VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Trojan: Win32/Malex.gen!E v Win 7 64

https://forum.viry.cz:443/viewtopic.php?t=104398

Stránka 1 z 2

Trojan: Win32/Malex.gen!E v Win 7 64

Napsal: 05 zář 2010 09:01
od kar1rak
Ahoj, prosim o pomoc při vyčištění od Trojského koně Win32/Malex.gen!E. Trojana najde Microsoft Security Esentia hned po startu windows. nabídne jeho smazání což udělám ale při příštím startu je tu zas. Používám Windows 64b. Zkusil jsem stahnout a spustit od MS odstranovač Malware v rámci update ale nepomohlo to.

Přikládám log z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by rarach at 2010-09-05 09:30:44
Microsoft Windows 7 Ultimate
System drive C: has 2 GB (8%) free of 31 GB
Total RAM: 3839 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:30:54, on 5.9.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\trend micro\rarach.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Windows\SysWOW64\NMSAccessU.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Windows Service Manager (svchost32) - Unknown owner - C:\Windows\system32\oobe\svchost.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10595 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Essentials\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2c0
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe"
"C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\NMSAccessU.exe
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
C:\Windows\SysWOW64\oobe\svchost.exe /service
taskeng.exe {FB9F024B-D7B7-48B2-86A0-763C3A4AF646}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe" -b
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe"
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe" /TUStart /pid:2384
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe"
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\rsit\odstranuji trovan\RSITx64.exe"
"C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey DCC2A191-B2C9-EB1B-2EBD-A20E3CD52F8B -Reinvoke

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-07-14 371888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll [2010-09-01 317496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-01 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-06-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-07-14 371888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"=C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe []
"Služba Acronis Scheduler2"=C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe [2009-11-26 361976]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1446504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-06-04 39408]
"AdobeBridge"= []
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2010-08-10 2770432]
"TrueImageMonitor.exe"=C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-11-26 5129128]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-05-27 98304]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2010-09-05 09:25:53 ----D---- C:\rsit
2010-09-05 09:25:53 ----D---- C:\Program Files\trend micro
2010-09-05 08:30:02 ----A---- C:\Windows\system32\browserchoice.exe
2010-09-05 08:13:33 ----A---- C:\Windows\system32\MRT.exe
2010-09-04 15:04:39 ----A---- C:\Windows\Sysvxd.exe
2010-09-03 18:30:53 ----D---- C:\Program Files (x86)\HI-TECH Software
2010-09-03 17:01:24 ----D---- C:\Users\rarach\AppData\Roaming\Microchip
2010-09-03 16:57:01 ----D---- C:\Program Files (x86)\Microchip
2010-08-30 22:30:12 ----D---- C:\Program Files (x86)\MSXML 4.0
2010-08-30 22:28:54 ----A---- C:\Windows\system32\mshtml.dll
2010-08-30 22:28:52 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-08-30 22:28:52 ----A---- C:\Windows\system32\ieframe.dll
2010-08-30 22:28:51 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-08-30 22:28:50 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-08-30 22:28:50 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-08-30 22:28:50 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-08-30 22:28:50 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-08-30 22:28:50 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-08-30 22:28:50 ----A---- C:\Windows\system32\wininet.dll
2010-08-30 22:28:50 ----A---- C:\Windows\system32\urlmon.dll
2010-08-30 22:28:50 ----A---- C:\Windows\system32\mstime.dll
2010-08-30 22:28:50 ----A---- C:\Windows\system32\iepeers.dll
2010-08-30 22:28:50 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-30 22:28:49 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-08-30 22:28:49 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-08-30 22:28:49 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-08-30 22:28:49 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-08-30 22:28:49 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-30 22:28:49 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-30 22:28:49 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-30 22:28:49 ----A---- C:\Windows\system32\ieui.dll
2010-08-30 22:28:42 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-30 22:28:41 ----A---- C:\Windows\system32\shell32.dll
2010-08-30 22:28:39 ----A---- C:\Windows\SYSWOW64\shell32.dll
2010-08-30 22:28:38 ----A---- C:\Windows\SYSWOW64\iccvid.dll
2010-08-30 22:28:36 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2010-08-30 22:28:36 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2010-08-30 22:28:36 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-30 22:28:35 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-30 22:28:35 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-30 22:28:34 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-08-30 22:28:33 ----A---- C:\Windows\SYSWOW64\schannel.dll
2010-08-30 22:28:33 ----A---- C:\Windows\system32\schannel.dll
2010-08-30 22:28:31 ----A---- C:\Windows\system32\cdd.dll
2010-08-30 22:28:30 ----A---- C:\Windows\SYSWOW64\rtutils.dll
2010-08-30 22:28:30 ----A---- C:\Windows\system32\rtutils.dll
2010-08-30 22:28:29 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2010-08-30 22:28:29 ----A---- C:\Windows\system32\win32k.sys
2010-08-30 22:28:29 ----A---- C:\Windows\system32\oleaut32.dll
2010-08-30 22:26:55 ----A---- C:\Windows\system32\msxml3.dll
2010-08-30 22:26:54 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2010-08-30 22:00:41 ----A---- C:\Windows\SYSWOW64\SyncBackPro.dll
2010-08-30 22:00:41 ----A---- C:\Windows\SYSWOW64\NMSAccessU.exe
2010-08-30 22:00:38 ----D---- C:\Program Files (x86)\2BrightSparks
2010-08-28 09:09:51 ----D---- C:\Program Files (x86)\ElcomSoft
2010-08-28 07:44:52 ----D---- C:\Users\rarach\AppData\Roaming\uTorrent
2010-08-25 22:56:48 ----D---- C:\Users\rarach\AppData\Roaming\Real
2010-08-20 19:26:49 ----D---- C:\Windows\Sun
2010-08-16 22:47:37 ----D---- C:\ProgramData\WEBREG
2010-08-16 22:47:36 ----D---- C:\Users\rarach\AppData\Roaming\HP
2010-08-16 22:46:10 ----D---- C:\ProgramData\HP Product Assistant
2010-08-16 22:44:25 ----HD---- C:\Config.Msi
2010-08-16 22:44:25 ----D---- C:\Program Files (x86)\HP
2010-08-16 22:22:49 ----D---- C:\ProgramData\HP
2010-08-10 23:04:20 ----D---- C:\Windows\pss
2010-08-10 13:40:52 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2010-08-06 22:07:07 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2010-08-06 21:41:39 ----D---- C:\Program Files (x86)\DAEMON Tools Pro
2010-08-06 21:39:41 ----D---- C:\ProgramData\DAEMON Tools Pro
2010-08-06 21:37:57 ----D---- C:\Program Files (x86)\CCleaner
2010-08-06 20:34:38 ----D---- C:\Users\rarach\AppData\Roaming\Thinstall
2010-08-06 20:01:23 ----D---- C:\Program Files (x86)\Smart Projects
2010-08-06 15:02:22 ----A---- C:\Windows\SYSWOW64\mppython.dll
2010-08-06 14:58:34 ----A---- C:\Windows\SYSWOW64\MPMapTrace.dll
2010-08-06 14:21:24 ----A---- C:\Windows\SYSWOW64\mpPathan.dll
2010-08-06 14:20:06 ----A---- C:\Windows\SYSWOW64\mpxerces-c_2_7.dll

======List of files/folders modified in the last 1 months======

2010-09-05 09:30:52 ----D---- C:\Windows\Prefetch
2010-09-05 09:30:18 ----D---- C:\Windows\Temp
2010-09-05 09:28:21 ----D---- C:\Windows\system32\config
2010-09-05 09:25:53 ----RD---- C:\Program Files
2010-09-05 08:30:14 ----D---- C:\Windows\System32
2010-09-05 08:30:13 ----D---- C:\Windows\winsxs
2010-09-05 08:30:13 ----D---- C:\Windows\system32\catroot
2010-09-05 08:30:03 ----SHD---- C:\System Volume Information
2010-09-05 08:13:38 ----D---- C:\Windows\debug
2010-09-04 19:46:17 ----D---- C:\Windows\inf
2010-09-04 19:46:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-04 15:04:39 ----D---- C:\Windows
2010-09-04 14:03:50 ----D---- C:\Windows\Minidump
2010-09-03 21:22:14 ----SHD---- C:\Windows\Installer
2010-09-03 21:21:55 ----D---- C:\Windows\SysWOW64
2010-09-03 18:30:53 ----RD---- C:\Program Files (x86)
2010-09-03 17:12:49 ----D---- C:\Windows\system32\drivers
2010-09-03 17:03:02 ----D---- C:\Windows\system32\DriverStore
2010-09-03 17:01:30 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-09-03 16:37:17 ----D---- C:\Windows\SYSWOW64\oobe
2010-09-03 08:01:37 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-09-02 20:27:46 ----D---- C:\found.000
2010-08-31 19:28:44 ----D---- C:\Windows\Microsoft.NET
2010-08-31 19:28:35 ----RSD---- C:\Windows\assembly
2010-08-30 22:54:09 ----D---- C:\Windows\SYSWOW64\migration
2010-08-30 22:54:09 ----D---- C:\Program Files\Internet Explorer
2010-08-30 22:54:09 ----D---- C:\Program Files (x86)\Internet Explorer
2010-08-30 22:54:08 ----D---- C:\Windows\system32\migration
2010-08-30 22:46:15 ----D---- C:\Program Files (x86)\totalcmd
2010-08-30 22:29:28 ----D---- C:\Windows\AppPatch
2010-08-30 22:28:21 ----D---- C:\Windows\system32\catroot2
2010-08-30 22:12:21 ----D---- C:\Program Files\WinRAR
2010-08-30 22:09:23 ----D---- C:\Windows\system32\Tasks
2010-08-30 21:15:41 ----D---- C:\tmp
2010-08-26 18:19:38 ----D---- C:\Users\rarach\AppData\Roaming\dvdcss
2010-08-22 14:25:11 ----D---- C:\ProgramData\Microsoft Help
2010-08-16 23:11:48 ----D---- C:\Users\rarach\AppData\Roaming\vlc
2010-08-16 23:06:35 ----D---- C:\Windows\system32\FxsTmp
2010-08-16 22:47:37 ----HD---- C:\ProgramData
2010-08-16 22:46:20 ----RSD---- C:\Windows\Fonts
2010-08-16 22:44:45 ----D---- C:\Windows\twain_32
2010-08-16 22:44:43 ----D---- C:\Program Files (x86)\Common Files
2010-08-12 22:34:35 ----D---- C:\Windows\system32\NDF
2010-08-10 22:18:43 ----A---- C:\Windows\Language_trs.ini
2010-08-10 22:18:07 ----A---- C:\Windows\system32\VIASysFx.dll
2010-08-10 22:18:07 ----A---- C:\Windows\system32\VIAPropPageExt.dll
2010-08-10 22:18:03 ----N---- C:\Windows\difxapi.dll
2010-08-10 20:06:58 ----D---- C:\Program Files (x86)\The KMPlayer
2010-08-06 21:57:35 ----D---- C:\Windows\system32\drivers\etc
2010-08-06 07:35:48 ----D---- C:\Windows\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-06 16440]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-06-13 257120]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-05 834544]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258); C:\Windows\system32\DRIVERS\tdrpm258.sys [2010-06-04 1477728]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-06-04 943712]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2010-08-05 13440]
R1 AsUpIO;AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [2009-07-06 13368]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2010-01-29 115600]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 173984]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2010-06-04 251488]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-05-27 6856192]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-05-27 264192]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-07-19 82816]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-06-25 205472]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-24 215040]
R3 SkyNetBDA_AMD64;TechniSat DVB-PC TV Star PCI (BDA); C:\Windows\system32\DRIVERS\SkyNetBDA_AMD64.sys [2010-06-06 610904]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-25 11856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2010-08-10 1290752]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-05-27 6856192]
S3 aut3ttmy;aut3ttmy; C:\Windows\system32\drivers\aut3ttmy.sys []
S3 MCHPUSB;MCHPUSB; C:\Windows\system32\DRIVERS\mchpusb64.sys [2008-05-12 64512]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 40832]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 SKYNET;TechniSat DVB-PC TV Star PCI; C:\Windows\system32\DRIVERS\SkyNET_AMD64.SYS [2010-06-06 617048]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe [2009-11-26 894480]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-06-04 2480048]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-05-27 203264]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17424]
R2 NMSAccess;NMSAccess; C:\Windows\SysWOW64\NMSAccessU.exe [2009-01-12 71096]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 svchost32;Windows Service Manager; C:\Windows\syswow64\oobe\svchost.exe [2010-09-03 48508]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-02-25 1398088]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-03-15 2233400]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-07-04 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-04 655624]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-04 182768]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TuneUp.Defrag;@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-06-19 607048]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

Re: Trojan: Win32/Malex.gen!E v Win 7 64

Napsal: 05 zář 2010 09:25
od Caroprd111
Zdravím :)

ObrázekStáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
  • Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
  • Označte položku Pro všechny uživatele.
  • Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
  • Klikněte na tlačítko Prohledat
  • Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Re: Trojan: Win32/Malex.gen!E v Win 7 64

Napsal: 05 zář 2010 10:06
od kar1rak
Díky za pomoc,
zde jsou:
(soubor je příliš dlouhý a tak ho musím přiložit jako rar, vypsat ho nemohu neb přesahuje limit 6000 řádek)

Re: Trojan: Win32/Malex.gen!E v Win 7 64

Napsal: 05 zář 2010 10:07
od kar1rak
a ještě

OTL Extras logfile created on: 5.9.2010 10:34:26 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\rar\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 73,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 30,01 Gb Total Space | 2,36 Gb Free Space | 7,88% Space Free | Partition Type: NTFS
Drive D: | 81,77 Gb Total Space | 5,92 Gb Free Space | 7,24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 20,02 Gb Total Space | 8,54 Gb Free Space | 42,67% Space Free | Partition Type: NTFS
Drive G: | 445,74 Gb Total Space | 0,95 Gb Free Space | 0,21% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAD
Current User Name: rar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2004886633-4022162318-3948038439-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{10297E58-2DFE-478B-9A1D-4B14E4E79CDF}" = HP Scanjet G4000 Series
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2016B2AD-0051-05C7-9CCB-CE9F05659CB7}" = ccc-utility64
"{25D04DBB-FE9D-E3BA-C2F3-F1BE9B8C0709}" = ATI Catalyst Install Manager
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Centrum zařízení Windows Mobile
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{7B1AF68B-4606-4152-9991-1E9D4FF5F0FA}" = Microsoft Antimalware Service CS-CZ Language Pack
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Aktualizace ovladače pro aplikaci Centrum zařízení Windows Mobile
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D86B6C32-49BD-4A02-9C43-14E497018498}" = Windows 7 Manager
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft Security Essentials" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR archiver
"x64 Components_is1" = x64 Components v2.6.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0FC472C3-6A2A-969F-10E7-E8F61B18117C}" = Catalyst Control Center Localization All
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{17E11EC2-3736-10A1-330C-CC7EB6CAC6B3}" = CCC Help Turkish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2814D1CB-7038-4EE4-8421-9C18FD571014}" = hpg4000
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{31405CA2-F009-D91B-FEFF-35924343CB14}" = Catalyst Control Center InstallProxy
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{425AD62D-5B16-494C-8AAB-6B3D0CF2527A}" = Adobe Setup
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{59F5C54C-ED39-58B4-42DA-3F20AB440E49}" = CCC Help Czech
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{641C1B16-FD4C-0F97-47AE-76637FC64225}" = CCC Help English
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7B29E627-71A5-6824-3F85-DBEF19624BD0}" = ccc-core-static
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83744391-B5A4-40E3-8A7D-E8BF39CB00ED}" = Adobe Creative Suite 4 Design Premium
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8827923A-B5B5-44F9-8FAF-DFFDB23BBEB8}" = Sprite Backup
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0405-1000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{930d6d3c-f6f4-44db-b25c-b2f2332fe99d}" = Nero 9 Trial
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{94F4B1D4-0BCC-E5C6-4EAE-F1A287383D5B}" = CCC Help Finnish
"{98838C21-AD83-77AA-3B09-F437C6F24F8F}" = CCC Help Dutch
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA6B96C4-7AF5-3F6A-E630-4096508A9C47}" = CCC Help Danish
"{AC76BA86-0000-7EC8-7489-000000000701}" = Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
"{AC76BA86-1033-C740-7760-100000000002}" = Adobe Acrobat 7.0 Professional - Czech, Polish, Greek
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3 - Czech
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B48E87FE-A8D9-EE14-B607-3FA1ACEF218E}" = CCC Help Norwegian
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BB05BC7D-BEF8-7A7B-C62E-F1BE381E70BB}" = CCC Help Swedish
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3FA3CCE-2A88-0976-B875-4B3E9D41204D}" = Catalyst Control Center Graphics Previews Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D54A0D86-35B0-BFC8-174B-D991EDF903B8}" = Catalyst Control Center Graphics Previews Vista
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E2AC8456-E8E8-41CD-9344-D505FBF1F68F}" = MPLAB Tools v8.56
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ECD129A4-5A21-1977-0849-6913BA6BA29C}" = CCC Help Russian
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"Adobe Acrobat 7.0 Professional - Czech, Polish, Greek - V" = Adobe Acrobat 7.0 Professional - Czech, Polish, Greek
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b421102ce31f2649ef3785f2a17166f" = Adobe Creative Suite 4 Design Premium
"AVIcodec" = AVIcodec (remove only)
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVDFab 7_is1" = DVDFab 7.0.8.0 (14/07/2010)
"Efficasoft Mobile Express_is1" = Efficasoft Mobile Express v1.5.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Heroes of Might and Magic III Complete" = Heroes of Might and Magic III Complete
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"InstallShield_{E2AC8456-E8E8-41CD-9344-D505FBF1F68F}" = MPLAB Tools v8.56
"IsoBuster_is1" = IsoBuster 2.8
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"PICC 9.71PL1" = HI-TECH C Compiler for the PIC10/12/16 MCUs V9.71aPL1
"SyncBackPro_is1" = SyncBackPro
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUp Utilities" = TuneUp Utilities
"UltraISO_is1" = UltraISO Premium V9.36
"uTorrent" = µTorrent
"VL Sound 5.1" = VL Sound 5.1
"Winamp" = Winamp

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4.9.2010 8:05:32 | Computer Name = Rad | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 4.9.2010 8:05:32 | Computer Name = Rad | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 4.9.2010 8:57:14 | Computer Name = Rad | Source = Application Hang | ID = 1002
Description = Program firefox.exe verze 1.9.2.3846 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
eac Čas spuštění: 01cb4c3017dbc3ad Čas ukončení: 32 Cesta k aplikaci: C:\Program Files
(x86)\Mozilla Firefox\firefox.exe ID hlášení: ebfd5efc-b823-11df-9baa-90e6ba52b966


Error - 4.9.2010 9:16:26 | Computer Name = Rad | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku
3. Hodnota MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu
version v prvku assemblyIdentity je neplatná.

Error - 4.9.2010 9:18:03 | Computer Name = Rad | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 4.9.2010 9:18:03 | Computer Name = Rad | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 4.9.2010 9:18:03 | Computer Name = Rad | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 4.9.2010 9:18:03 | Computer Name = Rad | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 5.9.2010 2:14:52 | Computer Name = Rad | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 5.9.2010 2:14:52 | Computer Name = Rad | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

[ Media Center Events ]
Error - 27.8.2010 11:59:37 | Computer Name = Rad | Source = MCUpdate | ID = 0
Description = 17:59:37 - Chyba při připojování k Internetu 17:59:37 - Nelze kontaktovat
server..

[ OSession Events ]
Error - 20.6.2010 7:40:58 | Computer Name = Rad | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 44
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9.8.2010 11:34:28 | Computer Name = Rad | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk2\DR2.

Error - 10.8.2010 7:39:15 | Computer Name = Rad | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (13:37:55, ?10.?8.?2010) bylo neočekávané.

Error - 10.8.2010 7:39:16 | Computer Name = RAD | Source = BugCheck | ID = 1001
Description =

Error - 10.8.2010 16:12:56 | Computer Name = Rad | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 11.8.2010 5:31:48 | Computer Name = Rad | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 11.8.2010 11:19:57 | Computer Name = Rad | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 12.8.2010 8:17:38 | Computer Name = Rad | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby Netman bylo dosaženo časového
limitu (30000 ms).

Error - 12.8.2010 8:21:32 | Computer Name = Rad | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 14.8.2010 7:21:51 | Computer Name = Rad | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (13:19:28, ?14.?8.?2010) bylo neočekávané.

Error - 14.8.2010 7:21:52 | Computer Name = RAD | Source = BugCheck | ID = 1001
Description =


< End of report >

Re: Trojan: Win32/Malex.gen!E v Win 7 64

Napsal: 05 zář 2010 11:05
od Caroprd111
Rozdělte, prosím, log do více příspěvků.

Re: Trojan: Win32/Malex.gen!E v Win 7 64

Napsal: 05 zář 2010 12:14
od kar1rak
OK, rozděluji a dávám na dvakrát:

OTL logfile created on: 5.9.2010 10:34:26 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\rar\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 73,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 30,01 Gb Total Space | 2,36 Gb Free Space | 7,88% Space Free | Partition Type: NTFS
Drive D: | 81,77 Gb Total Space | 5,92 Gb Free Space | 7,24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 20,02 Gb Total Space | 8,54 Gb Free Space | 42,67% Space Free | Partition Type: NTFS
Drive G: | 445,74 Gb Total Space | 0,95 Gb Free Space | 0,21% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAD
Current User Name: rar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.09.05 10:33:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\rar\Desktop\OTL.exe
PRC - [2010.08.10 20:40:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.06.04 23:30:27 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010.06.04 21:46:39 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009.11.26 17:45:54 | 000,361,976 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe
PRC - [2009.11.26 17:44:46 | 005,129,128 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009.08.20 22:16:54 | 005,782,528 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009.01.12 08:15:52 | 000,071,096 | ---- | M] () -- C:\Windows\SysWOW64\NMSAccessU.exe


========== Modules (SafeList) ==========

MOD - [2010.09.05 10:33:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\rar\Desktop\OTL.exe
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\oobe\svchost.exe -- (svchost32)
SRV:64bit: - [2010.07.04 22:47:38 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010.05.27 18:59:40 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.03.25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010.02.25 10:56:10 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.07.04 22:45:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.19 18:45:09 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.06.04 21:46:39 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.02.25 11:02:00 | 001,398,088 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.02.25 10:56:02 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.11.26 17:47:06 | 000,894,480 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.01.12 08:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\NMSAccessU.exe -- (NMSAccess)
SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.03.15 10:06:12 | 002,233,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.08.10 22:18:07 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.07.19 23:31:35 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010.06.13 10:41:21 | 000,257,120 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010.06.06 12:52:16 | 000,617,048 | ---- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SkyNET_AMD64.sys -- (SKYNET)
DRV:64bit: - [2010.06.06 12:52:16 | 000,610,904 | ---- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SkyNetBDA_AMD64.sys -- (SkyNetBDA_AMD64) TechniSat DVB-PC TV Star PCI (BDA)
DRV:64bit: - [2010.06.05 16:32:15 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.06.04 21:46:39 | 000,251,488 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010.06.04 21:46:37 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV:64bit: - [2010.06.04 21:46:36 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010.05.27 19:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.05.27 19:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.05.27 18:25:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.07.16 21:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.06.25 04:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.24 08:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.06 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008.05.12 08:09:06 | 000,064,512 | ---- | M] (Microchip Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mchpusb64.sys -- (MCHPUSB)
DRV - [2010.02.25 10:18:08 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.01.29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2004886633-4022162318-3948038439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\S-1-5-21-2004886633-4022162318-3948038439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 41 46 F2 E8 0A CB 01 [binary data]
IE - HKU\S-1-5-21-2004886633-4022162318-3948038439-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.6.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.30 22:07:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.10 20:41:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010.06.05 22:36:13 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Mozilla\Extensions
[2010.08.05 16:58:23 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Mozilla\Firefox\Profiles\xn57jxzr.default\extensions
[2010.08.05 16:58:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\rar\AppData\Roaming\Mozilla\Firefox\Profiles\xn57jxzr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.26 19:52:39 | 000,000,000 | ---D | M] (UnMHT) -- C:\Users\rar\AppData\Roaming\Mozilla\Firefox\Profiles\xn57jxzr.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2010.06.05 22:36:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.08.10 20:41:02 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.08.10 20:41:02 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.08.10 20:41:02 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.08.10 20:41:02 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.08.10 20:41:02 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.08.06 21:56:52 | 000,000,841 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 secure.disc-soft.com
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\S-1-5-21-2004886633-4022162318-3948038439-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2004886633-4022162318-3948038439-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2004886633-4022162318-3948038439-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe File not found
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Služba Acronis Scheduler2] C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2004886633-4022162318-3948038439-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2004886633-4022162318-3948038439-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2004886633-4022162318-3948038439-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2004886633-4022162318-3948038439-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Převést cíl vazby do existujícího PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Převést do Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Převést do existujícího PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Převést výběr do Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Převést výběr do existujícího PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Převést vybrané vazby do Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Převést vybrané vazby do existujícího PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: WikiKomentáře Google... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do existujícího PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést výběr do Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést výběr do existujícího PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.12 18:29:00 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c60e9444-70af-11df-ad20-90e6ba52b966}\Shell - "" = AutoRun
O33 - MountPoints2\{c60e9444-70af-11df-ad20-90e6ba52b966}\Shell\AutoRun\command - "" = I:\_AUTORUN\AUTORUN.EXE -- File not found
O33 - MountPoints2\{c60e9444-70af-11df-ad20-90e6ba52b966}\Shell\instDX\command - "" = I:\directX\dxsetup.exe -- File not found
O33 - MountPoints2\{c60e9444-70af-11df-ad20-90e6ba52b966}\Shell\readme\command - "" = notepad readme.txt
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.ac3filter - ac3filter.acm ()
Drivers32:64bit: msacm.ac3filter64 - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.ffds - ff_vfw.dll ()
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

Re: Trojan: Win32/Malex.gen!E v Win 7 64

Napsal: 05 zář 2010 12:14
od kar1rak
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010.09.05 10:32:56 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\rar\Desktop\OTL.exe
[2010.09.05 09:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.05 09:25:53 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.05 08:30:02 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.09.03 18:30:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HI-TECH Software
[2010.09.03 17:01:24 | 000,000,000 | ---D | C] -- C:\Users\rar\AppData\Roaming\Microchip
[2010.09.03 16:57:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microchip
[2010.08.30 22:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010.08.30 22:28:50 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.08.30 22:28:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.08.30 22:28:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.08.30 22:28:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.08.30 22:28:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.08.30 22:28:49 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.08.30 22:28:38 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.08.30 22:28:36 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.08.30 22:28:36 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.08.30 22:28:36 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.08.30 22:28:31 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.08.30 22:28:30 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.08.30 22:28:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.08.30 22:28:29 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010.08.30 22:00:40 | 000,000,000 | ---D | C] -- C:\Users\rar\AppData\Local\2BrightSparks
[2010.08.30 22:00:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2BrightSparks
[2010.08.28 09:09:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElcomSoft
[2010.08.28 07:44:52 | 000,000,000 | ---D | C] -- C:\Users\rar\AppData\Roaming\uTorrent
[2010.08.25 22:56:48 | 000,000,000 | ---D | C] -- C:\Users\rar\AppData\Roaming\Real
[2010.08.22 12:26:07 | 000,000,000 | ---D | C] -- D:\Users\rar\Documents\Moje naskenované obrázky
[2010.08.20 19:26:49 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.08.16 23:04:53 | 000,000,000 | ---D | C] -- C:\Users\rar\AppData\Local\HP
[2010.08.16 22:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2010.08.16 22:47:36 | 000,000,000 | ---D | C] -- C:\Users\rar\AppData\Roaming\HP
[2010.08.16 22:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010.08.16 22:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2010.08.16 22:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2010.08.16 22:44:25 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010.08.16 22:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2010.08.16 22:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010.08.12 22:30:11 | 000,000,000 | ---D | C] -- C:\Users\rar\Desktop\stavba-izolace
[2010.08.10 23:04:20 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.08.10 22:47:56 | 000,000,000 | ---D | C] -- C:\Users\rar\Desktop\triky-windows
[2010.08.06 22:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010.08.06 21:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2010.08.06 21:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2010.08.06 21:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.08.06 20:34:38 | 000,000,000 | ---D | C] -- C:\Users\rar\AppData\Roaming\Thinstall
[2010.08.06 20:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects
[2010.08.06 15:02:22 | 002,113,536 | ---- | C] (Python Software Foundation) -- C:\Windows\SysWow64\mppython.dll
[2010.08.06 14:20:06 | 001,753,088 | ---- | C] (Apache Software Foundation) -- C:\Windows\SysWow64\mpxerces-c_2_7.dll
[2010.07.19 23:31:35 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\rar\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010.09.05 10:38:21 | 004,456,448 | -HS- | M] () -- C:\Users\rar\ntuser.dat
[2010.09.05 10:33:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\rar\Desktop\OTL.exe
[2010.09.05 10:32:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.05 09:36:39 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.05 09:36:39 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.05 09:29:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.05 09:29:12 | 3019,247,616 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.05 09:28:15 | 005,431,699 | -H-- | M] () -- C:\Users\rar\AppData\Local\IconCache.db
[2010.09.05 09:28:09 | 000,000,106 | ---- | M] () -- C:\Users\rar\Desktop\VIRY.CZ • Zobrazit fórum - Řešení problémů, logy.URL
[2010.09.04 21:44:41 | 000,045,758 | ---- | M] () -- C:\Windows\Sysvxd.exe
[2010.09.04 19:46:17 | 001,454,258 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.09.04 19:46:17 | 000,625,676 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.09.04 19:46:17 | 000,609,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.09.04 19:46:17 | 000,119,794 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.09.04 19:46:17 | 000,104,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.09.03 21:21:59 | 000,002,180 | ---- | M] () -- C:\Users\Public\Desktop\MPLAB IDE v8.56.lnk
[2010.08.31 19:49:22 | 000,013,312 | ---- | M] () -- C:\Users\rar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.30 22:55:50 | 004,906,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.08.30 22:00:44 | 000,001,115 | ---- | M] () -- C:\Users\rar\Desktop\SyncBackPro.lnk
[2010.08.30 21:51:40 | 000,010,810 | ---- | M] () -- C:\Users\rar\Desktop\firewall.docx
[2010.08.21 11:32:17 | 000,001,123 | ---- | M] () -- C:\Users\rar\Desktop\Dokumenty – zástupce.lnk
[2010.08.18 23:53:17 | 000,524,288 | -HS- | M] () -- C:\Users\rar\ntuser.dat{60fcb50c-ab00-11df-90a4-8000600fe800}.TMContainer00000000000000000002.regtrans-ms
[2010.08.18 23:53:17 | 000,524,288 | -HS- | M] () -- C:\Users\rar\ntuser.dat{60fcb50c-ab00-11df-90a4-8000600fe800}.TMContainer00000000000000000001.regtrans-ms
[2010.08.18 23:53:17 | 000,065,536 | -HS- | M] () -- C:\Users\rar\ntuser.dat{60fcb50c-ab00-11df-90a4-8000600fe800}.TM.blf
[2010.08.17 00:03:46 | 000,085,304 | ---- | M] () -- C:\Users\rar\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.16 22:47:06 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2010.08.16 22:46:07 | 000,001,355 | ---- | M] () -- C:\Users\Public\Desktop\Centrum řešení HP.lnk
[2010.08.10 23:05:52 | 000,007,609 | ---- | M] () -- C:\Users\rar\AppData\Local\resmon.resmoncfg
[2010.08.10 22:46:22 | 000,000,008 | RHS- | M] () -- C:\Users\rar\ntuser.pol
[2010.08.10 22:20:18 | 000,001,206 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2010.08.10 22:18:43 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2010.08.10 22:18:07 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\viahduaa.sys
[2010.08.10 22:18:07 | 001,012,224 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIAPropPageExt.dll
[2010.08.10 22:18:07 | 000,532,480 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIASysFx.dll
[2010.08.10 22:18:03 | 000,414,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2010.08.10 16:14:27 | 000,000,081 | ---- | M] () -- C:\Users\rar\Desktop\Hp scanjet G4010 - Louny.URL
[2010.08.10 13:40:52 | 001,470,766 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.06 21:56:52 | 000,000,841 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.08.06 15:02:22 | 002,113,536 | ---- | M] (Python Software Foundation) -- C:\Windows\SysWow64\mppython.dll
[2010.08.06 14:58:34 | 000,081,920 | ---- | M] () -- C:\Windows\SysWow64\MPMapTrace.dll
[2010.08.06 14:21:24 | 000,364,544 | ---- | M] () -- C:\Windows\SysWow64\mpPathan.dll
[2010.08.06 14:20:06 | 001,753,088 | ---- | M] (Apache Software Foundation) -- C:\Windows\SysWow64\mpxerces-c_2_7.dll

========== Files Created - No Company Name ==========

[2010.09.05 09:28:09 | 000,000,106 | ---- | C] () -- C:\Users\rar\Desktop\VIRY.CZ • Zobrazit fórum - Řešení problémů, logy.URL
[2010.09.04 15:04:39 | 000,045,758 | ---- | C] () -- C:\Windows\Sysvxd.exe
[2010.09.03 21:21:59 | 000,002,180 | ---- | C] () -- C:\Users\Public\Desktop\MPLAB IDE v8.56.lnk
[2010.08.30 22:00:44 | 000,001,115 | ---- | C] () -- C:\Users\rar\Desktop\SyncBackPro.lnk
[2010.08.30 22:00:41 | 000,071,096 | ---- | C] () -- C:\Windows\SysWow64\NMSAccessU.exe
[2010.08.30 22:00:41 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\SyncBackPro.dll
[2010.08.28 10:10:22 | 000,010,810 | ---- | C] () -- C:\Users\rar\Desktop\firewall.docx
[2010.08.18 21:43:39 | 000,524,288 | -HS- | C] () -- C:\Users\rar\ntuser.dat{60fcb50c-ab00-11df-90a4-8000600fe800}.TMContainer00000000000000000002.regtrans-ms
[2010.08.18 21:43:39 | 000,524,288 | -HS- | C] () -- C:\Users\rar\ntuser.dat{60fcb50c-ab00-11df-90a4-8000600fe800}.TMContainer00000000000000000001.regtrans-ms
[2010.08.18 21:43:39 | 000,065,536 | -HS- | C] () -- C:\Users\rar\ntuser.dat{60fcb50c-ab00-11df-90a4-8000600fe800}.TM.blf
[2010.08.16 22:47:06 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2010.08.16 22:46:06 | 000,001,355 | ---- | C] () -- C:\Users\Public\Desktop\Centrum řešení HP.lnk
[2010.08.16 22:22:52 | 000,000,652 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.08.10 22:44:04 | 000,000,008 | RHS- | C] () -- C:\Users\rar\ntuser.pol
[2010.08.10 22:20:18 | 000,001,206 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2010.08.10 16:14:27 | 000,000,081 | ---- | C] () -- C:\Users\rar\Desktop\Hp scanjet G4010 - Louny.URL
[2010.08.10 13:40:52 | 001,470,766 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.07 08:18:21 | 000,001,345 | ---- | C] () -- C:\Users\rar\Desktop\Media Center.lnk
[2010.08.06 14:58:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\MPMapTrace.dll
[2010.08.06 14:21:24 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\mpPathan.dll
[2010.08.05 10:03:03 | 000,038,440 | ---- | C] () -- C:\Users\rar\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010.07.28 18:33:55 | 000,013,312 | ---- | C] () -- C:\Users\rar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.25 10:05:38 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2010.07.19 23:39:44 | 000,000,034 | ---- | C] () -- C:\Users\rar\AppData\Roaming\pcouffin.log
[2010.07.19 23:31:35 | 000,099,384 | ---- | C] () -- C:\Users\rar\AppData\Roaming\inst.exe
[2010.07.19 23:31:35 | 000,007,859 | ---- | C] () -- C:\Users\rar\AppData\Roaming\pcouffin.cat
[2010.07.19 23:31:35 | 000,001,167 | ---- | C] () -- C:\Users\rar\AppData\Roaming\pcouffin.inf
[2010.06.27 16:40:53 | 000,001,480 | ---- | C] () -- C:\Users\rar\AppData\Local\Adobe Uložit pro web 12.0 Prefs
[2010.06.23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.06.23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.06.12 20:26:44 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.06.04 22:15:10 | 000,007,609 | ---- | C] () -- C:\Users\rar\AppData\Local\resmon.resmoncfg
[2010.06.01 01:29:23 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.06.01 01:29:23 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.06.01 01:29:22 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.06.01 01:29:22 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.06.01 01:04:32 | 000,032,966 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.06.01 01:04:15 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.05.12 16:09:06 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.08.16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.06 20:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009.04.03 06:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2006.12.13 16:03:14 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\zlibwapi.dll

========== LOP Check ==========

[2010.06.04 23:36:50 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Acronis
[2010.07.03 20:10:19 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\com.adobe.ExMan
[2010.06.05 16:40:11 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\DAEMON Tools Lite
[2010.08.01 19:48:08 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\FileZilla
[2010.08.01 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\GHISLER
[2010.08.03 18:42:28 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Jeyo
[2010.09.04 22:26:55 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Microchip
[2010.07.25 10:05:38 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Shark007
[2010.07.10 10:20:27 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Sprite Software
[2010.06.27 16:35:59 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.08.06 20:34:38 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Thinstall
[2010.06.19 18:44:58 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\TuneUp Software
[2010.09.01 18:21:14 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\uTorrent
[2010.07.29 18:13:11 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\VitySoft
[2010.07.19 23:52:23 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Vso
[2010.07.25 10:11:40 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Win7codecs
[2010.06.21 09:00:00 | 000,000,000 | ---D | M] -- C:\Users\Zorka\AppData\Roaming\TuneUp Software
[2010.08.24 21:36:32 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"swg" = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2010.06.04 23:30:27 | 000,039,408 | ---- | M] (Google Inc.)
"AdobeBridge" =
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >
[2010.08.05 16:16:03 | 000,053,345 | ---- | M] () -- C:\AFUDOS.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.06.04 23:36:50 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Acronis
[2010.07.05 07:18:47 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Adobe
[2010.06.27 16:35:59 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Adobe Mini Bridge CS5
[2010.06.06 21:58:03 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\AdobeUM
[2010.06.01 01:18:30 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\ATI
[2010.07.03 20:10:19 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\com.adobe.ExMan
[2010.06.05 16:40:11 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\DAEMON Tools Lite
[2010.08.26 18:19:38 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\dvdcss
[2010.08.01 19:48:08 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\FileZilla
[2010.08.01 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\GHISLER
[2010.06.04 23:31:00 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Google
[2010.08.22 13:11:23 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\HP
[2010.06.01 00:52:19 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Identities
[2010.08.03 18:42:28 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Jeyo
[2010.06.04 23:06:22 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Macromedia
[2009.07.14 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Media Center Programs
[2010.09.04 22:26:55 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Microchip
[2010.08.03 10:05:05 | 000,000,000 | --SD | M] -- C:\Users\rar\AppData\Roaming\Microsoft
[2010.06.05 22:36:13 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Mozilla
[2010.06.12 14:00:28 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Nero
[2010.08.25 22:56:48 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Real
[2010.07.25 10:05:38 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Shark007
[2010.07.10 10:20:27 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Sprite Software
[2010.06.27 16:35:59 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.08.06 20:34:38 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Thinstall
[2010.06.19 18:44:58 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\TuneUp Software
[2010.09.01 18:21:14 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\uTorrent
[2010.07.29 18:13:11 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\VitySoft
[2010.08.16 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\vlc
[2010.07.19 23:52:23 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Vso
[2010.07.25 10:11:40 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Win7codecs
[2010.08.01 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\Winamp
[2010.06.12 12:54:27 | 000,000,000 | ---D | M] -- C:\Users\rar\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2010.07.19 23:52:18 | 000,099,384 | ---- | M] () -- C:\Users\rar\AppData\Roaming\inst.exe
[2010.06.21 21:54:21 | 000,015,086 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\ClickCleaner.exe
[2010.06.21 21:54:21 | 000,017,542 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\ContextMenuManager.exe
[2010.06.21 21:54:21 | 000,015,086 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\DiskAnalyzer.exe
[2010.06.21 21:54:21 | 000,015,086 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\DuplicateFilesFinder.exe
[2010.06.21 21:54:21 | 000,015,086 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\FileSecurity.exe
[2010.06.21 21:54:21 | 000,015,086 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\FileSplitter.exe
[2010.06.21 21:54:21 | 000,017,542 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\FreeMemory.exe
[2010.06.21 21:54:21 | 000,015,086 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\IEManager.exe
[2010.06.21 21:54:21 | 000,015,086 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\JunkFileCleaner.exe
[2010.06.21 21:54:21 | 000,005,430 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\LiveUpdate.exe
[2010.06.21 21:54:21 | 000,013,262 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\OptimizationWizard.exe
[2010.06.21 21:54:21 | 000,015,086 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\PrivacyProtector.exe
[2010.06.21 21:54:21 | 000,015,086 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\ProcessManager.exe
[2010.06.21 21:54:21 | 000,015,086 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\RegistryCleaner.exe
[2010.06.21 21:54:21 | 000,015,086 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\RegistryDefrag.exe
[2010.06.21 21:54:21 | 000,015,086 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\RepairCenter.exe
[2010.06.21 21:54:21 | 000,015,086 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\RunShortcutCreator.exe
[2010.06.21 21:54:21 | 000,015,086 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\ServiceManager.exe
[2010.06.21 21:54:21 | 000,017,542 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\SmartUninstaller.exe
[2010.06.21 21:54:21 | 000,015,086 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\StartupManager.exe
[2010.06.21 21:54:21 | 000,010,134 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\SystemFolder_msiexec.exe
[2010.06.21 21:54:21 | 000,007,886 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\SystemInfo.exe
[2010.06.21 21:54:21 | 000,017,542 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\TaskSchedulerManager.exe
[2010.06.21 21:54:21 | 000,092,560 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\Windows7Manager.exe
[2010.06.21 21:54:21 | 000,013,262 | R--- | M] () -- C:\Users\rar\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\WinUtilities.exe
[2010.08.06 20:34:40 | 000,053,248 | ---- | M] () -- C:\Users\rar\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000111800002h\EXCEL.EXE


< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2010.09.03 16:36:08 | 000,048,508 | ---- | M] () MD5=FA8657C267567E02A70E8DAFA0437519 -- C:\Windows\SysWOW64\oobe\svchost.exe
[2010.09.03 16:36:08 | 000,048,508 | ---- | M] () MD5=FA8657C267567E02A70E8DAFA0437519 -- C:\Windows\SysWOW64\oobe\svchost.exe

< MD5 for: TCPIP.SYS >
[2010.06.14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
< End of report >

Re: Trojan: Win32/Malex.gen!E v Win 7 64

Napsal: 05 zář 2010 15:54
od Caroprd111
Obrázek Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[RESETHOSTS] 

:OTL
SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\oobe\svchost.exe -- (svchost32)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O4 - HKU\S-1-5-21-2004886633-4022162318-3948038439-1000..\Run: [AdobeBridge] File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O33 - MountPoints2\{c60e9444-70af-11df-ad20-90e6ba52b966}\Shell - "" = AutoRun
[2010.09.04 21:44:41 | 000,045,758 | ---- | M] () -- C:\Windows\Sysvxd.exe
Klikněte na Opravit, PC se restartuje, log vložte sem.



Obrázek Doporučuji odinstalovat P2P klienty.

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.

Re: Trojan: Win32/Malex.gen!E v Win 7 64

Napsal: 05 zář 2010 17:41
od kar1rak
Provedeno podle návodu a níže je log.


All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: rar
->Temp folder emptied: 13821179 bytes
->Temporary Internet Files folder emptied: 62802464 bytes
->Java cache emptied: 447298 bytes
->FireFox cache emptied: 48836292 bytes
->Flash cache emptied: 10000 bytes

User: zolla
->Temp folder emptied: 5429927 bytes
->Temporary Internet Files folder emptied: 61462167 bytes
->Java cache emptied: 3428 bytes
->FireFox cache emptied: 93302320 bytes
->Flash cache emptied: 1805 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26270190 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 1225434 bytes

Total Files Cleaned = 299,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: rar
->Flash cache emptied: 0 bytes

User: zolla
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== OTL ==========
Service svchost32 stopped successfully!
Service svchost32 deleted successfully!
File C:\Windows\SysNative\oobe\svchost.exe not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acronis Scheduler2 Service deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2004886633-4022162318-3948038439-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c60e9444-70af-11df-ad20-90e6ba52b966}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c60e9444-70af-11df-ad20-90e6ba52b966}\ not found.
C:\Windows\Sysvxd.exe moved successfully.

OTL by OldTimer - Version 3.2.11.0 log created on 09052010_182944

Files\Folders moved on Reboot...
C:\Users\rar\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Re: Trojan: Win32/Malex.gen!E v Win 7 64

Napsal: 05 zář 2010 17:54
od Caroprd111
Jak se chová PC :???:

Re: Trojan: Win32/Malex.gen!E v Win 7 64

Napsal: 05 zář 2010 18:03
od kar1rak
Caroprd111e PC se chová zcela v pořádku, po restaru nevyskakuje upozornění na trojana. Připadá mi, že je vše OK.

Dík za upozornění ohledně těch P2P sítí.
Dá se říct v čem ten trojan byl, s čím jsem si ho přitahnul?

Re: Trojan: Win32/Malex.gen!E v Win 7 64

Napsal: 05 zář 2010 18:07
od Caroprd111
Odkud jste se nakazil bohužel určit nedokážu.


Obrázek Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
  • Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
  • Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.

Obrázek Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe
  • Spusťte.
  • Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Obrázek Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
  • Spusťte.
  • Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)


Obrázek Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
  • Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

    Obrázek Záložka Čistič
  • Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

    Obrázek Záložka Registry
  • Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
    Obrázek OK Obrázek Zavřít

Re: Trojan: Win32/Malex.gen!E v Win 7 64

Napsal: 05 zář 2010 18:21
od kar1rak
Jakmile jsem chtěl stahnout ten první soubor
tak vyskočil Microsoft Security Essentials s hrozbou: Trojan:Win32/Trufip!rts
v položkách:
file:C:\Users\rar\AppData\Local\Mozilla\Firefox\Profiles\xn57jxzr.default\Cache\42CC1B34d01
file:C:\Users\rar\AppData\Local\Temp\1of65kaV.exe.part

Mam ho povolit? (Raději se zeptam než honit další potvoru)

Re: Trojan: Win32/Malex.gen!E v Win 7 64

Napsal: 05 zář 2010 18:22
od Caroprd111
Povolte, je to falešná detekce.

Re: Trojan: Win32/Malex.gen!E v Win 7 64

Napsal: 05 zář 2010 18:48
od kar1rak
Povolil jsem. Udělal vše podle návodu a v pořádku to proběhlo. Ccleaner v čističi našel něco ke smazání, to jsem povolil a znovu analyzoval a již nebylo nic nalezeno. Registry neměly žádný problém, používám TuneUp a ten to asi průběžně pročištuje.
Co je dle Vás lepší, TuneUp nebo ten Ccleaner na vyčištění počítače?
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz