nalezena hrozba prosím o kontrolu

Zpráva

jarda.otta · #1 Příspěvek od **jarda.otta** » 24 bře 2013 12:42

Dobrý den. Začnu popořádku. Dnes jsem si stáhl film z netu a po spuštění tam žádný film nebyl jen nějaká hláška velkým červeným písmem a přehrálo se to za cca 10 vteřin. Film má název, příponu avi a velikost 700 mb. Po kliknutí na přehrání nahlasil Avast hrozbu. To už ale asi bylo pozdě.Tak jsem to dal do karantény. A teˇdruhá možná souvislost. Hodinu poté jsem dostal od kamaráda novou flešku 128 gb ktero zakoupil na ebay odněkat z taiwanu. Začal jsem na ní kopírovat soubory z mé menší flešky a najednou to nahlásilo chyba nějakého kódu. Má fleška má velikost 32 gb a na té nové to vytvořilo hrozný zmatek a nečitelné soubory prapodivných znaků. Například složka obrázky ve které jsem měl cca 10 mb obrázků je na no vé flešce vykazována jako s 70 gb velikostí, ale v ní je jen pár znaků o nulových velikostech. O všechna data jsem přišel protože jsem dal vyjmout a přenést. Dal jsem test přenosných medií a Avast našel na té nové flešce win32:rootkit-gen(rtk). Tak nevím jestli je to nějaká souvislost s tím staženým filmem který vlastně filmem nebyl, nebo na té nové flešce z toho taiwanu už nebyl nějaký virus. Zde dávám rsit a děkuji za pomoc.
Logfile of random's system information tool 1.09 (written by random/random)
Run by jaris at 2013-03-24 12:27:25
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 6 GB (2%) free of 297 GB
Total RAM: 2047 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:28:38, on 24.3.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Program Files\TechSmith\Snagit 11\Snagit32.exe
C:\Program Files\TechSmith\Snagit 11\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 11\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 11\snagiteditor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\jaris\Desktop\RSIT.exe
C:\Program Files\trend micro\jaris.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [gbrspcontrol] "C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Startup: soubor.cmd
O4 - Global Startup: Snagit 11.lnk = C:\Program Files\TechSmith\Snagit 11\Snagit32.exe
O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files\Comodo\GeekBuddy\launcher.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions Inc. - C:\Program Files\Common Files\COMODO\launcher_service.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: GeekBuddyRSP Service (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
O23 - Service: Služba Google Update (gupdate1c9e9c6e1469ee0) (gupdate1c9e9c6e1469ee0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Kingsoft Core Service (kxescore) - Unknown owner - c:\program files\kingsoft\kingsoft antivirus\kxescore.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Samsung UPD Service2 - Samsung Electronics - C:\Windows\System32\SUPDSvc2.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

--
End of file - 7759 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\jgh0lzvb.default

prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
prefs.js - "extensions.enabledItems" - "{ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.25.36, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.15, {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.8.1, {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}:7.0.01, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145, {563e4790-7e70-11da-a72b-0800200c9a66}:0.9f, {338e0b96-2285-4424-b4c8-e25560750fa3}:2.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.26, {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.77"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.13.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@kingsfot.com/npkws]
"Description"=npkws
"Path"=C:\Program Files\kingsoft\kingsoft antivirus\npkws.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3]
"Description"=Office Live Update v1.3
"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666]
"Description"=12.0.1.666
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14]
"Description"=RealPlayer Download Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprpplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{f23b61a2-e957-7574-6ab2-e5478fa38656}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppl3260.dll
nppl3260.xpt
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npqtplugin8.dll
nprjplug.dll
nprpjplug.dll
nprpplugin.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\jgh0lzvb.default\extensions\
nostmp
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{1018e4d6-728f-4b20-ad56-37578a4de76b}
{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
{563e4790-7e70-11da-a72b-0800200c9a66}
{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
{AA994882-F391-4d2e-806F-8908DA4814ED}-trash
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(237)
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\jgh0lzvb.default\searchplugins\
doplky-pro-firefox.xml
pdf-search.xml
vyhledvn-vide-ve-slub-youtube.xml
{688B6F2A-6679-4CEB-A689-3D7DC9DD441E}.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2009-02-04 752744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-12 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96372AB6-15EB-4316-B497-71C741BC548C}]
Easy Gif Animator Toolbar Helper - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll [2012-10-29 815104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-12 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-03-07 4767304]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-11-07 6756048]
"gbrspcontrol"=C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2013-01-15 1851088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2013-03-18 367016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [2007-09-04 148760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe [2007-09-10 1962216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Christmas Gift]
C:\Users\jaris\Downloads\xmas-2012tree\ChristmasGift.exe [2011-11-24 641024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Christmas spirit]
C:\Users\jaris\Downloads\xmas-2012tree\ChristmasSpirit.exe [2011-11-24 483840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChristmasTree]
C:\Users\jaris\Downloads\xmas-2012tree\Christmas.exe [2011-11-24 494080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Deluxe Tree]
C:\Users\jaris\Downloads\xmas-2012tree\Deluxe Christmas Tree.exe [2011-11-24 559104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\deskTannenbaum]
C:\Users\jaris\Downloads\xmas-2012tree\Desktop Tannenbaum.exe [2011-11-24 573440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [2007-09-10 1188152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [2012-11-13 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2012-11-01 1263512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTree]
C:\Users\jaris\Downloads\xmas-2012tree\eTree.exe [2011-11-24 667648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeXmasTree]
C:\Users\jaris\Downloads\xmas-2012tree\FreeXmasTree.exe [2011-11-24 623616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetChristmas]
C:\Users\jaris\Downloads\xmas-2012tree\GetChristmas.exe [2011-11-24 530432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
C:\Program Files\Google\Drive\googledrivesync.exe [2013-03-07 19357112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Happy Christmas]
C:\Users\jaris\Downloads\xmas-2012tree\HappyChristmas.exe [2011-11-24 613888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDD Regenerator]
C:\Program Files\HDD Regenerator\HDD Regenerator.exe [2010-10-14 4249872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
C:\Program Files\Microsoft LifeCam\LifeExp.exe [2010-05-20 119152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Little Tree]
C:\Users\jaris\Downloads\xmas-2012tree\LittleTree.exe [2011-11-24 603648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Live Xmas Tree]
C:\Users\jaris\Downloads\xmas-2012tree\LiveXmasTree.exe [2011-11-24 498176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveChristmasTree]
C:\Users\jaris\Downloads\xmas-2012tree\LiveChristmasTree.exe [2011-11-24 570880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magic Tree]
C:\Users\jaris\Downloads\xmas-2012tree\Desktop Magic Tree.exe [2011-11-24 571904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Plasticine Tree]
C:\Users\jaris\Downloads\xmas-2012tree\Plasticine Christmas Tree.exe [2011-11-24 499712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2012-10-25 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainbow Tree]
C:\Users\jaris\Downloads\xmas-2012tree\RainbowTree.exe [2011-11-24 669696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Red Christmas Tree]
C:\Users\jaris\Downloads\xmas-2012tree\Red Christmas Tree.exe [2011-11-24 538624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-03-28 10029672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Star Tree]
C:\Users\jaris\Downloads\xmas-2012tree\StarTree.exe [2011-11-26 685056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner]
C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe [2006-10-08 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Real\RealPlayer\update\realsched.exe [2012-12-04 296096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\Windows\vVX3000.exe [2010-05-20 762736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Christmas Tree]
C:\Users\jaris\Downloads\xmas-2012tree\WinChristmasTree.exe [2011-11-24 501760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xmas Tree]
C:\Users\jaris\Downloads\xmas-2012tree\Xmas Tree.exe [2011-11-24 539136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
C:\PROGRA~1\Secunia\PSI\psi_tray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^jaris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^soubor.cmd]
C:\Users\jaris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\soubor.cmd [2013-02-28 151]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Snagit 11.lnk - C:\Program Files\TechSmith\Snagit 11\Snagit32.exe
Start GeekBuddy.lnk - C:\Program Files\Comodo\GeekBuddy\launcher.exe

C:\Users\jaris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
soubor.cmd

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\fsproflt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=0
"NoDriveTypeAutoRun"=153
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDriveTypeAutoRun"=153
"HonorAutoRunSetting"=0
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.sl_anet"=sl_anet.acm
"msacm.divxa32"=divxa32.acm
"vidc.mjpg"=pvmjpg30.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"msacm.ac3filter"=ac3filter.acm
"VIDC.FPS1"=frapsvid.dll
"vidc.tscc"=C:\Windows\system32\tsccvid.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.XVID"=xvidvfw.dll
"vidc.iv50"=ir50_32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.MPG4"=MPG4c32.dll
"vidc.MP42"=MPG4c32.dll
"vidc.MP43"=MPG4c32.dll
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-03-24 11:41:50 ----A---- C:\AdwCleaner[S5].txt
2013-03-22 07:46:21 ----SHD---- C:\$RECYCLE.BIN
2013-03-21 18:51:54 ----A---- C:\Windows\system32\drivers\usb8023.sys
2013-03-21 15:45:47 ----SD---- C:\32788R22FWJFW
2013-03-20 15:34:40 ----SHD---- C:\Config.Msi
2013-03-19 22:30:32 ----A---- C:\ComboFix.txt
2013-03-19 22:12:34 ----D---- C:\Windows\temp
2013-03-19 21:46:04 ----D---- C:\Windows\erdnt
2013-03-19 11:23:04 ----D---- C:\Program Files\GIF Viewer
2013-03-18 07:20:01 ----D---- C:\Program Files\IncrediMail
2013-03-14 18:03:00 ----A---- C:\Windows\system32\mshtmled.dll
2013-03-14 18:02:58 ----A---- C:\Windows\system32\vbscript.dll
2013-03-14 18:02:57 ----A---- C:\Windows\system32\ieui.dll
2013-03-14 18:02:55 ----A---- C:\Windows\system32\jsproxy.dll
2013-03-14 18:02:55 ----A---- C:\Windows\system32\ieUnatt.exe
2013-03-14 18:02:54 ----A---- C:\Windows\system32\msfeeds.dll
2013-03-14 18:02:52 ----A---- C:\Windows\system32\wininet.dll
2013-03-14 18:02:52 ----A---- C:\Windows\system32\jscript.dll
2013-03-14 18:02:49 ----A---- C:\Windows\system32\jscript9.dll
2013-03-14 18:02:48 ----A---- C:\Windows\system32\url.dll
2013-03-14 18:02:46 ----A---- C:\Windows\system32\iertutil.dll
2013-03-14 18:02:40 ----A---- C:\Windows\system32\urlmon.dll
2013-03-14 18:02:37 ----A---- C:\Windows\system32\mshtml.dll
2013-03-14 18:02:31 ----A---- C:\Windows\system32\ieframe.dll
2013-03-13 17:27:40 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2013-03-13 17:27:39 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2013-03-12 20:26:44 ----A---- C:\Windows\system32\certsentry.dll
2013-03-12 10:09:30 ----D---- C:\Program Files\IVT Corporation
2013-03-08 09:30:03 ----D---- C:\ProgramData\Samsung
2013-03-08 09:25:19 ----N---- C:\Windows\TotalUninstaller.exe
2013-03-08 09:25:19 ----N---- C:\Windows\gdiplus.dll
2013-03-08 09:25:18 ----D---- C:\Program Files\Samsung
2013-03-08 09:21:30 ----A---- C:\Windows\system32\UPDIO2.dll
2013-03-08 09:21:30 ----A---- C:\Windows\system32\SUPDSvcA2.dll
2013-03-08 09:20:55 ----A---- C:\Windows\system32\SUPDSvc2.exe
2013-03-08 09:20:54 ----A---- C:\Windows\system32\SUPDRun.exe
2013-03-08 09:20:51 ----A---- C:\Windows\system32\spd__ci.exe
2013-03-06 09:14:28 ----D---- C:\Program Files\Microsoft Office Labs
2013-03-04 17:51:07 ----A---- C:\Windows\ntbtlog.txt
2013-03-03 14:20:23 ----D---- C:\_OTM
2013-03-02 16:50:49 ----A---- C:\AdwCleaner[S3].txt
2013-03-02 08:56:23 ----D---- C:\rsit
2013-03-01 13:53:14 ----A---- C:\Windows\NeroDigital.ini
2013-03-01 13:49:50 ----D---- C:\Program Files\Xenocode
2013-02-28 08:41:47 ----D---- C:\Program Files\Mozilla Firefox
2013-02-26 19:28:55 ----A---- C:\AdwCleaner[S2].txt
2013-02-26 19:25:51 ----A---- C:\AdwCleaner[R6].txt
2013-02-26 19:24:44 ----A---- C:\AdwCleaner[R5].txt

======List of files/folders modified in the last 1 month======

2013-03-24 12:27:53 ----D---- C:\Program Files\trend micro
2013-03-24 12:20:58 ----D---- C:\Windows\system32\drivers
2013-03-24 11:55:51 ----D---- C:\Windows\Prefetch
2013-03-24 11:51:48 ----D---- C:\Users\jaris\AppData\Roaming\LangSoft
2013-03-24 11:48:47 ----D---- C:\ProgramData\NVIDIA
2013-03-24 11:25:27 ----D---- C:\Users\jaris\AppData\Roaming\Skype
2013-03-24 09:54:59 ----D---- C:\Windows\inf
2013-03-24 09:54:59 ----AD---- C:\Windows\System32
2013-03-24 09:54:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-03-24 07:21:52 ----D---- C:\Users\jaris\AppData\Roaming\uTorrent
2013-03-24 00:02:43 ----SHD---- C:\System Volume Information
2013-03-22 18:17:06 ----AD---- C:\Windows
2013-03-22 18:00:40 ----D---- C:\Windows\winsxs
2013-03-21 18:49:07 ----D---- C:\Windows\system32\catroot
2013-03-21 18:14:44 ----D---- C:\Users\jaris\AppData\Roaming\XnView
2013-03-21 18:13:56 ----D---- C:\Users\jaris\AppData\Roaming\SWF.max
2013-03-21 00:00:44 ----D---- C:\Windows\system32\catroot2
2013-03-20 15:35:12 ----SHD---- C:\Windows\Installer
2013-03-19 22:20:12 ----A---- C:\Windows\system.ini
2013-03-19 22:19:39 ----D---- C:\Windows\system32\drivers\etc
2013-03-19 22:15:52 ----D---- C:\Windows\schemas
2013-03-19 22:04:43 ----D---- C:\Windows\AppPatch
2013-03-19 22:04:41 ----D---- C:\Program Files\Common Files
2013-03-19 11:23:04 ----RD---- C:\Program Files
2013-03-18 08:56:14 ----D---- C:\Program Files\Common Files\Apple
2013-03-15 09:48:14 ----D---- C:\Program Files\Xilisoft
2013-03-15 08:50:29 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-03-15 08:38:37 ----D---- C:\Windows\system32\Tasks
2013-03-15 08:38:36 ----D---- C:\Windows\Tasks
2013-03-15 08:15:15 ----D---- C:\Program Files\Microsoft Silverlight
2013-03-14 19:00:28 ----D---- C:\Windows\system32\migration
2013-03-14 19:00:27 ----D---- C:\Program Files\Internet Explorer
2013-03-14 18:09:44 ----D---- C:\Windows\Debug
2013-03-14 18:09:37 ----A---- C:\Windows\system32\mrt.exe
2013-03-14 18:09:16 ----D---- C:\ProgramData\Microsoft Help
2013-03-14 11:21:34 ----D---- C:\Program Files\rajce
2013-03-12 20:26:06 ----D---- C:\Program Files\Comodo
2013-03-12 11:47:12 ----D---- C:\Users\jaris\AppData\Roaming\Passport Photo Studio
2013-03-12 11:09:13 ----D---- C:\ProgramData\Bluetooth
2013-03-12 10:34:32 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-03-09 16:23:14 ----D---- C:\Users\jaris\AppData\Roaming\Mozilla
2013-03-08 09:30:03 ----D---- C:\ProgramData
2013-03-07 14:48:28 ----D---- C:\Program Files\Google
2013-03-07 13:32:18 ----D---- C:\TRANSLAT
2013-03-07 13:31:33 ----D---- C:\ProgramData\LangSoft
2013-03-07 00:32:42 ----A---- C:\Windows\system32\aswBoot.exe
2013-03-06 13:56:08 ----RSD---- C:\Windows\Fonts
2013-03-06 08:46:43 ----D---- C:\SOWTWARE
2013-03-03 15:06:03 ----D---- C:\Program Files\IncredimailBackup
2013-03-02 16:33:26 ----D---- C:\Windows\system32\wbem
2013-03-02 16:32:08 ----D---- C:\Windows\system32\config
2013-03-02 16:31:30 ----D---- C:\Windows\system32\spool
2013-03-02 16:31:25 ----D---- C:\Windows\registration
2013-03-02 13:40:38 ----SD---- C:\Users\jaris\AppData\Roaming\Microsoft
2013-03-02 12:54:05 ----D---- C:\ProgramData\Comodo
2013-02-26 17:46:05 ----D---- C:\Users\jaris\AppData\Roaming\Audacity
2013-02-26 17:07:06 ----D---- C:\Users\jaris\AppData\Roaming\OpenWith.org Cache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-03-07 49248]
R0 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 kavbootc;kavbootc; C:\Windows\system32\drivers\kavbootc.sys [2013-01-31 27240]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2010-03-19 45648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2006-07-05 59256]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\Windows\System32\drivers\sfsync02.sys [2006-07-10 27032]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2012-01-10 120992]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2012-01-10 400864]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2013-03-07 49760]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-03-07 765736]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-03-07 368176]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-03-07 62376]
R1 CFRMD;CFRMD; C:\Windows\system32\DRIVERS\CFRMD.sys [2012-09-03 35064]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2012-11-07 494416]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2012-11-07 42264]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2012-11-07 82952]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-03-07 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-03-07 66336]
R2 kisknl;kisknl; \??\C:\Windows\system32\drivers\kisknl.sys [2013-01-31 178488]
R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2012-01-10 32768]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-03-05 34576]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-04-06 3464104]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 20464]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2012-10-10 10837352]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2011-04-15 30088]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-10-29 197224]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2011-02-22 319592]
R3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 VX3000;VX-3000; C:\Windows\system32\DRIVERS\VX3000.sys [2010-05-20 1961328]
S0 amnatw;amnatw; C:\Windows\System32\drivers\jjtj.sys []
S0 BtHidBus;Bluetooth HID Bus Service; C:\Windows\System32\Drivers\BtHidBus.sys []
S0 bugsmtx;bugsmtx; C:\Windows\System32\drivers\tgis.sys []
S1 KDHacker;KDHacker; \??\c:\program files\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys []
S2 CXIR;Conexant Polaris IR Transceiver; C:\Windows\system32\drivers\cxcir.sys []
S3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE; C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696]
S3 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-03-07 164736]
S3 Avc;Zařízení AVC; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-03-05 39184]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CXPOLARIS;Conexant Polaris Video Capture; C:\Windows\system32\drivers\cxpolaris.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 FlyPCI;FlyPCI; \??\C:\Windows\system32\drivers\FlyPCI.sys [2003-10-10 4134]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-02 1302492]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys []
S3 ksapi;ksapi; \??\C:\Windows\system32\drivers\ksapi.sys [2013-01-31 83304]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-04-15 47360]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB; C:\Windows\system32\DRIVERS\MarvinAVS.sys [2007-05-09 434176]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 rockusb;Driver for rockusb Device; C:\Windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-04-08 64000]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\Windows\system32\drivers\ScreamingBAudio.sys [2009-11-25 34384]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-03-07 45248]
R2 CLPSLauncher;COMODO LPS Launcher; C:\Program Files\Common Files\COMODO\launcher_service.exe [2013-02-14 70352]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-11-07 1990464]
R2 DragonUpdater;COMODO Dragon Update Service; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2013-03-12 2074768]
R2 FolderSize;Folder Size; C:\Program Files\FolderSize\FolderSizeSvc.exe [2010-04-06 116224]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 GeekBuddyRSP;GeekBuddyRSP Service; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2013-01-15 1851088]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LexBceS;LexBce Server; C:\Windows\System32\LEXBCES.EXE [2006-04-18 311296]
R2 lxcz_device;lxcz_device; C:\Windows\system32\lxczcoms.exe [2007-04-19 537520]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2010-05-20 139632]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 645992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9e9c6e1469ee0;Služba Google Update (gupdate1c9e9c6e1469ee0); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-10 116648]
S2 kxescore;Kingsoft Core Service; c:\program files\kingsoft\kingsoft antivirus\kxescore.exe /service kxescore []
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-10 1258856]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-15 253656]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-26 651720]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-10 116648]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-09 115608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Samsung UPD Service2;Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [2012-04-06 129536]
S3 Start BT in service;Start BT in service; C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 52080]
S4 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2007-09-04 410904]
S4 AtomicAlarmClock;Atomic Alarm Clock Time; C:\Program Files\Clock Tray Skins\timeserv.exe [2008-09-29 415744]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 nlsX86cc;NLS Service; C:\Windows\system32\NLSSRV32.EXE [2010-10-20 67904]
S4 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-10-27 718384]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 24 bře 2013 13:21

Zdravím!
Na tu flešku pusťte USBFix: http://forum.viry.cz/viewtopic.php?f=24&t=102308 . Pak dejte z PC log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

jarda.otta · #3 Příspěvek od **jarda.otta** » 25 bře 2013 08:00

Ale jak spustím combofix na flešku když ho dám na plochu tak mě začne skenovat disk c. nebo skénuje i zapojená zařízení jako třeba i tu flešku?

#4 Příspěvek od **Rudy** » 25 bře 2013 18:03

Pochopitelně. CF je od toho, aby disk proskenoval a vytáhl z něj šmejdy.

jarda.otta · #5 Příspěvek od **jarda.otta** » 28 bře 2013 14:52

Omlouvám se za zpoždění.Tu flešku jsem předem naformátoval. jedná se mě o Comp. Díky. Zde log

ComboFix 13-03-27.01 - jaris 28.03.2013 14:21:41.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.980 [GMT 1:00]
Spuštěný z: c:\users\jaris\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-28 do 2013-03-28 )))))))))))))))))))))))))))))))
.
.
2013-03-28 13:38 . 2013-03-28 13:38 -------- d-----w- c:\users\jaris\AppData\Local\temp
2013-03-28 09:22 . 2013-03-28 09:22 -------- d-----w- c:\program files\Common Files\Skype
2013-03-26 15:13 . 2013-03-26 15:13 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0E1019A-D895-4BF2-9D64-C1D48DA8ED4A}\offreg.dll
2013-03-26 14:43 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0E1019A-D895-4BF2-9D64-C1D48DA8ED4A}\mpengine.dll
2013-03-21 17:51 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-21 17:17 . 2013-03-27 13:38 -------- d-----w- c:\users\jaris\AppData\Local\GHISLER
2013-03-20 14:34 . 2013-03-20 14:34 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-03-19 10:24 . 2013-03-19 10:24 -------- d-----w- c:\users\jaris\AppData\Local\Stefan_Wobbe
2013-03-19 10:23 . 2013-03-19 10:23 -------- d-----w- c:\program files\GIF Viewer
2013-03-18 07:56 . 2013-03-18 07:56 -------- d-----w- c:\users\jaris\AppData\Local\Apple
2013-03-18 07:20 . 2013-03-18 07:20 -------- d-----w- c:\users\jaris\AppData\Local\Apple Computer
2013-03-18 06:20 . 2013-03-18 06:23 -------- d-----w- c:\users\jaris\AppData\Local\IM
2013-03-18 06:20 . 2013-03-18 06:20 -------- d-----w- c:\program files\IncrediMail
2013-03-15 09:06 . 2013-03-15 09:06 -------- d-----w- c:\users\jaris\AppData\Local\Microsoft Help
2013-03-14 17:03 . 2013-02-02 03:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-13 16:27 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-13 16:27 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-12 19:26 . 2013-03-12 19:26 47368 ----a-w- c:\windows\system32\certsentry.dll
2013-03-12 09:09 . 2013-03-12 09:09 -------- d-----w- c:\program files\IVT Corporation
2013-03-08 08:30 . 2013-03-08 08:30 -------- d-----w- c:\programdata\Samsung
2013-03-08 08:25 . 2012-05-25 08:26 1558432 ------w- c:\windows\TotalUninstaller.exe
2013-03-08 08:25 . 2009-03-12 01:54 1724416 ------w- c:\windows\gdiplus.dll
2013-03-08 08:25 . 2013-03-08 08:25 -------- d-----w- c:\program files\Samsung
2013-03-08 08:21 . 2012-04-05 23:46 310272 ----a-w- c:\windows\system32\UPDIO2.dll
2013-03-08 08:21 . 2012-04-05 23:45 135168 ----a-w- c:\windows\system32\SUPDSvcA2.dll
2013-03-08 08:20 . 2012-04-05 23:45 129536 ----a-w- c:\windows\system32\SUPDSvc2.exe
2013-03-08 08:20 . 2012-04-05 23:46 254464 ----a-w- c:\windows\system32\SUPDRun.exe
2013-03-08 08:20 . 2010-05-11 05:28 151552 ----a-w- c:\windows\system32\spd__ci.exe
2013-03-07 14:05 . 2013-03-12 11:27 -------- d-s---w- c:\users\jaris\Disk Google
2013-03-06 10:16 . 2013-03-06 10:16 -------- d-----w- c:\users\jaris\AppData\Local\Windows Live Writer
2013-03-06 08:14 . 2013-03-06 08:14 -------- d-----w- c:\program files\Microsoft Office Labs
2013-03-04 10:07 . 2013-03-04 14:44 -------- d-----w- c:\users\jaris\AppData\Local\ElevatedDiagnostics
2013-03-04 08:54 . 2013-03-04 08:54 -------- d-----w- c:\users\jaris\AppData\Local\Zoner
2013-03-04 07:42 . 2013-03-21 17:12 -------- d-----w- c:\users\jaris\AppData\Local\CrashDumps
2013-03-03 13:20 . 2013-03-03 13:20 -------- d-----w- C:\_OTM
2013-03-03 12:32 . 2013-03-03 14:03 -------- d-----w- c:\users\jaris\zálohy
2013-03-02 17:21 . 2013-03-02 17:21 -------- d-----w- c:\users\jaris\AppData\Local\VS Revo Group
2013-03-02 14:57 . 2013-03-02 14:57 -------- d-----w- c:\users\jaris\AppData\Local\ArcSoft
2013-03-02 14:27 . 2013-03-02 14:27 -------- d-----w- c:\users\jaris\AppData\Local\Macromedia
2013-03-02 14:27 . 2013-03-02 14:27 -------- d-----w- c:\users\jaris\AppData\Local\Mozilla
2013-03-02 07:56 . 2013-03-02 07:56 -------- d-----w- C:\rsit
2013-03-02 06:40 . 2013-03-02 15:31 -------- d-----w- c:\users\jaris\AppData\Local\fontconfig
2013-03-01 12:49 . 2013-03-01 12:49 -------- d-----w- c:\program files\Xenocode
2013-03-01 12:28 . 2013-03-01 12:28 -------- d-----w- c:\users\jaris\Impostazioni locali
2013-02-28 08:04 . 2013-02-28 07:56 151 ----a-w- c:\users\jaris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\soubor.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 07:50 . 2013-02-08 07:10 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-15 07:50 . 2013-02-08 07:10 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-06 23:33 . 2011-05-05 10:36 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2011-05-05 10:36 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2011-05-05 10:36 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2011-05-05 10:36 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2011-05-05 10:36 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:33 . 2011-05-05 10:36 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2011-05-05 10:36 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2011-05-05 10:36 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-12 13:29 . 2013-02-12 13:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-12 13:29 . 2012-11-11 07:35 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-12 13:29 . 2010-04-16 16:03 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-31 16:24 . 2013-01-31 16:24 24472 ----a-w- c:\windows\system32\drivers\bc.sys
2013-01-31 16:24 . 2013-01-31 16:24 19352 ----a-w- c:\windows\system32\drivers\ksskrpr.sys
2013-01-31 16:24 . 2013-01-31 16:24 166776 ----a-w- c:\windows\system32\drivers\kdhacker64.sys
2013-01-31 16:24 . 2013-01-31 16:24 127992 ----a-w- c:\windows\system32\drivers\kdhacker.sys
2013-01-31 16:24 . 2013-01-31 16:24 83304 ----a-w- c:\windows\system32\drivers\ksapi.sys
2013-01-31 16:24 . 2013-01-31 16:24 31848 ----a-w- c:\windows\system32\drivers\kavbootc64.sys
2013-01-31 16:24 . 2013-01-31 16:24 27240 ----a-w- c:\windows\system32\drivers\kavbootc.sys
2013-01-31 16:24 . 2013-01-31 16:24 178488 ----a-w- c:\windows\system32\drivers\kisknl.sys
2013-01-31 16:24 . 2013-01-31 14:22 18296 ----a-w- c:\windows\system32\drivers\kusbquery64.sys
2013-01-31 16:24 . 2013-01-31 14:22 14200 ----a-w- c:\windows\system32\drivers\kusbquery.sys
2013-01-25 14:31 . 2013-01-25 14:34 2494464 ----a-w- c:\windows\system32\advrcntr2.dll
2013-01-22 16:45 . 2009-04-15 20:54 47360 ----a-w- c:\users\jaris\AppData\Roaming\pcouffin.sys
2013-01-17 00:28 . 2010-03-15 21:23 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:26 . 2013-02-13 10:47 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:26 . 2013-02-13 10:47 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 11:28 . 2013-02-13 10:48 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:38 . 2013-02-13 10:48 2048512 ----a-w- c:\windows\system32\win32k.sys
2003-02-21 03:42 . 2003-02-21 03:42 348160 ----a-w- c:\program files\msvcr71.dll
2002-07-28 22:40 . 2007-05-22 15:20 1059840 ----a-w- c:\program files\DS_Bonus_Plugin.8bf
2001-09-28 16:00 . 2009-06-19 23:19 243200 ----a-w- c:\program files\UNWISE.EXE
2013-03-09 15:19 . 2013-02-28 07:41 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 15:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 15:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 15:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 15:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2013-03-18 367016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"gbrspcontrol"="c:\program files\Common Files\COMODO\GeekBuddyRSP.exe" [2013-01-15 1851088]
.
c:\users\jaris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
soubor.cmd [2013-2-28 151]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 11.lnk - c:\program files\TechSmith\Snagit 11\Snagit32.exe [2012-1-23 8873376]
Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe [2013-2-14 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^jaris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^soubor.cmd]
path=c:\users\jaris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\soubor.cmd
backup=c:\windows\pss\soubor.cmd.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-09-04 10:59 148760 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-09-10 12:46 1962216 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 17:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2007-09-10 12:43 1188152 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2012-11-13 18:13 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2012-11-01 17:56 1263512 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2013-03-07 15:31 19357112 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDD Regenerator]
2010-10-14 21:48 4249872 ----a-w- c:\program files\HDD Regenerator\HDD Regenerator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 13:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2011-03-28 14:29 10029672 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner]
2006-10-08 17:59 122880 ----a-w- c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-12-04 17:12 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2010-05-20 13:27 762736 ----a-w- c:\windows\vVX3000.exe
.
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - EXFAT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-28 03:50 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-08 07:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://us.yahoo.com?fr=fp-comodo
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\jgh0lzvb.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-03-07 18:43; translator@zoli.bod; c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\jgh0lzvb.default\extensions\translator@zoli.bod.xpi
FF - ExtSQL: 2013-03-28 10:24; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Christmas Gift - c:\users\jaris\Downloads\xmas-2012tree\ChristmasGift.exe
MSConfigStartUp-Christmas spirit - c:\users\jaris\Downloads\xmas-2012tree\ChristmasSpirit.exe
MSConfigStartUp-ChristmasTree - c:\users\jaris\Downloads\xmas-2012tree\Christmas.exe
MSConfigStartUp-Deluxe Tree - c:\users\jaris\Downloads\xmas-2012tree\Deluxe Christmas Tree.exe
MSConfigStartUp-deskTannenbaum - c:\users\jaris\Downloads\xmas-2012tree\Desktop Tannenbaum.exe
MSConfigStartUp-eTree - c:\users\jaris\Downloads\xmas-2012tree\eTree.exe
MSConfigStartUp-FreeXmasTree - c:\users\jaris\Downloads\xmas-2012tree\FreeXmasTree.exe
MSConfigStartUp-GetChristmas - c:\users\jaris\Downloads\xmas-2012tree\GetChristmas.exe
MSConfigStartUp-Happy Christmas - c:\users\jaris\Downloads\xmas-2012tree\HappyChristmas.exe
MSConfigStartUp-Little Tree - c:\users\jaris\Downloads\xmas-2012tree\LittleTree.exe
MSConfigStartUp-Live Xmas Tree - c:\users\jaris\Downloads\xmas-2012tree\LiveXmasTree.exe
MSConfigStartUp-LiveChristmasTree - c:\users\jaris\Downloads\xmas-2012tree\LiveChristmasTree.exe
MSConfigStartUp-Magic Tree - c:\users\jaris\Downloads\xmas-2012tree\Desktop Magic Tree.exe
MSConfigStartUp-Plasticine Tree - c:\users\jaris\Downloads\xmas-2012tree\Plasticine Christmas Tree.exe
MSConfigStartUp-Rainbow Tree - c:\users\jaris\Downloads\xmas-2012tree\RainbowTree.exe
MSConfigStartUp-Red Christmas Tree - c:\users\jaris\Downloads\xmas-2012tree\Red Christmas Tree.exe
MSConfigStartUp-Star Tree - c:\users\jaris\Downloads\xmas-2012tree\StarTree.exe
MSConfigStartUp-Win Christmas Tree - c:\users\jaris\Downloads\xmas-2012tree\WinChristmasTree.exe
MSConfigStartUp-Xmas Tree - c:\users\jaris\Downloads\xmas-2012tree\Xmas Tree.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-28 14:38
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{00011268-E188-40DF-A514-835FCD78B1BF}"=hex:51,66,7a,6c,4c,1d,38,12,06,11,12,
04,ba,af,b1,05,da,02,c0,1f,c8,26,f5,ab
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{B0DE3308-5D5A-470D-81B9-634FC078393B}"=hex:51,66,7a,6c,4c,1d,38,12,66,30,cd,
b4,68,13,63,02,fe,af,20,0f,c5,26,7d,2f
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:dc,14,6d,6e,78,ab,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,10,e1,2e,45,8d,42,44,b7,64,49,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,10,e1,2e,45,8d,42,44,b7,64,49,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(1036)
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll
.
Celkový čas: 2013-03-28 14:43:18
ComboFix-quarantined-files.txt 2013-03-28 13:43
ComboFix2.txt 2013-03-19 21:30
.
Před spuštěním: Volných bajtů: 31 690 932 224
Po spuštění: Volných bajtů: 31 612 964 864
.
- - End Of File - - 21C80EA5C0242F003C5BC1D2659D9B08

#6 Příspěvek od **Rudy** » 28 bře 2013 18:08

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

Reboot::

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

jarda.otta · #7 Příspěvek od **jarda.otta** » 30 bře 2013 08:23

Vše jsem provedl jak jste napsal. Níže dám ještě log z combofix. Doufám že už je to asi čisté a v pohodě.Jen dotaz. Jak ochránit flash disk před viry? Jinak děkuji za ochotu a čas. Mějte se.

#8 Příspěvek od **Rudy** » 30 bře 2013 11:48

FlashDisk je po připojení k PC chráněn jeho antivirem. K občasnému skenu a příp. odstranění nákazy lze použít USBFix: http://forum.viry.cz/viewtopic.php?f=24&t=102308 .

jarda.otta · #9 Příspěvek od **jarda.otta** » 06 dub 2013 12:37

Stáhl jsem usbfix z vašeho odkazu a můj avast ho označil za virus. Testoval jsem ho na virustotal.com a 19 antivirů ze 46 ho také označilo za vir. Tak jak mám tomu rozumět? Zkoušel jsem i odsud a to samé http://riffman.ic.cz/files/UsbFix.exe

#10 Příspěvek od **Rudy** » 06 dub 2013 13:00

Je to utilita k odvirování a některé antiviry ji tak označují. My ji tu používáme a pokud se budete řídit návodem, nic vám nehrozí.

jarda.otta · #11 Příspěvek od **jarda.otta** » 07 dub 2013 05:52

děkuji vám.

#12 Příspěvek od **Rudy** » 07 dub 2013 10:40

Nemáte zač!

VIRY.CZ

nalezena hrozba prosím o kontrolu

nalezena hrozba prosím o kontrolu

Re: nalezena hrozba prosím o kontrolu

Re: nalezena hrozba prosím o kontrolu

Re: nalezena hrozba prosím o kontrolu

Re: nalezena hrozba prosím o kontrolu

Re: nalezena hrozba prosím o kontrolu

Re: nalezena hrozba prosím o kontrolu

Re: nalezena hrozba prosím o kontrolu

Re: nalezena hrozba prosím o kontrolu

Re: nalezena hrozba prosím o kontrolu

Re: nalezena hrozba prosím o kontrolu

Re: nalezena hrozba prosím o kontrolu