-01-31 19:37:28 ----D---- C:\Program Files\Lame For Audacity
2013-01-31 18:48:42 ----D---- C:\Users\Uživatel\AppData\Roaming\Audacity
2013-01-31 18:48:23 ----D---- C:\Program Files\Audacity
2013-01-31 17:45:04 ----A---- C:\Windows\AutoKMS.exe
2013-01-31 17:30:30 ----D---- C:\Program Files\Microsoft Synchronization Services
2013-01-31 17:30:28 ----D---- C:\Program Files\Common Files\DESIGNER
2013-01-31 17:29:51 ----D---- C:\Windows\PCHEALTH
2013-01-31 17:29:50 ----D---- C:\Program Files\Microsoft Sync Framework
2013-01-31 17:29:50 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2013-01-31 17:28:24 ----D---- C:\Program Files\Microsoft Visual Studio 8
2013-01-31 17:26:45 ----D---- C:\Program Files\Microsoft Analysis Services
2013-01-31 17:25:45 ----D---- C:\ProgramData\Microsoft Help
2013-01-31 17:25:01 ----RD---- C:\MSOCache
2013-01-30 16:59:19 ----D---- C:\Users\Uživatel\AppData\Roaming\Publish Providers
2013-01-27 18:16:58 ----D---- C:\Users\Uživatel\AppData\Roaming\Sony
2013-01-27 18:13:10 ----D---- C:\ProgramData\Sony
2013-01-27 18:12:48 ----D---- C:\Program Files\Sony
2013-01-27 17:29:49 ----A---- C:\Windows\system32\drivers\aswSP.sys
2013-01-27 17:29:49 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2013-01-27 17:29:43 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2013-01-27 17:29:42 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2013-01-27 17:29:40 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2013-01-27 17:29:37 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2013-01-27 17:28:57 ----A---- C:\Windows\avastSS.scr
2013-01-27 17:28:54 ----A---- C:\Windows\system32\aswBoot.exe
2013-01-27 17:28:26 ----D---- C:\ProgramData\AVAST Software
2013-01-27 17:28:26 ----D---- C:\Program Files\AVAST Software
2013-01-26 10:36:34 ----D---- C:\Program Files\MSI Kombustor 2.5
2013-01-26 10:27:17 ----D---- C:\Program Files\MSI Afterburner
2013-01-25 11:02:47 ----RD---- C:\Program Files\Skype
2013-01-25 11:02:47 ----D---- C:\Program Files\Common Files\Skype
2013-01-24 12:17:19 ----RASH---- C:\MSDOS.SYS
2013-01-24 12:17:19 ----RASH---- C:\IO.SYS
2013-01-24 11:32:26 ----D---- C:\Program Files\VirtualDJ
2013-01-23 16:22:47 ----D---- C:\Program Files\BitTorrent
2013-01-23 16:22:05 ----D---- C:\Users\Uživatel\AppData\Roaming\BitTorrent
2013-01-21 17:13:54 ----D---- C:\ProgramData\Electronic Arts
2013-01-21 16:39:54 ----D---- C:\Program Files\Microsoft WSE
2013-01-21 16:25:53 ----D---- C:\Program Files\Electronic Arts
2013-01-20 17:53:05 ----D---- C:\ProgramData\AVG Security Toolbar
2013-01-20 17:53:02 ----D---- C:\ProgramData\AVG Secure Search
2013-01-20 17:52:50 ----A---- C:\Windows\system32\drivers\avgtpx86.sys
2013-01-20 17:52:46 ----D---- C:\Program Files\Common Files\AVG Secure Search
2013-01-20 17:52:44 ----D---- C:\Program Files\AVG Secure Search
2013-01-20 17:45:04 ----D---- C:\ProgramData\AVG January 2013 Campaign
2013-01-20 13:10:03 ----D---- C:\ProgramData\Orbit
2013-01-19 21:00:20 ----D---- C:\Program Files\Counter-Strike 1.6
2013-01-19 20:52:52 ----D---- C:\Program Files\TeamSpeak 3 Client
2013-01-19 16:34:00 ----D---- C:\Program Files\Mixxx
2013-01-19 16:24:48 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-01-19 16:24:48 ----A---- C:\Windows\system32\javaw.exe
2013-01-19 16:24:48 ----A---- C:\Windows\system32\java.exe
2013-01-18 16:23:50 ----A---- C:\Windows\system32\msvcr100.dll
2013-01-18 16:23:50 ----A---- C:\Windows\system32\msvcp100.dll
2013-01-17 17:03:27 ----D---- C:\Users\Uživatel\AppData\Roaming\Leadertech
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvwgf2um.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvopencl.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvoglv32.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvdispgenco32.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvdispco32.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvd3dum.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvcuvid.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvcuvenc.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvcuda.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\nvcompiler.dll
2013-01-17 16:09:35 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2013-01-17 15:35:39 ----D---- C:\Program Files\EA Sports
2013-01-11 16:42:16 ----D---- C:\Users\Uživatel\AppData\Roaming\Notepad++
2013-01-11 16:42:16 ----D---- C:\Program Files\Notepad++
2013-01-10 20:02:42 ----D---- C:\Program Files\MSXML 4.0
2013-01-09 13:51:54 ----A---- C:\Windows\system32\usp10.dll
2013-01-09 13:51:53 ----A---- C:\Windows\system32\win32k.sys
2013-01-09 13:51:50 ----A---- C:\Windows\system32\win32spl.dll
2013-01-09 13:51:39 ----A---- C:\Windows\system32\msxml6.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 13:51:35 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 13:51:35 ----A---- C:\Windows\system32\winsrv.dll
2013-01-09 13:51:35 ----A---- C:\Windows\system32\KernelBase.dll
2013-01-09 13:51:35 ----A---- C:\Windows\system32\kernel32.dll
2013-01-09 13:51:35 ----A---- C:\Windows\system32\conhost.exe
2013-01-09 13:51:17 ----A---- C:\Windows\system32\gameux.dll
2013-01-09 13:51:16 ----A---- C:\Windows\system32\Wpc.dll
2013-01-09 13:51:08 ----A---- C:\Windows\system32\ncrypt.dll
2013-01-09 13:51:07 ----A---- C:\Windows\system32\taskhost.exe
2013-01-07 16:43:55 ----A---- C:\Windows\system32\FntCache.dll
2013-01-07 16:43:54 ----A---- C:\Windows\system32\d2d1.dll
2013-01-07 16:21:40 ----D---- C:\Users\Uživatel\AppData\Roaming\Ubisoft
2013-01-07 16:09:36 ----D---- C:\ProgramData\Ubisoft
2013-01-07 15:58:03 ----D---- C:\Program Files\Ubisoft
2013-01-07 15:57:38 ----D---- C:\Users\Uživatel\AppData\Roaming\InstallShield
2013-01-06 12:14:17 ----HD---- C:\Program Files\Common Files\EAInstaller
2013-01-06 12:14:06 ----A---- C:\Windows\system32\d3dx10_40.dll
2013-01-06 12:14:06 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2013-01-06 12:14:05 ----A---- C:\Windows\system32\D3DX9_40.dll
2013-01-04 20:08:59 ----D---- C:\Program Files\Clownfish
======List of files/folders modified in the last 1 month======
2013-02-03 19:06:17 ----RD---- C:\Program Files
2013-02-03 18:12:48 ----D---- C:\Windows
2013-02-03 18:11:23 ----A---- C:\Windows\system.ini
2013-02-03 18:11:17 ----D---- C:\Windows\system32\drivers\etc
2013-02-03 18:07:56 ----D---- C:\Windows\system32\drivers
2013-02-03 18:07:56 ----D---- C:\Windows\System32
2013-02-03 18:07:56 ----D---- C:\Windows\AppPatch
2013-02-03 18:07:54 ----D---- C:\Program Files\Common Files
2013-02-03 18:01:15 ----D---- C:\Windows\Prefetch
2013-02-03 18:00:20 ----SHD---- C:\System Volume Information
2013-02-03 17:59:04 ----D---- C:\ProgramData
2013-02-03 17:46:09 ----D---- C:\Users\Uživatel\AppData\Roaming\Skype
2013-02-03 17:36:43 ----D---- C:\ProgramData\NVIDIA
2013-02-01 20:32:48 ----D---- C:\Windows\system32\config
2013-02-01 20:17:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-02-01 20:17:31 ----D---- C:\Windows\inf
2013-02-01 14:22:11 ----SHD---- C:\Windows\Installer
2013-02-01 14:19:01 ----D---- C:\Program Files\Common Files\System
2013-02-01 14:19:01 ----A---- C:\Windows\win.ini
2013-02-01 14:05:06 ----D---- C:\Users\Uživatel\AppData\Roaming\.minecraft
2013-02-01 12:23:13 ----D---- C:\Windows\Microsoft.NET
2013-02-01 12:22:53 ----RSD---- C:\Windows\assembly
2013-01-31 21:10:33 ----D---- C:\Windows\winsxs
2013-01-31 17:45:04 ----D---- C:\Windows\system32\Tasks
2013-01-31 17:44:06 ----SD---- C:\Users\Uživatel\AppData\Roaming\Microsoft
2013-01-31 17:32:07 ----RSD---- C:\Windows\Fonts
2013-01-31 17:31:44 ----D---- C:\Windows\ShellNew
2013-01-31 17:31:38 ----D---- C:\Program Files\Common Files\microsoft shared
2013-01-31 17:31:25 ----D---- C:\Program Files\MSBuild
2013-01-31 17:29:51 ----SD---- C:\ProgramData\Microsoft
2013-01-31 17:29:50 ----D---- C:\Program Files\Microsoft.NET
2013-01-30 16:24:48 ----HD---- C:\Program Files\InstallShield Installation Information
2013-01-29 17:43:35 ----D---- C:\ProgramData\MFAData
2013-01-27 17:48:35 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2013-01-27 17:47:30 ----D---- C:\Program Files\Common Files\Adobe
2013-01-26 10:27:52 ----D---- C:\Windows\system32\directx
2013-01-26 10:27:43 ----HD---- C:\Windows\msdownld.tmp
2013-01-26 10:16:13 ----D---- C:\Program Files\EA Games
2013-01-25 11:02:55 ----D---- C:\ProgramData\Skype
2013-01-24 20:26:56 ----D---- C:\Program Files\2K Games
2013-01-23 16:24:01 ----D---- C:\Users\Uživatel\AppData\Roaming\uTorrent
2013-01-23 16:12:31 ----D---- C:\Windows\system32\wdi
2013-01-20 17:47:00 ----D---- C:\Windows\Tasks
2013-01-20 12:50:14 ----D---- C:\Windows\system32\catroot2
2013-01-19 16:33:27 ----D---- C:\Windows\system32\en-US
2013-01-19 16:33:26 ----D---- C:\Windows\system32\pt-PT
2013-01-19 16:33:26 ----D---- C:\Windows\system32\pt-BR
2013-01-19 16:33:26 ----D---- C:\Windows\system32\nl-NL
2013-01-19 16:33:26 ----D---- C:\Windows\system32\it-IT
2013-01-19 16:33:26 ----D---- C:\Windows\system32\fr-FR
2013-01-19 16:33:26 ----D---- C:\Windows\system32\es-ES
2013-01-19 16:33:26 ----D---- C:\Windows\system32\drivers\UMDF
2013-01-19 16:33:26 ----D---- C:\Windows\system32\de-DE
2013-01-19 16:33:19 ----D---- C:\Windows\system32\catroot
2013-01-19 16:33:18 ----D---- C:\Windows\system32\DriverStore
2013-01-19 16:24:48 ----D---- C:\Program Files\Java
2013-01-17 16:12:30 ----D---- C:\Program Files\NVIDIA Corporation
2013-01-17 01:28:58 ----N---- C:\Windows\system32\MpSigStub.exe
2013-01-10 20:01:26 ----D---- C:\Windows\rescache
2013-01-09 17:42:21 ----D---- C:\Windows\system32\cs-CZ
2013-01-09 15:36:15 ----A---- C:\Windows\system32\MRT.exe
2013-01-09 15:28:13 ----D---- C:\Program Files\Microsoft Games
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-10-15 44784]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-10-30 54232]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [2013-01-20 31576]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-22 242240]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680]
R3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-13 211456]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2009-09-18 45184]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2012-07-03 149352]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2010-10-18 32408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\UIVATE~1\AppData\Local\Temp\catchme.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter_hs.sys [2011-03-07 15896]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 winusb;Ovladač WinUsb; C:\Windows\system32\DRIVERS\winusb.sys [2010-11-20 35968]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary; C:\Windows\system32\DRIVERS\zghsmdm.sys [2011-03-07 113432]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 1436160]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-12-29 639928]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-12-29 1260472]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2013-02-01 76888]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-20 945328]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-22 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-22 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-12-22 1343400]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119524
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Facebook virus
Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
File::
c:\windows\AutoKMS.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Folder::
c:\users\Uživatel\46357865364647353
c:\program files\Microsoft Office
:Regnull
[HKEY_USERS\S-1-5-21-1960281371-784375549-2458736988-1000\Software\SecuROM\License information*]
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Rudy
- Site Admin
- Příspěvky: 119524
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Facebook virus
PC dosud není dočištěn. Ale, jak je libo. Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?