VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

fb virus

https://forum.viry.cz:443/viewtopic.php?t=114657

Stránka 2 z 2

Re: fb virus

Napsal: 25 srp 2011 03:54
od vipernokia
Combofix uz prebehol myslim v pohode, log:

ComboFix 11-08-24.06 - Renuska-mini . 08. 2011 4:31.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.726 [GMT 2:00]
Spuštěný z: c:\documents and settings\Renuska-mini\Dokumenty\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB4742$
c:\windows\$NtUninstallKB4742$\2132906584\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB4742$\2132906584\click.tlb
c:\windows\$NtUninstallKB4742$\2132906584\L\uxbbzgnt
c:\windows\$NtUninstallKB4742$\2132906584\loader.tlb
c:\windows\$NtUninstallKB4742$\2132906584\U\@00000001
c:\windows\$NtUninstallKB4742$\2132906584\U\@000000c0
c:\windows\$NtUninstallKB4742$\2132906584\U\@000000cb
c:\windows\$NtUninstallKB4742$\2132906584\U\@000000cf
c:\windows\$NtUninstallKB4742$\2132906584\U\@80000000
c:\windows\$NtUninstallKB4742$\2132906584\U\@800000c0
c:\windows\$NtUninstallKB4742$\2132906584\U\@800000cb
c:\windows\$NtUninstallKB4742$\2132906584\U\@800000cf
c:\windows\$NtUninstallKB4742$\860576131
c:\windows\system32\c_61613.nls
.
Nakažená kopie c:\windows\system32\drivers\redbook.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it :)
Nakažená kopie c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{496A63E4-4524-4BE9-A822-0155887443DF}\RP309\A0067223.exe
.
Nakažená kopie c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{496A63E4-4524-4BE9-A822-0155887443DF}\RP309\A0067215.exe
.
Nakažená kopie c:\program files\iPod\bin\iPodService.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{496A63E4-4524-4BE9-A822-0155887443DF}\RP309\A0067214.exe
.
Nakažená kopie c:\windows\system32\wuauclt.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\wuauclt.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DDSERVICE
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_WINRING0_1_0_1
-------\Service_7f219258
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-25 do 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2013-08-11 22:14 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-08-11 22:13 . 2008-04-13 22:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2013-08-11 22:13 . 2008-04-13 22:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2013-08-11 22:13 . 2008-04-14 06:52 16384 ----a-w- c:\windows\system32\ipsink.ax
2013-08-11 22:13 . 2008-04-13 22:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2013-08-11 22:12 . 2008-04-13 22:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2013-08-11 22:12 . 2008-04-13 22:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2013-08-11 22:12 . 2008-04-13 22:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2013-08-11 22:12 . 2008-04-13 22:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2013-08-11 22:12 . 2008-04-14 06:52 91648 ----a-w- c:\windows\system32\kswdmcap.ax
2013-08-11 22:12 . 2008-04-14 06:52 28672 ----a-w- c:\windows\system32\vidcap.ax
2013-08-11 22:12 . 2008-04-14 06:52 61952 ----a-w- c:\windows\system32\kstvtune.ax
2013-08-11 22:12 . 2008-04-14 06:52 20992 ----a-w- c:\windows\system32\dshowext.ax
2013-08-11 22:12 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2013-08-11 22:12 . 2008-04-13 22:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-08-11 22:12 . 2008-04-14 06:52 43008 ----a-w- c:\windows\system32\ksxbar.ax
2013-08-11 22:12 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-09-18 08:11 . 2008-08-19 20:16 47272 ----a-w- c:\windows\system32\drivers\btwusb.sys
2012-09-18 08:11 . 2008-07-24 15:37 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2012-09-18 08:11 . 2007-09-20 09:59 106557 ----a-w- c:\windows\system32\btw_ci.dll
2012-09-18 08:10 . 2008-08-19 20:16 991656 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2012-09-18 08:10 . 2008-05-30 09:46 534568 ----a-w- c:\windows\system32\drivers\btaudio.sys
2012-09-18 08:10 . 2008-02-04 15:57 37160 ----a-w- c:\windows\system32\drivers\btport.sys
2012-09-18 08:10 . 2012-09-18 08:10 -------- d-----w- c:\program files\WIDCOMM
2011-09-11 15:59 . 2011-09-11 15:59 -------- d-----w- c:\program files\EeePC
2011-09-11 15:59 . 2008-04-08 13:59 10752 ----a-w- c:\windows\system32\drivers\ASUSACPI.SYS
2011-09-11 15:17 . 2011-09-11 15:17 -------- d-----w- c:\program files\Elantech
2011-08-25 02:11 . 2008-04-14 05:44 58496 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-08-25 02:11 . 2008-04-14 05:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-08-23 13:03 . 2011-08-23 13:03 -------- d-----w- C:\_OTM
2011-08-23 02:07 . 2011-08-23 02:07 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-08-23 02:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-23 02:07 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-23 01:57 . 2011-08-23 01:57 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\ICQ
2011-08-23 01:54 . 2011-08-23 01:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Opera
2011-08-23 01:50 . 2011-08-23 01:50 -------- d-----w- c:\documents and settings\Renuska-mini\Data aplikací\Malwarebytes
2011-08-23 01:50 . 2011-08-23 01:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-08-23 01:50 . 2011-08-23 02:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-23 01:45 . 2011-08-23 01:45 -------- d--h--w- c:\windows\PIF
2011-08-21 01:52 . 2011-08-21 01:52 -------- d-----w- c:\program files\trend micro
2011-08-21 01:52 . 2011-08-21 01:53 -------- d-----w- C:\rsit
2011-08-20 01:43 . 2011-08-23 01:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-20 01:43 . 2011-08-23 01:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-08-20 01:37 . 2011-08-20 01:37 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-08-20 01:16 . 2011-08-20 01:16 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-08-19 12:36 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{5EECDACE-63CF-4C98-A50E-CD6E9A58C2FF}\mpengine.dll
2011-08-18 12:03 . 2011-08-18 12:03 -------- d-----w- c:\documents and settings\Renuska-mini\Data aplikací\skypePM
2011-08-09 13:22 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-06 00:52 . 2011-08-06 00:52 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-08-06 00:52 . 2011-08-06 00:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tarma Installer
2011-08-06 00:51 . 2011-08-06 00:51 -------- d-----w- c:\program files\FoxTabMP3Converter
2011-08-01 02:37 . 2011-08-01 02:37 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Apple Computer
2011-08-01 01:20 . 2011-08-01 02:38 -------- d-----w- c:\documents and settings\Renuska-mini\Data aplikací\Apple Computer
2011-08-01 01:19 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-08-01 01:19 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-08-01 01:18 . 2011-08-01 01:18 -------- d-----w- c:\program files\iPod
2011-08-01 01:18 . 2011-08-01 01:19 -------- d-----w- c:\program files\iTunes
2011-08-01 01:18 . 2011-08-01 01:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-08-01 01:17 . 2011-08-01 01:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-01 01:17 . 2011-08-01 01:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-01 01:17 . 2011-08-01 01:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-01 01:17 . 2011-08-01 01:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-01 01:17 . 2011-08-01 01:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-01 01:17 . 2011-08-01 01:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-01 01:17 . 2011-08-01 01:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-08-01 01:16 . 2011-08-01 01:17 -------- d-----w- c:\program files\QuickTime
2011-08-01 01:16 . 2011-08-01 01:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple Computer
2011-08-01 01:15 . 2011-08-01 01:15 -------- d-----w- c:\documents and settings\Renuska-mini\Local Settings\Data aplikací\Apple
2011-08-01 01:15 . 2011-08-01 01:15 -------- d-----w- c:\program files\Apple Software Update
2011-08-01 01:15 . 2011-05-10 06:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-08-01 01:15 . 2011-05-10 06:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-08-01 01:14 . 2011-08-01 01:14 -------- d-----w- c:\program files\Bonjour
2011-08-01 01:14 . 2011-08-01 02:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2011-08-01 01:14 . 2011-08-01 01:18 -------- d-----w- c:\program files\Common Files\Apple
2011-08-01 01:12 . 2011-08-01 01:20 -------- d-----w- c:\documents and settings\Renuska-mini\Local Settings\Data aplikací\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 12:52 . 2011-07-14 13:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 02:44 . 2010-01-01 21:27 7152464 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-15 13:29 . 2008-08-07 03:49 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2008-08-07 03:50 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 19:30 . 2011-07-05 19:30 38320 ----a-w- c:\windows\system32\f3PSSavr.scr
2011-06-24 14:10 . 2008-08-07 02:05 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2008-08-07 03:50 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2008-08-07 03:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2008-08-07 03:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-08-07 03:49 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-08-07 03:50 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2008-08-07 03:50 1858944 ----a-w- c:\windows\system32\win32k.sys
2008-05-07 14:34 . 2008-08-07 22:20 15523560 ----a-w- c:\program files\U1 Setup.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-22 23:53 787744 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-09-03 335872]
"ETDWareDetect"="c:\program files\Elantech\ETDDect.exe" [2008-08-22 204800]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-09-02 106496]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-02 593920]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2011-9-11 311296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17. 10. 2009 23:28 717296]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [7. 8. 2008 23:54 625024]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
AddRemove-Microsoft Security Client - c:\program files\Microsoft Security Client\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 04:46
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3976)
c:\windows\system32\btmmhook.dll
c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
c:\program files\eee storage\xpclient.dll
c:\program files\eee storage\logicnp.eznamespaceextensions.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Celkový čas: 2011-08-25 04:51:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-25 02:51
.
Před spuštěním: Volných bajtů: 59 824 746 496
Po spuštění: Volných bajtů: 60 149 870 592
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - B4AEDF966E6F5333445F3678C9F7405A

Re: fb virus

Napsal: 25 srp 2011 09:27
od vyosek
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

DDS::
uInternet Connection Wizard,ShellNext = iexplore

AtJob::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: fb virus

Napsal: 26 srp 2011 03:40
od vipernokia
ComboFix 11-08-25.03 - Administrator . 08. 2011 4:23.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.640 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-26 do 2011-08-26 )))))))))))))))))))))))))))))))
.
.
2013-08-11 22:14 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-08-11 22:13 . 2008-04-13 22:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2013-08-11 22:13 . 2008-04-13 22:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2013-08-11 22:13 . 2008-04-14 06:52 16384 ----a-w- c:\windows\system32\ipsink.ax
2013-08-11 22:13 . 2008-04-13 22:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2013-08-11 22:12 . 2008-04-13 22:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2013-08-11 22:12 . 2008-04-13 22:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2013-08-11 22:12 . 2008-04-13 22:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2013-08-11 22:12 . 2008-04-13 22:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2013-08-11 22:12 . 2008-04-14 06:52 91648 ----a-w- c:\windows\system32\kswdmcap.ax
2013-08-11 22:12 . 2008-04-14 06:52 28672 ----a-w- c:\windows\system32\vidcap.ax
2013-08-11 22:12 . 2008-04-14 06:52 61952 ----a-w- c:\windows\system32\kstvtune.ax
2013-08-11 22:12 . 2008-04-14 06:52 20992 ----a-w- c:\windows\system32\dshowext.ax
2013-08-11 22:12 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2013-08-11 22:12 . 2008-04-13 22:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-08-11 22:12 . 2008-04-14 06:52 43008 ----a-w- c:\windows\system32\ksxbar.ax
2013-08-11 22:12 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-09-18 08:11 . 2008-08-19 20:16 47272 ----a-w- c:\windows\system32\drivers\btwusb.sys
2012-09-18 08:11 . 2008-07-24 15:37 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2012-09-18 08:11 . 2007-09-20 09:59 106557 ----a-w- c:\windows\system32\btw_ci.dll
2012-09-18 08:10 . 2008-08-19 20:16 991656 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2012-09-18 08:10 . 2008-05-30 09:46 534568 ----a-w- c:\windows\system32\drivers\btaudio.sys
2012-09-18 08:10 . 2008-02-04 15:57 37160 ----a-w- c:\windows\system32\drivers\btport.sys
2012-09-18 08:10 . 2012-09-18 08:10 -------- d-----w- c:\program files\WIDCOMM
2011-09-11 15:59 . 2011-09-11 15:59 -------- d-----w- c:\program files\EeePC
2011-09-11 15:59 . 2008-04-08 13:59 10752 ----a-w- c:\windows\system32\drivers\ASUSACPI.SYS
2011-09-11 15:17 . 2011-09-11 15:17 -------- d-----w- c:\program files\Elantech
2011-08-26 02:31 . 2011-08-26 02:31 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{707B9D14-FE7E-4E37-8ED1-F5FE404AD576}\MpKsle5a4de79.sys
2011-08-25 03:05 . 2011-08-11 17:44 7152464 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{707B9D14-FE7E-4E37-8ED1-F5FE404AD576}\mpengine.dll
2011-08-25 02:58 . 2011-08-25 02:59 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-25 02:11 . 2008-04-14 05:44 58496 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-08-25 02:11 . 2008-04-14 05:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-08-23 13:03 . 2011-08-23 13:03 -------- d-----w- C:\_OTM
2011-08-23 02:07 . 2011-08-23 02:07 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-08-23 01:57 . 2011-08-23 01:57 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\ICQ
2011-08-23 01:54 . 2011-08-23 01:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Opera
2011-08-23 01:50 . 2011-08-23 01:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-08-23 01:45 . 2011-08-23 01:45 -------- d--h--w- c:\windows\PIF
2011-08-21 01:52 . 2011-08-21 01:52 -------- d-----w- c:\program files\trend micro
2011-08-21 01:52 . 2011-08-21 01:53 -------- d-----w- C:\rsit
2011-08-20 01:43 . 2011-08-23 01:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-20 01:43 . 2011-08-23 01:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-08-20 01:37 . 2011-08-20 01:37 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-08-20 01:16 . 2011-08-20 01:16 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-08-06 00:52 . 2011-08-06 00:52 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-08-06 00:52 . 2011-08-06 00:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tarma Installer
2011-08-06 00:51 . 2011-08-06 00:51 -------- d-----w- c:\program files\FoxTabMP3Converter
2011-08-01 02:37 . 2011-08-01 02:37 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Apple Computer
2011-08-01 01:19 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-08-01 01:19 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-08-01 01:18 . 2011-08-01 01:18 -------- d-----w- c:\program files\iPod
2011-08-01 01:18 . 2011-08-01 01:19 -------- d-----w- c:\program files\iTunes
2011-08-01 01:18 . 2011-08-01 01:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-08-01 01:17 . 2011-08-01 01:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-01 01:17 . 2011-08-01 01:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-01 01:17 . 2011-08-01 01:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-01 01:17 . 2011-08-01 01:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-01 01:17 . 2011-08-01 01:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-01 01:17 . 2011-08-01 01:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-01 01:17 . 2011-08-01 01:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-08-01 01:16 . 2011-08-01 01:17 -------- d-----w- c:\program files\QuickTime
2011-08-01 01:16 . 2011-08-01 01:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple Computer
2011-08-01 01:15 . 2011-08-01 01:15 -------- d-----w- c:\program files\Apple Software Update
2011-08-01 01:15 . 2011-05-10 06:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-08-01 01:15 . 2011-05-10 06:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-08-01 01:14 . 2011-08-01 01:14 -------- d-----w- c:\program files\Bonjour
2011-08-01 01:14 . 2011-08-01 02:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2011-08-01 01:14 . 2011-08-01 01:18 -------- d-----w- c:\program files\Common Files\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 12:52 . 2011-07-14 13:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2008-08-07 03:49 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2008-08-07 03:50 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 19:30 . 2011-07-05 19:30 38320 ----a-w- c:\windows\system32\f3PSSavr.scr
2011-06-24 14:10 . 2008-08-07 02:05 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2008-08-07 03:50 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2008-08-07 03:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2008-08-07 03:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-08-07 03:49 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-08-07 03:50 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2008-08-07 03:50 1858944 ----a-w- c:\windows\system32\win32k.sys
2008-05-07 14:34 . 2008-08-07 22:20 15523560 ----a-w- c:\program files\U1 Setup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-25_02.46.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-25 02:59 . 2011-08-25 02:59 49152 c:\windows\Installer\bfc39.msi
+ 2011-08-25 02:58 . 2011-08-25 02:58 28160 c:\windows\Installer\bfc2a.msi
+ 2011-04-18 11:18 . 2011-04-18 11:18 165648 c:\windows\system32\drivers\MpFilter.sys
- 2009-06-18 17:48 . 2011-04-18 11:18 165648 c:\windows\system32\drivers\MpFilter.sys
+ 2011-08-25 02:59 . 2011-08-25 02:59 785920 c:\windows\Installer\bfc30.msi
+ 2011-08-25 02:58 . 2011-08-25 02:58 483840 c:\windows\Installer\bfc23.msi
+ 2011-08-25 02:58 . 2011-08-25 02:58 301056 c:\windows\Installer\bfc1d.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-22 23:53 787744 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-09-03 335872]
"ETDWareDetect"="c:\program files\Elantech\ETDDect.exe" [2008-08-22 204800]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-09-02 106496]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-02 593920]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2011-9-11 311296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Opera\\opera.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17. 10. 2009 23:28 717296]
R1 MpKsle5a4de79;MpKsle5a4de79;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{707B9D14-FE7E-4E37-8ED1-F5FE404AD576}\MpKsle5a4de79.sys [26. 8. 2011 4:31 28752]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [7. 8. 2008 23:54 625024]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSLE5A4DE79
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2011-08-26 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-26 04:32
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3980)
c:\windows\system32\btmmhook.dll
c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
c:\program files\eee storage\xpclient.dll
c:\program files\eee storage\logicnp.eznamespaceextensions.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Celkový čas: 2011-08-26 04:38:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-26 02:38
ComboFix2.txt 2011-08-25 02:51
.
Před spuštěním: Volných bajtů: 60 297 502 720
Po spuštění: Volných bajtů: 60 275 363 840
.
- - End Of File - - 26BC736B41ABC31C01B0F2BDB2F65F29

Re: fb virus

Napsal: 26 srp 2011 16:07
od vyosek
:arrow: Odinstalujte Combofix
  • Prejmenujte ComboFix na Uninstall
  • Spustte jej
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner (viz muj podpis)
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) projedte PC temito utilitami, at se zbavime zbytku antiviru co tam mate :arrow: Nainstalujte antivir - doporucuji Avast ci MSE

:arrow: Doporucuji odinstalovat Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam :arrow: Dejte novy log z RSIT a napiste jak se chova PC

Re: fb virus

Napsal: 27 srp 2011 15:52
od vipernokia
Vsetko spravene az ked sa snazim spustit prvy odkaz microsoft fixit tak mi pise ze tato uloha ze zakazana spravcami systemu alebo nieco podobne.. a tak isto druha utilita pise ze potrebuje microsoft framework .net alebo nieco take
este ked sa snazim odstranit combofixy ktore mam na ploche aj u inych uzivatelov mi pise ze sa neda odstranit neviete poradit ako sa da odstranit aby nebol pristup odepren? dakujem

Re: fb virus

Napsal: 27 srp 2011 16:26
od vipernokia
Logfile of random's system information tool 1.09 (written by random/random)
Run by Renuska-mini at 2011-08-26 17:24:13
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 58 GB (70%) free of 82 GB
Total RAM: 1015 MB (53% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-12 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-30 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-06-30 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo Layers - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll [2011-07-23 787744]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2008-09-03 335872]
"ETDWareDetect"=C:\Program Files\Elantech\ETDDect.exe [2008-08-22 204800]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2008-09-02 106496]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-09-02 593920]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2008-05-21 94208]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-31 16806912]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"msacm.siren"=sirenacm.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-08-26 00:27:58 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2013-08-26 00:27:58 ----A---- C:\WINDOWS\SkyTel.exe
2013-08-26 00:27:58 ----A---- C:\WINDOWS\RtlUpd.exe
2013-08-26 00:27:57 ----A---- C:\WINDOWS\system32\drivers\RtkHDAud.sys
2013-08-26 00:27:57 ----A---- C:\WINDOWS\RTLCPL.EXE
2013-08-26 00:27:55 ----A---- C:\WINDOWS\RTHDCPL.EXE
2013-08-26 00:27:55 ----A---- C:\WINDOWS\MicCal.exe
2013-08-26 00:27:54 ----D---- C:\Program Files\Realtek
2013-08-26 00:27:54 ----A---- C:\WINDOWS\ALCWZRD.EXE
2013-08-26 00:27:54 ----A---- C:\WINDOWS\ALCMTR.EXE
2013-08-26 00:27:39 ----A---- C:\WINDOWS\RtlExUpd.dll
2013-08-17 22:22:50 ----A---- C:\WINDOWS\system32\DetectDevice.txt
2013-08-12 00:14:29 ----A---- C:\WINDOWS\system32\wmpns.dll
2013-08-12 00:13:05 ----A---- C:\WINDOWS\system32\drivers\MSTEE.sys
2013-08-12 00:13:02 ----A---- C:\WINDOWS\system32\drivers\NdisIP.sys
2013-08-12 00:13:01 ----A---- C:\WINDOWS\system32\drivers\StreamIP.sys
2013-08-12 00:12:59 ----A---- C:\WINDOWS\system32\drivers\SLIP.sys
2013-08-12 00:12:57 ----A---- C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2013-08-12 00:12:55 ----A---- C:\WINDOWS\system32\drivers\NABTSFEC.sys
2013-08-12 00:12:53 ----A---- C:\WINDOWS\system32\drivers\CCDECODE.sys
2013-08-12 00:12:48 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2013-08-12 00:12:48 ----A---- C:\WINDOWS\system32\drivers\usbvideo.sys
2013-08-12 00:12:46 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2012-09-18 10:11:00 ----A---- C:\WINDOWS\system32\drivers\btwusb.sys
2012-09-18 10:11:00 ----A---- C:\WINDOWS\system32\drivers\btwdndis.sys
2012-09-18 10:11:00 ----A---- C:\WINDOWS\system32\btw_ci.dll
2012-09-18 10:10:59 ----A---- C:\WINDOWS\system32\drivers\btport.sys
2012-09-18 10:10:59 ----A---- C:\WINDOWS\system32\drivers\btkrnl.sys
2012-09-18 10:10:59 ----A---- C:\WINDOWS\system32\drivers\btaudio.sys
2012-09-18 10:10:54 ----D---- C:\Program Files\WIDCOMM
2011-09-11 17:59:53 ----D---- C:\Program Files\EeePC
2011-09-11 17:59:53 ----A---- C:\WINDOWS\system32\drivers\ASUSACPI.SYS
2011-09-11 17:17:29 ----D---- C:\Program Files\Elantech
2011-08-26 17:24:13 ----D---- C:\rsit
2011-08-26 17:06:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-26 16:59:44 ----D---- C:\Documents and Settings\Renuska-mini\Data aplikací\SUPERAntiSpyware.com
2011-08-26 16:58:35 ----D---- C:\Program Files\SUPERAntiSpyware
2011-08-26 16:58:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-08-26 16:44:13 ----D---- C:\Program Files\CCleaner
2011-08-26 04:42:07 ----SHD---- C:\RECYCLER
2011-08-26 04:38:25 ----D---- C:\WINDOWS\temp
2011-08-25 04:58:29 ----D---- C:\Program Files\Microsoft Security Client
2011-08-25 04:11:16 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2011-08-25 04:08:21 ----A---- C:\Boot.bak
2011-08-25 04:08:12 ----RASHD---- C:\cmdcons
2011-08-25 04:05:04 ----D---- C:\Qoobox
2011-08-24 15:12:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2570791$
2011-08-23 03:50:25 ----D---- C:\Documents and Settings\Renuska-mini\Data aplikací\Malwarebytes
2011-08-23 03:50:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-08-23 03:45:40 ----HD---- C:\WINDOWS\PIF
2011-08-21 03:52:36 ----D---- C:\Program Files\trend micro
2011-08-20 04:34:55 ----A---- C:\WINDOWS\wininit.ini
2011-08-20 03:43:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-08-20 03:43:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-08-18 14:03:13 ----D---- C:\Documents and Settings\Renuska-mini\Data aplikací\skypePM
2011-08-18 14:03:13 ----A---- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2011-08-12 15:09:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-08-12 15:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-08-12 15:09:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-08-12 14:58:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-08-12 14:57:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2011-08-06 02:52:04 ----D---- C:\Program Files\Yontoo Layers Runtime
2011-08-06 02:52:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Tarma Installer
2011-08-06 02:51:14 ----D---- C:\Program Files\FoxTabMP3Converter
2011-08-01 03:20:28 ----D---- C:\Documents and Settings\Renuska-mini\Data aplikací\Apple Computer
2011-08-01 03:19:52 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2011-08-01 03:19:52 ----A---- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2011-08-01 03:18:26 ----D---- C:\Program Files\iPod
2011-08-01 03:18:18 ----D---- C:\Program Files\iTunes
2011-08-01 03:18:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-08-01 03:16:27 ----D---- C:\Program Files\QuickTime
2011-08-01 03:16:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2011-08-01 03:15:46 ----D---- C:\Program Files\Apple Software Update
2011-08-01 03:15:19 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2011-08-01 03:15:19 ----A---- C:\WINDOWS\system32\drivers\usbaapl.sys
2011-08-01 03:14:43 ----D---- C:\Program Files\Bonjour
2011-08-01 03:14:17 ----D---- C:\Program Files\Common Files\Apple
2011-08-01 03:14:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple

======List of files/folders modified in the last 1 month======

2013-08-26 00:28:10 ----D---- C:\WINDOWS\system32\RTCOM
2013-08-13 04:29:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-09-18 11:32:30 ----D---- C:\WINDOWS\repair
2012-09-18 10:18:16 ----A---- C:\WINDOWS\oemver.txt
2011-08-26 17:24:01 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-26 17:23:17 ----SD---- C:\WINDOWS\Tasks
2011-08-26 17:20:19 ----A---- C:\WINDOWS\system.ini
2011-08-26 17:18:15 ----D---- C:\WINDOWS
2011-08-26 17:15:24 ----D---- C:\WINDOWS\Prefetch
2011-08-26 17:05:33 ----D---- C:\WINDOWS\system32
2011-08-26 16:58:35 ----RD---- C:\Program Files
2011-08-26 16:44:48 ----D---- C:\WINDOWS\Debug
2011-08-26 16:26:44 ----D---- C:\WINDOWS\system32\Restore
2011-08-26 16:26:26 ----D---- C:\WINDOWS\system32\drivers
2011-08-26 16:23:46 ----D---- C:\Documents and Settings\Renuska-mini\Data aplikací\ICQ
2011-08-26 16:12:43 ----HD---- C:\WINDOWS\inf
2011-08-26 04:31:28 ----D---- C:\WINDOWS\system32\drivers\etc
2011-08-26 04:26:58 ----D---- C:\WINDOWS\AppPatch
2011-08-26 04:26:53 ----D---- C:\Program Files\Common Files
2011-08-25 04:59:14 ----SHD---- C:\WINDOWS\Installer
2011-08-25 04:44:32 ----D---- C:\WINDOWS\system32\config
2011-08-25 04:28:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-08-25 04:08:22 ----RASH---- C:\boot.ini
2011-08-20 03:45:03 ----RSD---- C:\WINDOWS\assembly
2011-08-20 03:41:42 ----SHD---- C:\System Volume Information
2011-08-18 15:06:01 ----D---- C:\Documents and Settings\Renuska-mini\Data aplikací\Skype
2011-08-12 15:09:21 ----HD---- C:\WINDOWS\$hf_mig$
2011-08-12 15:01:54 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-12 14:59:46 ----D---- C:\Program Files\Internet Explorer
2011-08-12 14:59:18 ----D---- C:\WINDOWS\ie8updates
2011-08-03 14:14:05 ----D---- C:\Program Files\ICQ7.5
2011-08-01 03:19:52 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-08-01 03:07:06 ----D---- C:\Program Files\Microsoft Office

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-10-17 717296]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 MpKsl8644dc0b;MpKsl8644dc0b; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D716123E-9DF8-4D7F-8EA5-CC5E93298C2B}\MpKsl8644dc0b.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-05-30 534568]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-08-19 991656]
R3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-08-19 47272]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-12 4751360]
R3 Ktp;Elantech Smart-Pad; C:\WINDOWS\system32\DRIVERS\ETD.sys [2008-08-25 26112]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-03-11 36864]
R3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2008-03-28 625024]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 abk7xax6;abk7xax6; C:\WINDOWS\system32\drivers\abk7xax6.sys []
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-03 546976]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-05-25 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-07-12 387944]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-09-02 346720]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-07-19 821096]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Re: fb virus

Napsal: 27 srp 2011 20:10
od vyosek
:arrow: Zda se mi, ze T-Cleaner a OTC po ComboFixu pouklizeli

:arrow: Antivir od microsoftu Vam funguje :???:

:arrow: Log jinak vypada na havet cisty

Re: fb virus

Napsal: 27 srp 2011 20:58
od vipernokia
a neviete mi poradit ako by som mohol vymazat combofix z plochy ked nejde odstranit ani v nudzovom rezime? dakujem
p.s. antivirus od microsoftu ide ale neviem ci je nejako ucinny lebo bol aj predtym a nepomohol vobec

Re: fb virus

Napsal: 28 srp 2011 05:46
od vyosek
:arrow: Ze Vas neochranil pred nakazou je tim, ze jeste nebyla tato havet v databazi

:arrow: Stahnete znovu ComboFix na plochu ale nespoustejte jej http://download.bleepingcomputer.com/sUBs/ComboFix.exe

:arrow: Odinstalujte Combofix
  • Prejmenujte ComboFix na Uninstall
  • Spustte jej
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz