Tady je log
Dekuji za radu
Logfile of random's system information tool 1.09 (written by random/random)
Run by Mafie at 2011-08-23 20:27:39
Microsoft Windows 7 Ultimate
System drive C: has 241 GB (80%) free of 300 GB
Total RAM: 3326 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:27:42, on 23.8.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ICQ7.5\ICQ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\DllHost.exe
F:\RSIT.exe
C:\Program Files\trend micro\Mafie.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=14672
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
O2 - BHO: Splashtop Connect VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [STCAgent] "C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe"
O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {4F9FD89A-24F0-4fb7-9635-D54B3593B85B} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra 'Tools' menuitem: @"C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe",-101 - {4F9FD89A-24F0-4fb7-9635-D54B3593B85B} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: @"C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe",-103 - {9E508DD9-844C-4985-AC11-AFE5DD71E0BF} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: (no name) - {B771147A-4CC8-450e-8AB1-7D47821751B1} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra 'Tools' menuitem: @"C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe",-102 - {B771147A-4CC8-450e-8AB1-7D47821751B1} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: @"C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe",-104 - {EB89B163-2474-4734-9E93-68B61BC5BED5} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243 (NisSrv) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect\BackService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
--
End of file - 9415 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Mafie\AppData\Roaming\Mozilla\Firefox\Profiles\2pr6jovm.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
"{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}"=C:\Program Files\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}
"{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}"=C:\Program Files\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}
"{d9284e50-81fc-11da-a72b-0800200c9a66}"=C:\Program Files\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66}
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\Mafie\AppData\Roaming\Mozilla\Firefox\Profiles\2pr6jovm.default\extensions\
DTToolbar@toolbarnet.com
C:\Users\Mafie\AppData\Roaming\Mozilla\Firefox\Profiles\2pr6jovm.default\searchplugins\
askcom.xml
daemon-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}]
Splashtop Connect VisualBookmark - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll [2011-01-21 345968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-11 3821568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-10 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-04-21 1000768]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey []
"STCAgent"=C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe [2011-01-21 776064]
"ZyngaGamesAgent"=C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [2010-11-15 841544]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-11-02 9808488]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-28 336384]
"tray_ico"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui []
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"ICQ"=C:\Program Files\ICQ7.5\ICQ.exe [2011-08-01 124480]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-07-29 17361032]
"Clownfish"= []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-08-23 20:17:47 ----D---- C:\Windows\ERDNT
2011-08-23 20:17:46 ----SD---- C:\ComboFix
2011-08-23 20:17:44 ----D---- C:\Qoobox
2011-08-23 20:17:40 ----SD---- C:\32788R22FWJFW
2011-08-23 20:12:00 ----D---- C:\Users\Mafie\AppData\Roaming\Malwarebytes
2011-08-23 20:11:46 ----D---- C:\ProgramData\Malwarebytes
2011-08-23 20:11:46 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-08-23 20:11:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-23 20:11:43 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-08-23 20:06:52 ----D---- C:\rsit
2011-08-23 20:06:52 ----D---- C:\Program Files\trend micro
2011-08-23 19:11:58 ----HD---- C:\Windows\update.tray-7-0-lnk
2011-08-23 19:11:58 ----HD---- C:\Windows\update.tray-7-0
2011-08-23 19:09:05 ----D---- C:\Program Files\Google
2011-08-23 19:09:03 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-08-23 19:09:03 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-08-23 19:08:57 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-08-23 19:08:57 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-08-23 19:08:56 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-08-23 19:08:52 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-08-23 19:08:44 ----A---- C:\Windows\system32\aswBoot.exe
2011-08-23 19:08:44 ----A---- C:\Windows\avastSS.scr
2011-08-23 19:03:43 ----A---- C:\Windows\iecheck_iplist.txt
2011-08-23 19:03:16 ----HD---- C:\Windows\update.2
2011-08-23 19:03:05 ----A---- C:\Windows\iplist.txt
2011-08-23 19:02:40 ----A---- C:\Windows\front_ip_list.txt
2011-08-23 18:47:23 ----D---- C:\Windows\av_ico
2011-08-23 18:46:17 ----HD---- C:\Windows\update.1
2011-08-23 18:46:03 ----HD---- C:\Windows\update.tray-15-0
2011-08-23 18:46:02 ----HD---- C:\Windows\update.tray-15-0-lnk
2011-08-23 18:46:02 ----HD---- C:\Windows\update.tray-14-0-lnk
2011-08-23 18:46:02 ----HD---- C:\Windows\update.tray-14-0
2011-08-23 18:36:07 ----A---- C:\Windows\winlog-ids.txt
2011-08-23 18:36:07 ----A---- C:\Windows\winlog-dirs.txt
2011-08-22 20:24:46 ----A---- C:\Windows\system32\PnkBstrA.exe
2011-08-22 20:24:42 ----A---- C:\Windows\system32\drivers\PnkBstrK.sys
2011-08-22 20:24:29 ----A---- C:\Windows\system32\PnkBstrB.exe
2011-08-20 21:39:08 ----D---- C:\Windows\USB Vibration
2011-08-20 21:38:52 ----D---- C:\Program Files\usb vibration
2011-08-20 00:19:14 ----D---- C:\ProgramData\ATI
2011-08-20 00:19:12 ----D---- C:\Program Files\AMD APP
2011-08-14 10:45:07 ----D---- C:\Program Files\Apple Software Update
2011-08-13 15:32:08 ----D---- C:\Program Files\Clownfish
2011-08-10 17:25:15 ----D---- C:\ProgramData\Premium
2011-08-10 17:25:13 ----D---- C:\ProgramData\InstallMate
2011-08-10 15:29:13 ----D---- C:\Program Files\LogMeIn Hamachi
2011-08-10 10:24:58 ----A---- C:\Windows\system32\xactengine3_7.dll
2011-08-10 10:24:58 ----A---- C:\Windows\system32\d3dx11_43.dll
2011-08-10 10:24:58 ----A---- C:\Windows\system32\d3dx10_43.dll
2011-08-10 10:24:58 ----A---- C:\Windows\system32\d3dcsx_43.dll
2011-08-10 10:24:58 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2011-08-10 10:24:57 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-08-10 10:24:57 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-08-10 10:24:57 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-08-10 10:24:57 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-08-10 10:24:57 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-08-10 10:24:57 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-08-10 10:24:57 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-08-10 10:24:56 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-08-10 10:24:56 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-08-10 10:24:56 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-08-10 10:24:56 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-08-10 10:24:56 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-08-10 10:24:55 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-08-10 10:24:55 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-08-10 10:24:55 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-08-10 10:24:55 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-08-10 10:24:55 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-08-10 10:24:55 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-08-10 10:24:54 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-08-10 10:24:54 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-08-10 10:24:54 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-08-10 10:24:54 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-08-10 10:24:54 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-08-10 10:24:54 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-08-10 10:24:54 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-08-10 10:24:53 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-08-10 10:24:53 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-08-10 10:24:53 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-08-10 10:24:53 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-08-10 10:24:53 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-08-10 10:24:53 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-08-10 10:24:53 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-08-10 10:24:53 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-08-10 10:24:53 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-08-10 10:24:52 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-08-10 10:24:52 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-08-10 10:24:52 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-08-10 10:24:52 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-08-10 10:24:51 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-08-10 10:24:51 ----A---- C:\Windows\system32\xactengine2_7.dll
2011-08-10 10:24:51 ----A---- C:\Windows\system32\d3dx10_34.dll
2011-08-10 10:24:51 ----A---- C:\Windows\system32\d3dx10_33.dll
2011-08-10 10:24:51 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2011-08-10 10:24:51 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2011-08-10 10:24:50 ----A---- C:\Windows\system32\xactengine2_6.dll
2011-08-10 10:24:50 ----A---- C:\Windows\system32\xactengine2_5.dll
2011-08-10 10:24:50 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-08-10 10:24:50 ----A---- C:\Windows\system32\d3dx10.dll
2011-08-10 10:24:49 ----A---- C:\Windows\system32\xinput1_2.dll
2011-08-10 10:24:49 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-08-10 10:24:49 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-08-10 10:24:49 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-08-10 10:24:49 ----A---- C:\Windows\system32\x3daudio1_1.dll
2011-08-10 10:24:49 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-08-10 10:24:48 ----A---- C:\Windows\system32\xinput1_1.dll
2011-08-10 10:24:48 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-08-10 10:24:43 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-08-10 10:24:43 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-08-10 10:24:43 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-08-10 10:24:43 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-08-10 10:24:42 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-08-10 10:21:52 ----D---- C:\Windows\system32\directx
2011-08-04 22:58:24 ----D---- C:\Users\Mafie\AppData\Roaming\.minecraft
2011-07-29 00:22:04 ----A---- C:\Windows\system32\drivers\atikmdag.sys
2011-07-28 23:44:06 ----A---- C:\Windows\system32\atioglxx.dll
2011-07-28 23:40:58 ----A---- C:\Windows\system32\atiapfxx.exe
2011-07-28 23:36:26 ----A---- C:\Windows\system32\ATIDEMGX.dll
2011-07-28 23:35:52 ----A---- C:\Windows\system32\atieclxx.exe
2011-07-28 23:35:24 ----A---- C:\Windows\system32\atiesrxx.exe
2011-07-28 23:34:10 ----A---- C:\Windows\system32\atitmmxx.dll
2011-07-28 23:33:54 ----A---- C:\Windows\system32\atipdlxx.dll
2011-07-28 23:33:42 ----A---- C:\Windows\system32\Oemdspif.dll
2011-07-28 23:33:34 ----A---- C:\Windows\system32\atimuixx.dll
2011-07-28 23:33:26 ----A---- C:\Windows\system32\ati2edxx.dll
2011-07-28 23:11:42 ----A---- C:\Windows\system32\atiumdmv.dll
2011-07-28 23:11:14 ----A---- C:\Windows\system32\aticalrt.dll
2011-07-28 23:11:02 ----A---- C:\Windows\system32\aticalcl.dll
2011-07-28 23:07:24 ----A---- C:\Windows\system32\aticaldd.dll
2011-07-28 22:54:42 ----A---- C:\Windows\system32\atiadlxx.dll
2011-07-28 22:54:30 ----A---- C:\Windows\system32\atiglpxx.dll
2011-07-28 22:54:18 ----A---- C:\Windows\system32\atigktxx.dll
2011-07-28 22:53:46 ----A---- C:\Windows\system32\drivers\atikmpag.sys
2011-07-28 22:52:26 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2011-07-28 22:51:04 ----A---- C:\Windows\system32\atimpc32.dll
2011-07-28 22:51:04 ----A---- C:\Windows\system32\amdpcom32.dll
2011-07-28 17:49:12 ----A---- C:\Windows\system32\OVDecode.dll
2011-07-28 17:48:36 ----A---- C:\Windows\system32\amdocl.dll
2011-07-25 21:21:39 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2011-07-25 21:21:39 ----A---- C:\Windows\system32\PresentationHost.exe
2011-07-25 21:21:39 ----A---- C:\Windows\system32\netfxperf.dll
2011-07-25 21:21:39 ----A---- C:\Windows\system32\mscoree.dll
2011-07-25 21:21:39 ----A---- C:\Windows\system32\dfshim.dll
======List of files/folders modified in the last 1 month======
2011-08-23 20:24:05 ----D---- C:\Windows\Temp
2011-08-23 20:22:15 ----D---- C:\Users\Mafie\AppData\Roaming\ICQ
2011-08-23 20:22:07 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-08-23 20:21:42 ----D---- C:\Windows\system32\drivers
2011-08-23 20:21:42 ----D---- C:\Windows\cs-CZ
2011-08-23 20:20:13 ----D---- C:\Windows
2011-08-23 20:16:18 ----SHD---- C:\Windows\Installer
2011-08-23 20:11:46 ----HD---- C:\ProgramData
2011-08-23 20:11:43 ----RD---- C:\Program Files
2011-08-23 20:09:39 ----D---- C:\Windows\system32\wdi
2011-08-23 19:31:39 ----D---- C:\Users\Mafie\AppData\Roaming\Skype
2011-08-23 19:17:20 ----D---- C:\Windows\System32
2011-08-23 19:17:17 ----SHD---- C:\System Volume Information
2011-08-23 19:16:34 ----D---- C:\Windows\Prefetch
2011-08-23 19:15:59 ----D---- C:\Program Files\Common Files\Adobe
2011-08-23 19:15:58 ----D---- C:\ProgramData\Adobe
2011-08-23 19:15:45 ----D---- C:\Windows\system32\catroot2
2011-08-23 19:09:15 ----D---- C:\Windows\Tasks
2011-08-23 19:09:15 ----D---- C:\Windows\system32\Tasks
2011-08-23 19:03:39 ----D---- C:\Windows\system32\drivers\etc
2011-08-23 18:46:16 ----D---- C:\Program Files\Microsoft Security Client
2011-08-23 18:45:01 ----D---- C:\Windows\system32\config
2011-08-22 23:37:15 ----D---- C:\Users\Mafie\AppData\Roaming\uTorrent
2011-08-22 20:16:28 ----D---- C:\Windows\system32\LogFiles
2011-08-21 18:09:37 ----D---- C:\Users\Mafie\AppData\Roaming\TS3Client
2011-08-21 18:09:17 ----D---- C:\Windows\Logs
2011-08-21 17:12:02 ----D---- C:\Program Files\Microsoft Games
2011-08-20 21:39:08 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-20 01:01:02 ----D---- C:\Windows\system32\catroot
2011-08-20 00:18:53 ----D---- C:\Program Files\ATI Technologies
2011-08-20 00:17:38 ----D---- C:\Windows\inf
2011-08-20 00:17:37 ----D---- C:\Windows\system32\DriverStore
2011-08-19 23:50:07 ----RSD---- C:\Windows\assembly
2011-08-19 20:17:02 ----D---- C:\Program Files\Mozilla Firefox
2011-08-10 10:25:22 ----D---- C:\Windows\winsxs
2011-08-05 12:19:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-04 00:58:31 ----RD---- C:\Program Files\Skype
2011-08-04 00:58:27 ----D---- C:\ProgramData\Skype
2011-08-03 19:36:42 ----D---- C:\Program Files\ICQ7.5
2011-07-30 14:46:00 ----SD---- C:\Users\Mafie\AppData\Roaming\Microsoft
2011-07-28 23:40:44 ----A---- C:\Windows\system32\aticfx32.dll
2011-07-28 23:30:26 ----A---- C:\Windows\system32\atidxx32.dll
2011-07-28 23:09:10 ----A---- C:\Windows\system32\atiumdag.dll
2011-07-28 23:03:58 ----A---- C:\Windows\system32\atiumdva.dll
2011-07-28 23:01:48 ----A---- C:\Windows\system32\coinst.dll
2011-07-28 22:53:14 ----A---- C:\Windows\system32\atiuxpag.dll
2011-07-28 22:53:00 ----A---- C:\Windows\system32\atiu9pag.dll
2011-07-26 20:12:59 ----D---- C:\Windows\Microsoft.NET
2011-07-25 21:24:13 ----D---- C:\Windows\system32\cs-CZ
2011-07-25 21:22:29 ----D---- C:\Windows\system32\en-US
2011-07-25 21:22:28 ----D---- C:\Program Files\Microsoft.NET
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 18544]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-05 218688]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R2 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2011-06-24 39424]
R3 amdiox86;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-29 8396800]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-07-28 247296]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2011-01-26 32256]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2011-01-26 52224]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2011-08-23 17488]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-11-02 3228712]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-07-06 22712]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2010-05-25 204448]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-01-13 328808]
R4 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
S0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys [2004-08-09 114016]
S0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys [2004-07-19 7040]
S0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys [2003-12-01 4832]
S1 MpKsl61ee1188;MpKsl61ee1188; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F5B7664-858C-4716-969D-5DF1A3075FCB}\MpKsl61ee1188.sys []
S1 MpKsl9cb67d18;MpKsl9cb67d18; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31581FD1-987F-4567-9BA7-9CB036928A94}\MpKsl9cb67d18.sys []
S1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2004-08-09 53920]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 AODDriver;AODDriver; \??\C:\Program Files\Gigabyte\ET6\i386\AODDriver.sys [2010-03-12 36864]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 GVTDrv;GVTDrv; \??\C:\Windows\system32\Drivers\GVTDrv.sys [2011-06-01 24944]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-07-28 176128]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 291840]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-08-22 66872]
R2 SCBackService;Splashtop Connect Service; C:\Program Files\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2011-05-27 2337144]
R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service; C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service; C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-23 136176]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-23 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
FB vir prosim o pomoc
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119366
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: FB vir prosim o pomoc
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: FB vir prosim o pomoc
Tady to je 
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Verze databáze: 7546
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
23.8.2011 20:39:12
mbam-log-2011-08-23 (20-39-08).txt
Typ: Rychlá kontrola
Kontrolované objekty: 160931
Uplynulý čas: 2 minut, 16 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 8
Infikované hodnoty v registru: 9
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 10
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1522972.exe (Trojan.Agent) -> Value: 1522972.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1321694.exe (Trojan.Agent) -> Value: 1321694.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.
Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\Windows\services32.exe (Trojan.Dropper) -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\Users\Mafie\AppData\Local\Temp\1522972.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-15-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Users\Mafie\Desktop\ea-keygen-spr4t3kk.exe (RiskWare.Tool.CK) -> No action taken.
c:\Windows\Temp\1321694.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Verze databáze: 7546
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
23.8.2011 20:39:12
mbam-log-2011-08-23 (20-39-08).txt
Typ: Rychlá kontrola
Kontrolované objekty: 160931
Uplynulý čas: 2 minut, 16 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 8
Infikované hodnoty v registru: 9
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 10
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1522972.exe (Trojan.Agent) -> Value: 1522972.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1321694.exe (Trojan.Agent) -> Value: 1321694.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.
Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\Windows\services32.exe (Trojan.Dropper) -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\Users\Mafie\AppData\Local\Temp\1522972.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-15-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Users\Mafie\Desktop\ea-keygen-spr4t3kk.exe (RiskWare.Tool.CK) -> No action taken.
c:\Windows\Temp\1321694.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
Re: FB vir prosim o pomoc
Co dal mam delat ?
Re: FB vir prosim o pomoc
Promin te tady je uplna kontrola
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Verze databáze: 7546
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
23.8.2011 21:00:23
mbam-log-2011-08-23 (21-00-20).txt
Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 243730
Uplynulý čas: 16 minut, 10 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 8
Infikované hodnoty v registru: 9
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 14
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1522972.exe (Trojan.Agent) -> Value: 1522972.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1321694.exe (Trojan.Agent) -> Value: 1321694.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.
Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\Windows\services32.exe (Trojan.Dropper) -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\Users\Mafie\AppData\Local\Temp\1522972.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-15-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Users\Mafie\Desktop\ea-keygen-spr4t3kk.exe (RiskWare.Tool.CK) -> No action taken.
c:\Windows\update.tray-14-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-14-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-15-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\1321694.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Verze databáze: 7546
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
23.8.2011 21:00:23
mbam-log-2011-08-23 (21-00-20).txt
Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 243730
Uplynulý čas: 16 minut, 10 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 8
Infikované hodnoty v registru: 9
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 14
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1522972.exe (Trojan.Agent) -> Value: 1522972.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1321694.exe (Trojan.Agent) -> Value: 1321694.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.
Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\Windows\services32.exe (Trojan.Dropper) -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\Users\Mafie\AppData\Local\Temp\1522972.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-15-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Users\Mafie\Desktop\ea-keygen-spr4t3kk.exe (RiskWare.Tool.CK) -> No action taken.
c:\Windows\update.tray-14-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-14-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-15-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\1321694.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
Re: FB vir prosim o pomoc
Prosim vas co stým mam udělat ?? Děkuji za pomoc
Re: FB vir prosim o pomoc
Rudy, omluva za vstup, byla jsem požádána přes sz
V mbamu vše smažte.
Stáhněte Roguekiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
-ukončete všechny spuštěné programy
-spusťte program, pro visty/win 7 spustte pravým tlačítkem myši - jako správce
-použijte volbu 2 - enter
-pak použijte postupně i volby 3,4,5
-vložte zde logy
Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
- přejmenujte combofix na potvůrka.com
V mbamu vše smažte.
Stáhněte Roguekiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe-ukončete všechny spuštěné programy
-spusťte program, pro visty/win 7 spustte pravým tlačítkem myši - jako správce
-použijte volbu 2 - enter
-pak použijte postupně i volby 3,4,5
-vložte zde logy
Spusťte combofix podle tohoto návoduhttp://www.bleepingcomputer.com/combofi ... t-combofix
- přejmenujte combofix na potvůrka.com
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: FB vir prosim o pomoc
2.
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Mafie [Admin rights]
Mode: Remove -- Date : 08/23/2011 21:44:26
Bad processes: 0
Registry Entries: 4
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
Particular Files / Folders:
HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Mafie [Admin rights]
Mode: Remove -- Date : 08/23/2011 21:44:26
Bad processes: 0
Registry Entries: 4
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
Particular Files / Folders:
HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
Re: FB vir prosim o pomoc
3.
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Mafie [Admin rights]
Mode: HOSTSFix -- Date : 08/23/2011 21:45:41
Bad processes: 0
HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Mafie [Admin rights]
Mode: HOSTSFix -- Date : 08/23/2011 21:45:41
Bad processes: 0
HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Re: FB vir prosim o pomoc
4.
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Mafie [Admin rights]
Mode: ProxyFix -- Date : 08/23/2011 21:46:49
Bad processes: 0
Registry Entries: 0
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Mafie [Admin rights]
Mode: ProxyFix -- Date : 08/23/2011 21:46:49
Bad processes: 0
Registry Entries: 0
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Re: FB vir prosim o pomoc
5.
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Mafie [Admin rights]
Mode: DNSFix -- Date : 08/23/2011 21:47:20
Bad processes: 0
Registry Entries: 0
Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Mafie [Admin rights]
Mode: DNSFix -- Date : 08/23/2011 21:47:20
Bad processes: 0
Registry Entries: 0
Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
Re: FB vir prosim o pomoc
ComboFix 11-08-23.03 - Mafie 23.08.2011 21:51:54.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.3326.2152 [GMT 2:00]
Spuštěný z: c:\users\Mafie\Downloads\potvůrka.com.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\proc_list1.log
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\update.1
c:\windows\update.2
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-23 do 2011-08-23 )))))))))))))))))))))))))))))))
.
.
2011-08-23 19:55 . 2011-08-23 19:55 -------- d-----w- c:\users\Mafie\AppData\Local\temp
2011-08-23 19:55 . 2011-08-23 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-23 19:50 . 2011-08-23 19:55 -------- d-----w- C:\potvůrka.com
2011-08-23 19:32 . 2011-08-23 19:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-23 18:38 . 2011-08-16 06:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AECDA87-2F21-44C7-8110-590F5743F77B}\mpengine.dll
2011-08-23 18:12 . 2011-08-23 18:12 -------- d-----w- c:\users\Mafie\AppData\Roaming\Malwarebytes
2011-08-23 18:11 . 2011-08-23 18:11 -------- d-----w- c:\programdata\Malwarebytes
2011-08-23 18:11 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-23 18:11 . 2011-08-23 18:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-23 18:11 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-23 18:06 . 2011-08-23 18:27 -------- d-----w- c:\program files\trend micro
2011-08-23 18:06 . 2011-08-23 18:06 -------- d-----w- C:\rsit
2011-08-23 17:11 . 2011-08-23 19:42 -------- d--h--w- c:\windows\update.tray-7-0
2011-08-23 17:11 . 2011-08-23 19:42 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-08-23 17:09 . 2011-08-23 17:09 -------- d-----w- c:\users\Mafie\AppData\Local\Google
2011-08-23 17:09 . 2011-08-23 17:09 -------- d-----w- c:\program files\Google
2011-08-23 17:09 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-23 17:09 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-23 17:08 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-23 17:08 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-23 17:08 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-23 17:08 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-23 17:08 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-23 17:08 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-23 16:47 . 2011-08-23 17:14 -------- d-----w- c:\windows\av_ico
2011-08-23 16:46 . 2011-08-23 19:42 -------- d--h--w- c:\windows\update.tray-15-0
2011-08-23 16:46 . 2011-08-23 19:42 -------- d--h--w- c:\windows\update.tray-15-0-lnk
2011-08-23 16:46 . 2011-08-23 19:42 -------- d--h--w- c:\windows\update.tray-14-0
2011-08-23 16:46 . 2011-08-23 19:42 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-08-22 18:24 . 2011-08-22 18:24 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-08-22 18:24 . 2011-08-23 16:22 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-22 18:24 . 2011-08-23 16:22 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-22 18:24 . 2011-08-22 18:24 -------- d-----w- c:\users\Mafie\AppData\Local\PunkBuster
2011-08-22 17:34 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{497D31D5-8DA1-480D-A368-F745A261A19E}\mpengine.dll
2011-08-21 15:11 . 2011-08-21 15:11 -------- d-----w- c:\users\Mafie\AppData\Local\Microsoft Games
2011-08-20 19:39 . 2011-08-20 19:39 -------- d-----w- c:\windows\USB Vibration
2011-08-20 19:38 . 2002-08-02 00:20 151552 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll
2011-08-20 19:38 . 2011-08-20 19:38 270468 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setup.dll
2011-08-20 19:38 . 2011-08-20 19:38 159876 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll
2011-08-20 19:38 . 2002-08-05 08:46 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll
2011-08-20 19:38 . 2002-08-02 01:10 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe
2011-08-20 19:38 . 2002-08-02 00:20 634880 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll
2011-08-20 19:38 . 2002-08-02 00:20 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll
2011-08-20 19:38 . 2011-08-20 19:38 -------- d-----w- c:\program files\usb vibration
2011-08-19 22:22 . 2011-08-19 22:40 -------- d-----w- c:\users\Mafie\AppData\Local\Wheelman
2011-08-19 22:22 . 2011-08-19 22:22 -------- d-----w- c:\users\Mafie\AppData\Local\PC
2011-08-19 22:19 . 2011-08-19 22:19 -------- d-----w- c:\programdata\ATI
2011-08-19 22:19 . 2011-08-19 22:19 -------- d-----w- c:\program files\AMD APP
2011-08-14 08:45 . 2011-08-14 08:45 -------- d-----w- c:\program files\Apple Software Update
2011-08-13 13:32 . 2011-08-13 13:32 -------- d-----w- c:\program files\Clownfish
2011-08-11 16:15 . 2011-05-05 15:07 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FA3ECF4-F246-4B76-9C06-BF66A1633E74}\gapaengine.dll
2011-08-10 15:25 . 2011-08-10 15:25 -------- d-----w- c:\programdata\Premium
2011-08-10 15:25 . 2011-08-10 15:26 -------- d-----w- c:\programdata\InstallMate
2011-08-10 13:29 . 2011-08-10 13:29 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-08-04 20:58 . 2011-08-04 21:01 -------- d-----w- c:\users\Mafie\AppData\Roaming\.minecraft
2011-07-28 22:22 . 2011-07-28 22:22 8396800 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-28 21:44 . 2011-07-28 21:44 18388480 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-28 21:40 . 2011-07-28 21:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-28 21:36 . 2011-07-28 21:36 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-28 21:35 . 2011-07-28 21:35 401408 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-28 21:35 . 2011-07-28 21:35 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-28 21:34 . 2011-07-28 21:34 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-07-28 21:33 . 2011-07-28 21:33 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-28 21:33 . 2011-07-28 21:33 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-28 21:33 . 2011-07-28 21:33 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-28 21:33 . 2011-07-28 21:33 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-28 21:11 . 2011-07-28 21:11 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-07-28 21:11 . 2011-07-28 21:11 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-28 21:11 . 2011-07-28 21:11 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-28 21:07 . 2011-07-28 21:07 8247296 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-28 20:54 . 2011-07-28 20:54 266240 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-07-28 20:53 . 2011-07-28 20:53 247296 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-28 20:52 . 2011-07-28 20:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-28 15:49 . 2011-07-28 15:49 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-28 15:48 . 2011-07-28 15:48 13555712 ----a-w- c:\windows\system32\amdocl.dll
2011-07-25 19:21 . 2009-11-25 19:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-25 19:21 . 2009-11-25 19:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-07-25 19:21 . 2009-11-25 19:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-07-25 19:21 . 2009-11-25 19:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-25 19:21 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 19:43 . 2011-05-05 15:47 17488 ----a-w- c:\windows\gdrv.sys
2011-08-12 02:44 . 2011-05-07 16:17 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-28 21:40 . 2011-04-06 02:03 726528 ----a-w- c:\windows\system32\aticfx32.dll
2011-07-28 21:30 . 2011-04-06 01:53 4198912 ----a-w- c:\windows\system32\atidxx32.dll
2011-07-28 21:09 . 2011-04-06 01:35 4256768 ----a-w- c:\windows\system32\atiumdag.dll
2011-07-28 21:03 . 2011-04-06 01:26 4056064 ----a-w- c:\windows\system32\atiumdva.dll
2011-07-28 21:01 . 2011-04-06 01:28 52736 ----a-w- c:\windows\system32\coinst.dll
2011-07-28 20:53 . 2011-04-06 01:20 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-07-28 20:53 . 2011-04-06 01:20 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-07-10 20:26 . 2011-07-10 20:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-16 01:34 . 2011-06-16 01:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 01:34 . 2011-06-16 01:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-01 10:43 . 2011-05-05 15:47 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2011-08-19 18:16 . 2011-05-05 19:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-01-21 165776]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}]
2011-01-21 07:39 345968 ----a-w- c:\program files\Splashtop\Splashtop Connect IE\STC.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STCAgent"="c:\program files\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-01-21 776064]
"ZyngaGamesAgent"="c:\program files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-02 9808488]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 MpKsl61ee1188;MpKsl61ee1188;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F5B7664-858C-4716-969D-5DF1A3075FCB}\MpKsl61ee1188.sys [x]
R1 MpKsl9cb67d18;MpKsl9cb67d18;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31581FD1-987F-4567-9BA7-9CB036928A94}\MpKsl9cb67d18.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 136176]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]
R3 AODDriver;AODDriver;c:\program files\Gigabyte\ET6\i386\AODDriver.sys [2010-03-12 36864]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 136176]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2011-06-01 24944]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 18544]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-05 218688]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 291840]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2011-06-24 39424]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 SCBackService;Splashtop Connect Service;c:\program files\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-05-27 2337144]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-28 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-28 247296]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-01-26 32256]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-01-26 52224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-13 328808]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 17:09]
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 17:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=14672
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\users\Mafie\AppData\Roaming\Mozilla\Firefox\Profiles\2pr6jovm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShell.dll
HKCU-Run-Clownfish - (no file)
HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
AddRemove-Microsoft Security Client - c:\program files\Microsoft Security Client\Setup.exe
AddRemove-{3604BFF4-6EC8-44D6-B147-92C2D642FEDE} - c:\program files\InstallShield Installation Information\{3604BFF4-6EC8-44D6-B147-92C2D642FEDE}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-23 21:57:01
ComboFix-quarantined-files.txt 2011-08-23 19:57
.
Před spuštěním: Volných bajtů: 252 584 169 472
Po spuštění: Volných bajtů: 252 303 708 160
.
- - End Of File - - 2F282DC2B97667F9D23C5B6C24ECDED7
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.3326.2152 [GMT 2:00]
Spuštěný z: c:\users\Mafie\Downloads\potvůrka.com.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\proc_list1.log
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\update.1
c:\windows\update.2
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-23 do 2011-08-23 )))))))))))))))))))))))))))))))
.
.
2011-08-23 19:55 . 2011-08-23 19:55 -------- d-----w- c:\users\Mafie\AppData\Local\temp
2011-08-23 19:55 . 2011-08-23 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-23 19:50 . 2011-08-23 19:55 -------- d-----w- C:\potvůrka.com
2011-08-23 19:32 . 2011-08-23 19:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-23 18:38 . 2011-08-16 06:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AECDA87-2F21-44C7-8110-590F5743F77B}\mpengine.dll
2011-08-23 18:12 . 2011-08-23 18:12 -------- d-----w- c:\users\Mafie\AppData\Roaming\Malwarebytes
2011-08-23 18:11 . 2011-08-23 18:11 -------- d-----w- c:\programdata\Malwarebytes
2011-08-23 18:11 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-23 18:11 . 2011-08-23 18:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-23 18:11 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-23 18:06 . 2011-08-23 18:27 -------- d-----w- c:\program files\trend micro
2011-08-23 18:06 . 2011-08-23 18:06 -------- d-----w- C:\rsit
2011-08-23 17:11 . 2011-08-23 19:42 -------- d--h--w- c:\windows\update.tray-7-0
2011-08-23 17:11 . 2011-08-23 19:42 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-08-23 17:09 . 2011-08-23 17:09 -------- d-----w- c:\users\Mafie\AppData\Local\Google
2011-08-23 17:09 . 2011-08-23 17:09 -------- d-----w- c:\program files\Google
2011-08-23 17:09 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-23 17:09 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-23 17:08 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-23 17:08 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-23 17:08 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-23 17:08 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-23 17:08 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-23 17:08 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-23 16:47 . 2011-08-23 17:14 -------- d-----w- c:\windows\av_ico
2011-08-23 16:46 . 2011-08-23 19:42 -------- d--h--w- c:\windows\update.tray-15-0
2011-08-23 16:46 . 2011-08-23 19:42 -------- d--h--w- c:\windows\update.tray-15-0-lnk
2011-08-23 16:46 . 2011-08-23 19:42 -------- d--h--w- c:\windows\update.tray-14-0
2011-08-23 16:46 . 2011-08-23 19:42 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-08-22 18:24 . 2011-08-22 18:24 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-08-22 18:24 . 2011-08-23 16:22 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-22 18:24 . 2011-08-23 16:22 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-22 18:24 . 2011-08-22 18:24 -------- d-----w- c:\users\Mafie\AppData\Local\PunkBuster
2011-08-22 17:34 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{497D31D5-8DA1-480D-A368-F745A261A19E}\mpengine.dll
2011-08-21 15:11 . 2011-08-21 15:11 -------- d-----w- c:\users\Mafie\AppData\Local\Microsoft Games
2011-08-20 19:39 . 2011-08-20 19:39 -------- d-----w- c:\windows\USB Vibration
2011-08-20 19:38 . 2002-08-02 00:20 151552 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll
2011-08-20 19:38 . 2011-08-20 19:38 270468 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setup.dll
2011-08-20 19:38 . 2011-08-20 19:38 159876 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll
2011-08-20 19:38 . 2002-08-05 08:46 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll
2011-08-20 19:38 . 2002-08-02 01:10 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe
2011-08-20 19:38 . 2002-08-02 00:20 634880 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll
2011-08-20 19:38 . 2002-08-02 00:20 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll
2011-08-20 19:38 . 2011-08-20 19:38 -------- d-----w- c:\program files\usb vibration
2011-08-19 22:22 . 2011-08-19 22:40 -------- d-----w- c:\users\Mafie\AppData\Local\Wheelman
2011-08-19 22:22 . 2011-08-19 22:22 -------- d-----w- c:\users\Mafie\AppData\Local\PC
2011-08-19 22:19 . 2011-08-19 22:19 -------- d-----w- c:\programdata\ATI
2011-08-19 22:19 . 2011-08-19 22:19 -------- d-----w- c:\program files\AMD APP
2011-08-14 08:45 . 2011-08-14 08:45 -------- d-----w- c:\program files\Apple Software Update
2011-08-13 13:32 . 2011-08-13 13:32 -------- d-----w- c:\program files\Clownfish
2011-08-11 16:15 . 2011-05-05 15:07 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FA3ECF4-F246-4B76-9C06-BF66A1633E74}\gapaengine.dll
2011-08-10 15:25 . 2011-08-10 15:25 -------- d-----w- c:\programdata\Premium
2011-08-10 15:25 . 2011-08-10 15:26 -------- d-----w- c:\programdata\InstallMate
2011-08-10 13:29 . 2011-08-10 13:29 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-08-04 20:58 . 2011-08-04 21:01 -------- d-----w- c:\users\Mafie\AppData\Roaming\.minecraft
2011-07-28 22:22 . 2011-07-28 22:22 8396800 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-28 21:44 . 2011-07-28 21:44 18388480 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-28 21:40 . 2011-07-28 21:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-28 21:36 . 2011-07-28 21:36 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-28 21:35 . 2011-07-28 21:35 401408 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-28 21:35 . 2011-07-28 21:35 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-28 21:34 . 2011-07-28 21:34 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-07-28 21:33 . 2011-07-28 21:33 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-28 21:33 . 2011-07-28 21:33 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-28 21:33 . 2011-07-28 21:33 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-28 21:33 . 2011-07-28 21:33 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-28 21:11 . 2011-07-28 21:11 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-07-28 21:11 . 2011-07-28 21:11 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-28 21:11 . 2011-07-28 21:11 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-28 21:07 . 2011-07-28 21:07 8247296 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-28 20:54 . 2011-07-28 20:54 266240 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-07-28 20:53 . 2011-07-28 20:53 247296 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-28 20:52 . 2011-07-28 20:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-28 15:49 . 2011-07-28 15:49 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-28 15:48 . 2011-07-28 15:48 13555712 ----a-w- c:\windows\system32\amdocl.dll
2011-07-25 19:21 . 2009-11-25 19:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-25 19:21 . 2009-11-25 19:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-07-25 19:21 . 2009-11-25 19:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-07-25 19:21 . 2009-11-25 19:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-25 19:21 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 19:43 . 2011-05-05 15:47 17488 ----a-w- c:\windows\gdrv.sys
2011-08-12 02:44 . 2011-05-07 16:17 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-28 21:40 . 2011-04-06 02:03 726528 ----a-w- c:\windows\system32\aticfx32.dll
2011-07-28 21:30 . 2011-04-06 01:53 4198912 ----a-w- c:\windows\system32\atidxx32.dll
2011-07-28 21:09 . 2011-04-06 01:35 4256768 ----a-w- c:\windows\system32\atiumdag.dll
2011-07-28 21:03 . 2011-04-06 01:26 4056064 ----a-w- c:\windows\system32\atiumdva.dll
2011-07-28 21:01 . 2011-04-06 01:28 52736 ----a-w- c:\windows\system32\coinst.dll
2011-07-28 20:53 . 2011-04-06 01:20 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-07-28 20:53 . 2011-04-06 01:20 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-07-10 20:26 . 2011-07-10 20:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-16 01:34 . 2011-06-16 01:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 01:34 . 2011-06-16 01:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-01 10:43 . 2011-05-05 15:47 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2011-08-19 18:16 . 2011-05-05 19:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-01-21 165776]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}]
2011-01-21 07:39 345968 ----a-w- c:\program files\Splashtop\Splashtop Connect IE\STC.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STCAgent"="c:\program files\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-01-21 776064]
"ZyngaGamesAgent"="c:\program files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-02 9808488]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 MpKsl61ee1188;MpKsl61ee1188;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F5B7664-858C-4716-969D-5DF1A3075FCB}\MpKsl61ee1188.sys [x]
R1 MpKsl9cb67d18;MpKsl9cb67d18;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31581FD1-987F-4567-9BA7-9CB036928A94}\MpKsl9cb67d18.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 136176]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]
R3 AODDriver;AODDriver;c:\program files\Gigabyte\ET6\i386\AODDriver.sys [2010-03-12 36864]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 136176]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2011-06-01 24944]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 18544]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-05 218688]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 291840]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2011-06-24 39424]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 SCBackService;Splashtop Connect Service;c:\program files\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-05-27 2337144]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-28 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-28 247296]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-01-26 32256]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-01-26 52224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-13 328808]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 17:09]
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 17:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=14672
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\users\Mafie\AppData\Roaming\Mozilla\Firefox\Profiles\2pr6jovm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShell.dll
HKCU-Run-Clownfish - (no file)
HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
AddRemove-Microsoft Security Client - c:\program files\Microsoft Security Client\Setup.exe
AddRemove-{3604BFF4-6EC8-44D6-B147-92C2D642FEDE} - c:\program files\InstallShield Installation Information\{3604BFF4-6EC8-44D6-B147-92C2D642FEDE}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-23 21:57:01
ComboFix-quarantined-files.txt 2011-08-23 19:57
.
Před spuštěním: Volných bajtů: 252 584 169 472
Po spuštění: Volných bajtů: 252 303 708 160
.
- - End Of File - - 2F282DC2B97667F9D23C5B6C24ECDED7
Re: FB vir prosim o pomoc
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
Folder::
c:\windows\av_ico
c:\windows\update.tray-15-0
c:\windows\update.tray-15-0-lnk
c:\windows\update.tray-14-0
c:\windows\update.tray-14-0-lnk
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk
Registry::
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
DDS::
uStart Page = hxxp://eu.ask.com/?l=dis&o=14672
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?