VIRY.CZ

prosim o pomoc.. tady je log. Chtel jsem se zeptat jestli je bezpecne PC momentalne pouzivat nebo jen v offline modu?
dekuji moc za pomoc


Logfile of random's system information tool 1.09 (written by random/random)
Run by bHee at 2011-10-31 23:39:44
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 7 GB (3%) free of 238 GB
Total RAM: 8183 MB (79% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\ASUS.SYS\config\DVMExportService.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
"C:\Program Files (x86)\EXPERTool\TBPANEL.exe" /A
"C:\Users\bHee\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe" /crashhandler
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Windows\update.tray-7-0\svchost.exe"
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
"c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
C:\Windows\update.5.0\svchost.exe srv
C:\Windows\update.2\svchost.exe srv
"C:\Windows\update.5.0\svchost.exe" stand
C:\Windows\sysdriver32.exe srv
"C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\update.1\svchost.exe srv
"C:\Windows\update.2\svchost.exe" stand
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Users\bHee\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\bHee\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/InstantControl1/Prefetch/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd10/SpdyImpact/npn_with_spdy/SuggestHostPrefix/Www_Prefix/WarmSocketImpact/warm_socket/ --enable-print-preview --channel=1968.02FB86E0.20898235 --ignored=" --type=renderer " /prefetch:3
"C:\Users\bHee\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\bHee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll" --lang=cs --channel=1968.071B9A80.1302188231 /prefetch:4
"C:\Users\bHee\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/InstantControl1/Prefetch/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd10/SpdyImpact/npn_with_spdy/SuggestHostPrefix/Www_Prefix/WarmSocketImpact/warm_socket/ --enable-print-preview --channel=1968.070F0B00.965837718 /prefetch:3
"C:\Windows\update.2\svchost.exe" spamer
"C:\Windows\update.2\svchost.exe" spamer
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\update.2\svchost.exe" spamer
"C:\Windows\update.2\svchost.exe" spamer
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5e2c4575-47fe-4932-949a-d9d7ac2759ea -SystemEventPortName:HostProcess-4069e982-d602-480c-b3c9-4d07efadc451 -IoCancelEventPortName:HostProcess-6925762e-841f-497d-960f-18f8732116c1 -NonStateChangingEventPortName:HostProcess-e03327fe-db16-4fda-92c7-4606eabeb487 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a7d31e36-bc55-4f2c-9055-8887bd083335
"G:\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
-skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\bHee\AppData\Local\Temp\NDF2626.tmp -ep NetworkDiagnosticsGenericNetConnection
C:\Windows\System32\sdiagnhost.exe -Embedding
\??\C:\Windows\system32\conhost.exe "-1890678402-1377862719-18956526051284527735813394350-1170887709-1974123667-753721786

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-59840897-2483838298-1148384619-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-59840897-2483838298-1148384619-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
&Crawler Toolbar Helper - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll [2011-09-12 1237240]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
BitTorrentBar Toolbar - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16 3942048]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - BitTorrentBar Toolbar - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll [2011-05-09 176936]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll [2011-09-12 1237240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2011-09-28 2775728]
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-09-28 3609776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2011-08-02 1242448]
"GAINWARD"=C:\Program Files (x86)\EXPERTool\TBPanel.exe [2010-09-02 2181744]
"AdobeBridge"= []
"Google Update"=C:\Users\bHee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-03 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-03-04 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\bHee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-03 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files (x86)\ICQ7.4\ICQ.exe [2011-03-01 119608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-04-27 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher]
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [2010-07-13 906648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-09-12 17351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-04-27 113288]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"wxpdrv"=C:\Windows\services32.exe [2011-10-31 1204736]
"5767906.exe"=C:\Users\bHee\AppData\Local\Temp\5767906.exe [2011-10-31 258048]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-10-31 258048]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-10-31 258048]
"6726074.exe"=C:\Users\bHee\AppData\Local\Temp\6726074.exe [2011-10-31 258048]
"3225997.exe"=C:\Windows\Temp\3225997.exe [2011-10-31 258048]
"3336949.exe"=C:\Windows\Temp\3336949.exe [2011-10-31 1942528]
"5320261.exe"=C:\Windows\Temp\5320261.exe [2011-10-31 258048]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-7-0\svchost.exe [2011-10-31 1204736]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-10-31 23:39:46 ----D---- C:\Program Files\trend micro
2011-10-31 23:39:44 ----D---- C:\rsit
2011-10-31 22:55:18 ----D---- C:\Windows\av_ico
2011-10-31 22:53:24 ----HD---- C:\Windows\update.tray-7-0-lnk
2011-10-31 22:53:24 ----HD---- C:\Windows\update.tray-7-0
2011-10-31 22:51:25 ----A---- C:\Windows\winlog-ids.txt
2011-10-31 22:51:25 ----A---- C:\Windows\winlog-dirs.txt
2011-10-31 22:48:47 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-10-31 22:48:46 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-10-31 22:48:42 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-10-31 22:48:41 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-10-31 22:48:40 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-10-31 22:48:38 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-10-31 22:48:37 ----A---- C:\Windows\system32\aswBoot.exe
2011-10-31 22:47:20 ----A---- C:\Windows\avastSS.scr
2011-10-31 22:47:19 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2011-10-31 22:37:56 ----D---- C:\Program Files (x86)\Crawler
2011-10-31 22:37:48 ----D---- C:\Users\bHee\AppData\Roaming\Spyware Terminator
2011-10-31 22:37:48 ----D---- C:\ProgramData\Spyware Terminator
2011-10-31 22:37:48 ----A---- C:\Windows\system32\drivers\stflt.sys
2011-10-31 22:36:25 ----D---- C:\Program Files (x86)\Spyware Terminator
2011-10-31 18:18:56 ----D---- C:\Windows\system32\Macromed
2011-10-31 17:59:23 ----SHD---- C:\Windows\system32\%APPDATA%
2011-10-31 17:57:35 ----D---- C:\Windows\ufa
2011-10-31 17:57:35 ----D---- C:\Windows\rpcminer
2011-10-31 17:57:35 ----D---- C:\Windows\phoenix
2011-10-31 17:56:12 ----A---- C:\Windows\btc_client_iplist.txt
2011-10-31 17:55:23 ----HD---- C:\Windows\update.5.0
2011-10-31 17:53:28 ----A---- C:\Windows\iecheck_iplist.txt
2011-10-31 17:52:57 ----HD---- C:\Windows\update.2
2011-10-31 17:47:11 ----A---- C:\Windows\unrar.exe
2011-10-31 17:45:57 ----A---- C:\Windows\iplist.txt
2011-10-31 17:45:55 ----A---- C:\Windows\sysdriver32_.exe
2011-10-31 17:45:41 ----A---- C:\Windows\sysdriver32.exe
2011-10-31 17:45:16 ----A---- C:\Windows\front_ip_list.txt
2011-10-31 17:45:10 ----HD---- C:\Windows\update.1
2011-10-31 17:45:10 ----A---- C:\Windows\services32.exe
2011-10-31 12:15:04 ----D---- C:\Users\bHee\AppData\Roaming\GHISLER
2011-10-31 12:15:04 ----D---- C:\totalcmd
2011-10-31 12:15:04 ----A---- C:\Windows\UC.PIF
2011-10-31 12:15:04 ----A---- C:\Windows\RAR.PIF
2011-10-31 12:15:04 ----A---- C:\Windows\PKZIP.PIF
2011-10-31 12:15:04 ----A---- C:\Windows\PKUNZIP.PIF
2011-10-31 12:15:04 ----A---- C:\Windows\LHA.PIF
2011-10-31 12:15:04 ----A---- C:\Windows\ARJ.PIF
2011-10-25 23:51:19 ----D---- C:\Users\bHee\AppData\Roaming\Mozilla-Cache
2011-10-25 23:50:26 ----D---- C:\Programs
2011-10-13 23:01:41 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-10-13 23:01:41 ----A---- C:\Windows\system32\ieframe.dll
2011-10-13 23:01:40 ----A---- C:\Windows\system32\mshtml.dll
2011-10-13 23:01:39 ----A---- C:\Windows\system32\wininet.dll
2011-10-13 23:01:38 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-10-13 23:01:38 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-10-13 23:01:38 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-10-13 23:01:38 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-10-13 23:01:38 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-10-13 23:01:38 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-10-13 23:01:38 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-10-13 23:01:38 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-10-13 23:01:38 ----A---- C:\Windows\system32\urlmon.dll
2011-10-13 23:01:38 ----A---- C:\Windows\system32\mshtmled.dll
2011-10-13 23:01:38 ----A---- C:\Windows\system32\msfeeds.dll
2011-10-13 23:01:38 ----A---- C:\Windows\system32\jsproxy.dll
2011-10-13 23:01:38 ----A---- C:\Windows\system32\ieui.dll
2011-10-13 23:01:38 ----A---- C:\Windows\system32\iertutil.dll
2011-10-13 23:01:37 ----A---- C:\Windows\SYSWOW64\url.dll
2011-10-13 23:01:37 ----A---- C:\Windows\system32\url.dll
2011-10-13 22:38:11 ----A---- C:\Windows\system32\win32k.sys
2011-10-13 22:27:18 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-10-13 22:27:18 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-13 22:25:05 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-10-13 22:25:05 ----A---- C:\Windows\system32\oleacc.dll
2011-10-13 22:25:04 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-10-13 22:25:04 ----A---- C:\Windows\system32\oleaut32.dll
2011-10-05 20:59:55 ----D---- C:\Program Files (x86)\In The Money

======List of files/folders modified in the last 1 month======

2011-10-31 23:40:39 ----D---- C:\Windows\Temp
2011-10-31 23:39:46 ----RD---- C:\Program Files
2011-10-31 23:19:57 ----D---- C:\Windows\System32
2011-10-31 23:19:57 ----D---- C:\Windows\inf
2011-10-31 23:19:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-31 23:14:34 ----D---- C:\Program Files (x86)\Steam
2011-10-31 23:14:03 ----D---- C:\ProgramData\NVIDIA
2011-10-31 22:55:18 ----D---- C:\Windows
2011-10-31 22:48:47 ----D---- C:\Windows\system32\drivers
2011-10-31 22:48:37 ----D---- C:\Windows\SysWOW64
2011-10-31 22:48:36 ----SHD---- C:\Windows\Installer
2011-10-31 22:48:35 ----SHD---- C:\Config.Msi
2011-10-31 22:48:27 ----D---- C:\Windows\winsxs
2011-10-31 22:47:47 ----D---- C:\Windows\system32\config
2011-10-31 22:47:15 ----HD---- C:\ProgramData
2011-10-31 22:47:10 ----SHD---- C:\System Volume Information
2011-10-31 22:37:56 ----RD---- C:\Program Files (x86)
2011-10-31 22:21:14 ----D---- C:\Users\bHee\AppData\Roaming\BitTorrent
2011-10-31 20:05:56 ----D---- C:\Users\bHee\AppData\Roaming\ICQ
2011-10-31 17:53:29 ----D---- C:\Windows\system32\drivers\etc
2011-10-31 17:45:16 ----D---- C:\Windows\Prefetch
2011-10-31 16:32:24 ----D---- C:\Windows\system32\NDF
2011-10-30 08:31:38 ----D---- C:\Windows\system32\catroot2
2011-10-27 18:52:19 ----D---- C:\Betfair
2011-10-26 17:24:15 ----D---- C:\bwinPoker
2011-10-26 08:31:04 ----D---- C:\Program Files\Internet Explorer
2011-10-26 08:31:04 ----D---- C:\Program Files (x86)\Internet Explorer
2011-10-26 07:54:57 ----D---- C:\Windows\system32\catroot
2011-10-25 23:51:56 ----D---- C:\Program Files (x86)\BitTorrentBar
2011-10-18 09:08:26 ----D---- C:\Users\bHee\AppData\Roaming\Skype
2011-10-14 18:08:29 ----RSD---- C:\Windows\assembly
2011-10-14 18:08:29 ----D---- C:\Windows\Microsoft.NET
2011-10-14 14:21:35 ----D---- C:\Windows\SYSWOW64\migration
2011-10-14 14:21:35 ----D---- C:\Windows\system32\migration
2011-10-14 14:21:35 ----D---- C:\Windows\ehome
2011-10-14 06:37:18 ----A---- C:\Windows\system32\MRT.exe
2011-10-10 19:00:30 ----SD---- C:\Users\bHee\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2011-01-19 21992]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-03-16 43168]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2011-10-31 51496]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
R3 Cardex;Cardex; \??\C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [2007-03-16 15648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2010-11-12 155752]
S2 aswFsBlk;aswFsBlk; aswFsBlk.sys []
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-03-16 310728]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 dump_wmimmc;dump_wmimmc; \??\c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\syswow64\npptNT2.sys [2005-01-02 4682]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\Windows\system32\DRIVERS\s616bus.sys [2007-04-03 108296]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s616mdfl.sys [2007-04-03 19720]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s616mdm.sys [2007-04-03 144648]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s616mgmt.sys [2007-04-03 126216]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\Windows\system32\DRIVERS\s616nd5.sys [2007-04-03 31496]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s616obex.sys [2007-04-03 123656]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\Windows\system32\DRIVERS\s616unic.sys [2007-04-03 130312]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 TBPanel;TBPanel; C:\Windows\system32\drivers\TBPanel.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2011-04-06 349472]
R2 DvmMDES;DeviceVM Meta Data Export Service; C:\ASUS.SYS\config\DVMExportService.exe [2009-07-17 319488]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
R2 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 1005160]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-10-31 344576]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-10-31 1942528]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-10-31 258048]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2011-09-28 1148632]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-10-31 1204736]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 136176]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-03-04 30192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 136176]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-04-27 934176]
S3 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.5\my.ini MySQL []
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2011-06-06 4005936]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony SCSI Helper Service;Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [2010-04-02 73728]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-10-12 419624]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-03-05 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Vítám tě u nás

můžeš zůstat online a v normálním režimu

stáhni a spusť http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
dej volbu 2 - vytvořený log sem zkopíruj

opakuj s volbou 3 a 4 (logy mi dej)

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované adresáře:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych rád viděl

VOLBA C.2




RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: bHee [Admin rights]
Mode: Remove -- Date : 11/01/2011 08:50:28

Bad processes: 15
[SVCHOST] svchost.exe -- c:\windows\update.tray-7-0\svchost.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.1\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SERVICE] srvbtcclient -- C:\Windows\update.5.0\svchost.exe srv -> STOPPED
[SERVICE] srviecheck -- C:\Windows\update.2\svchost.exe srv -> STOPPED
[SERVICE] srvsysdriver32 -- C:\Windows\sysdriver32.exe srv -> STOPPED
[SERVICE] wxpdrivers -- C:\Windows\update.1\svchost.exe srv -> STOPPED

Registry Entries: 11
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()

Particular Files / Folders:

Driver: [NOT LOADED]

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt

VOLBA C.3




RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: bHee [Admin rights]
Mode: HOSTSFix -- Date : 11/01/2011 08:51:33

Bad processes: 0

Driver: [NOT LOADED]

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

VOLBA C.4




RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: bHee [Admin rights]
Mode: ProxyFix -- Date : 11/01/2011 08:52:26

Bad processes: 0

Driver: [NOT LOADED]

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

výborně
pokračujeme ComboFixem

Stáhni si : ComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Odmítni stažení Konzole...
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

Hned to bude, jen necham dojet ten MBAM a hodim sem ten log

tady je ten log z toho MBAM


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verze databáze: 8058

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

1.11.2011 10:48:10
mbam-log-2011-11-01 (10-48-10).txt

Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 446196
Uplynulý čas: 1 hodin, 23 minut, 54 sekund

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče v registru: 6
Infikované hodnoty v registru: 11
Infikované datové položky v registru: 4
Infikované složky: 1
Infikované soubory: 41

Infikované procesy v paměti:
c:\Windows\ufa\ufa.exe (PUP.BitMiner) -> 1668 -> Unloaded process successfully.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\unibetpoker (Poker) (PUP.Casino.Gen) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Agent) -> Value: wxpdrv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5767906.exe (Trojan.Agent) -> Value: 5767906.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6726074.exe (Trojan.Agent) -> Value: 6726074.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3225997.exe (Trojan.Agent) -> Value: 3225997.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5320261.exe (Trojan.Agent) -> Value: 5320261.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Agent) -> Value: tray_ico0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3336949.exe (Trojan.Agent) -> Value: 3336949.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SAFEBOOT\AlternateShell (Hijack.Altshell) -> Bad: (services32.exe) Good: (cmd.exe) -> Quarantined and deleted successfully.

Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

Infikované soubory:
c:\Windows\ufa\ufa.exe (PUP.BitMiner) -> Quarantined and deleted successfully.
c:\Windows\services32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\bHee\AppData\Local\Temp\5767906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\bHee\AppData\Local\Temp\6726074.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\3225997.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\5320261.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\microgaming\Poker\unibetpokermpp\install.exe (PUP.Casino.Gen) -> Not selected for removal.
c:\Users\bHee\Desktop\rk_quarantine\svchost.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\bHee\Desktop\rk_quarantine\sysdriver32.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\bHee\downloads\flash-player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\bHee\downloads\Unibet.exe (PUP.Casino.Gen) -> Not selected for removal.
c:\Windows\assembly\tmp\U\800000c0.@ (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\b3b80a96\X (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\b3b80a96\X (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\73505_myunrar2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\9502609.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\update.1\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\update.tray-7-0-lnk\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\3336949.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\4358250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\9922623.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\548553152.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.


a ted se vrhnu na ten zbytek

Tady je ten ComboFix


ComboFix 11-11-01.02 - bHee 01.11.2011 11:02:10.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1033.18.8183.6540 [GMT 1:00]
Spuštěný z: c:\users\bHee\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\consrv.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-01 do 2011-11-01 )))))))))))))))))))))))))))))))
.
.
2011-11-01 10:12 . 2011-11-01 10:12 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2011-11-01 10:12 . 2011-11-01 10:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-01 07:54 . 2011-11-01 07:54 -------- d-----w- c:\users\bHee\AppData\Roaming\Malwarebytes
2011-11-01 07:54 . 2011-11-01 07:54 -------- d-----w- c:\programdata\Malwarebytes
2011-11-01 07:54 . 2011-11-01 07:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-01 07:54 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-31 22:41 . 2011-10-31 22:41 -------- d-----w- c:\users\bHee\AppData\Local\ElevatedDiagnostics
2011-10-31 22:39 . 2011-10-31 22:39 -------- d-----w- c:\program files\trend micro
2011-10-31 22:39 . 2011-10-31 22:40 -------- d-----w- C:\rsit
2011-10-31 21:53 . 2011-11-01 09:48 -------- d--h--w- c:\windows\update.tray-7-0
2011-10-31 21:53 . 2011-11-01 09:48 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-10-31 21:48 . 2011-09-06 21:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-31 21:48 . 2011-09-06 21:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-31 21:48 . 2011-09-06 21:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-31 21:48 . 2011-09-06 21:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-31 21:48 . 2011-09-06 21:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-31 21:48 . 2011-09-06 21:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-31 21:48 . 2011-09-06 21:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-31 21:47 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-31 21:47 . 2011-09-06 21:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-10-31 21:37 . 2011-10-31 21:37 -------- d-----w- c:\program files (x86)\Crawler
2011-10-31 21:37 . 2011-11-01 09:51 -------- d-----w- c:\programdata\Spyware Terminator
2011-10-31 21:37 . 2011-10-31 21:37 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2011-10-31 21:37 . 2011-10-31 21:37 -------- d-----w- c:\users\bHee\AppData\Roaming\Spyware Terminator
2011-10-31 21:36 . 2011-10-31 21:38 -------- d-----w- c:\program files (x86)\Spyware Terminator
2011-10-31 19:16 . 2011-10-31 19:16 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-31 17:18 . 2011-10-31 17:18 -------- d-----w- c:\windows\system32\Macromed
2011-10-31 16:59 . 2011-10-31 16:59 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-31 16:57 . 2011-11-01 09:48 -------- d-----w- c:\windows\ufa
2011-10-31 16:47 . 2011-10-31 21:56 246272 ----a-w- c:\windows\unrar.exe
2011-10-31 11:15 . 2011-10-31 11:15 -------- d-----w- c:\users\bHee\AppData\Roaming\GHISLER
2011-10-31 11:15 . 2011-10-31 11:15 -------- d-----w- C:\totalcmd
2011-10-31 11:15 . 2011-10-21 07:00 545 ----a-w- c:\windows\UC.PIF
2011-10-31 11:15 . 2011-10-21 07:00 545 ----a-w- c:\windows\RAR.PIF
2011-10-31 11:15 . 2011-10-21 07:00 545 ----a-w- c:\windows\LHA.PIF
2011-10-31 11:15 . 2011-10-21 07:00 545 ----a-w- c:\windows\ARJ.PIF
2011-10-28 12:14 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E368B4A-00EB-4C3C-8AC0-948F0DFEC0A9}\mpengine.dll
2011-10-26 06:55 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 06:55 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-25 22:51 . 2011-10-25 22:51 -------- d-----w- c:\users\bHee\AppData\Local\Conduit
2011-10-25 22:51 . 2011-10-25 22:51 -------- d-----w- c:\users\bHee\AppData\Roaming\Mozilla-Cache
2011-10-25 22:50 . 2011-10-25 22:50 -------- d-----w- C:\Programs
2011-10-13 21:38 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 21:27 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 21:27 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 21:27 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 21:27 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 21:25 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 21:25 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 21:25 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 21:25 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-05 20:00 . 2011-10-05 20:00 -------- d-----w- c:\users\bHee\AppData\Local\In_The_Money_LLC
2011-10-05 19:59 . 2011-10-05 20:10 -------- d-----w- c:\users\bHee\AppData\Local\In The Money
2011-10-05 19:59 . 2011-10-05 19:59 -------- d-----w- c:\program files (x86)\In The Money
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBit0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"GAINWARD"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2010-09-02 2181744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 aswFsBlk;aswFsBlk;aswFsBlk.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 136176]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-03-04 30192]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 136176]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-07-17 319488]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2011-09-28 1148632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 19:26]
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 19:26]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-59840897-2483838298-1148384619-1000Core.job
- c:\users\bHee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-03 15:24]
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-59840897-2483838298-1148384619-1000UA.job
- c:\users\bHee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-03 15:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2011-09-28 2775728]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-09-28 3609776]
"combofix"="c:\combofix\CF3305.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\users\bHee\Desktop\PartyCasino.lnk
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico1 - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
AddRemove-HijackThis - G:\HijackThis.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-59840897-2483838298-1148384619-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*€%A{]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-59840897-2483838298-1148384619-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*€%A{\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Celkový čas: 2011-11-01 11:20:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-01 10:20
.
Před spuštěním: 9 587 851 264 bytes free
Po spuštění: 6 052 417 536 bytes free
.
- - End Of File - - 5384CE95D14294F762423FAFCB8A271E

Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript pokud trváš na Unibet.exe (PUP.Casino.Gen) - je to tvoje volba
stejně jako používání P2P sítí

Avast budeš muset přeinstalovat - je virem poškozen a zřejmě nefunkční

ComboFix 11-11-01.02 - bHee 01.11.2011 12:15:36.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1033.18.8183.6469 [GMT 1:00]
Spuštěný z: c:\users\bHee\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\bHee\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-59840897-2483838298-1148384619-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-59840897-2483838298-1148384619-1000UA.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-59840897-2483838298-1148384619-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-59840897-2483838298-1148384619-1000UA.job
c:\windows\ufa
c:\windows\unrar.exe
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-01 do 2011-11-01 )))))))))))))))))))))))))))))))
.
.
2011-11-01 11:25 . 2011-11-01 11:25 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2011-11-01 11:25 . 2011-11-01 11:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-01 07:54 . 2011-11-01 07:54 -------- d-----w- c:\users\bHee\AppData\Roaming\Malwarebytes
2011-11-01 07:54 . 2011-11-01 07:54 -------- d-----w- c:\programdata\Malwarebytes
2011-11-01 07:54 . 2011-11-01 07:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-01 07:54 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-31 22:41 . 2011-10-31 22:41 -------- d-----w- c:\users\bHee\AppData\Local\ElevatedDiagnostics
2011-10-31 22:39 . 2011-10-31 22:39 -------- d-----w- c:\program files\trend micro
2011-10-31 22:39 . 2011-10-31 22:40 -------- d-----w- C:\rsit
2011-10-31 21:48 . 2011-09-06 21:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-31 21:48 . 2011-09-06 21:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-31 21:48 . 2011-09-06 21:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-31 21:48 . 2011-09-06 21:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-31 21:48 . 2011-09-06 21:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-31 21:48 . 2011-09-06 21:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-31 21:48 . 2011-09-06 21:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-31 21:47 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-31 21:47 . 2011-09-06 21:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-10-31 21:37 . 2011-10-31 21:37 -------- d-----w- c:\program files (x86)\Crawler
2011-10-31 21:37 . 2011-11-01 09:51 -------- d-----w- c:\programdata\Spyware Terminator
2011-10-31 21:37 . 2011-10-31 21:37 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2011-10-31 21:37 . 2011-10-31 21:37 -------- d-----w- c:\users\bHee\AppData\Roaming\Spyware Terminator
2011-10-31 21:36 . 2011-10-31 21:38 -------- d-----w- c:\program files (x86)\Spyware Terminator
2011-10-31 19:16 . 2011-10-31 19:16 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-31 17:18 . 2011-10-31 17:18 -------- d-----w- c:\windows\system32\Macromed
2011-10-31 16:59 . 2011-10-31 16:59 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-31 11:15 . 2011-10-31 11:15 -------- d-----w- c:\users\bHee\AppData\Roaming\GHISLER
2011-10-31 11:15 . 2011-10-31 11:15 -------- d-----w- C:\totalcmd
2011-10-31 11:15 . 2011-10-21 07:00 545 ----a-w- c:\windows\UC.PIF
2011-10-31 11:15 . 2011-10-21 07:00 545 ----a-w- c:\windows\RAR.PIF
2011-10-31 11:15 . 2011-10-21 07:00 545 ----a-w- c:\windows\LHA.PIF
2011-10-31 11:15 . 2011-10-21 07:00 545 ----a-w- c:\windows\ARJ.PIF
2011-10-28 12:14 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E368B4A-00EB-4C3C-8AC0-948F0DFEC0A9}\mpengine.dll
2011-10-26 06:55 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 06:55 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-25 22:51 . 2011-10-25 22:51 -------- d-----w- c:\users\bHee\AppData\Local\Conduit
2011-10-25 22:51 . 2011-10-25 22:51 -------- d-----w- c:\users\bHee\AppData\Roaming\Mozilla-Cache
2011-10-25 22:50 . 2011-10-25 22:50 -------- d-----w- C:\Programs
2011-10-13 21:38 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 21:27 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 21:27 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 21:27 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 21:27 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 21:25 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 21:25 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 21:25 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 21:25 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-05 20:00 . 2011-10-05 20:00 -------- d-----w- c:\users\bHee\AppData\Local\In_The_Money_LLC
2011-10-05 19:59 . 2011-10-05 20:10 -------- d-----w- c:\users\bHee\AppData\Local\In The Money
2011-10-05 19:59 . 2011-10-05 19:59 -------- d-----w- c:\program files (x86)\In The Money
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-01_10.15.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-11-01 10:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-01 11:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-01 10:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-01 11:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-01 11:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-01 10:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-04 07:04 . 2011-11-01 10:24 46582 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-01 10:16 28732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-01 11:29 28732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-03 17:23 . 2011-11-01 11:29 11886 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-59840897-2483838298-1148384619-1000_UserData.bin
- 2011-03-03 22:22 . 2011-11-01 09:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-03 22:22 . 2011-11-01 10:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-03 22:22 . 2011-11-01 10:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-03 22:22 . 2011-11-01 09:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-03 22:22 . 2011-11-01 10:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-03 22:22 . 2011-11-01 09:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-03 22:22 . 2011-11-01 10:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-03 22:22 . 2011-11-01 11:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-03 22:22 . 2011-11-01 10:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-03 22:22 . 2011-11-01 11:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-22 01:46 . 2011-11-01 10:21 5660 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-11-01 10:20 . 2011-11-01 10:20 2008 c:\windows\SoftwareDistribution\EventCache\{B4D33632-F3EF-4681-8A96-4DE3E47F918E}.bin
+ 2011-11-01 11:27 . 2011-11-01 11:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-01 10:14 . 2011-11-01 10:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-01 10:14 . 2011-11-01 10:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-01 11:27 . 2011-11-01 11:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-11-01 09:56 709846 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-01 10:29 709846 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-01 09:56 140342 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-01 10:29 140342 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-11-01 10:13 484520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-01 11:26 484520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-03-03 17:20 . 2011-11-01 10:13 5955168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-59840897-2483838298-1148384619-1000-8192.dat
+ 2011-03-03 17:20 . 2011-11-01 11:26 5955168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-59840897-2483838298-1148384619-1000-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"GAINWARD"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2010-09-02 2181744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
R2 aswFsBlk;aswFsBlk;aswFsBlk.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 136176]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-03-04 30192]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-07-17 319488]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2011-09-28 1148632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2011-09-28 2775728]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-09-28 3609776]
"combofix"="c:\combofix\CF17687.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\users\bHee\Desktop\PartyCasino.lnk
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
BHO-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-59840897-2483838298-1148384619-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*€%A{]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-59840897-2483838298-1148384619-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*€%A{\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Celkový čas: 2011-11-01 12:32:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-01 11:32
ComboFix2.txt 2011-11-01 10:20
.
Před spuštěním: 9 280 045 056 bytes free
Po spuštění: 6 068 396 032 bytes free
.
- - End Of File - - 1E35A8E1C26F210FC4B7DF53BF9A7DF7

Nákaza by měla být pryč - jsou nějaké problémy s PC?

Myslim, ze vsechno je v poradku
ikdyz chtel bych se jen zeptat - mam problem s wifi routerem, kazdych treba 20min vypadne signal na 5vterin, a jednou za par hodin nejde net treba 30min, na routru sviti kontrolka dls, ale internet ne, nekdy jen konstatne sviti, nekdy blika.. uz jsem jeden reklamoval a dostal jsem jinej, ale ten samej model, je to nejakej kšunt od O2... zkousel jsem se podivat do nastaveni routeru, nastavil jsem dynamicky pridelovani ip adres, protoze to vetsinou zacalo blbnout kdyz jsem pustil jeste ntb.

nejaka rada, cim by to mohlo byt? pripadne co zkusit?

Jinak bych chtel moc podekovat za pomoc a za rychlost s jakou Jste pracoval, kam mam poslat cokoladu?

na ten router budu kontaktovat kolegy - s tím opravdu nemám zkušenosti

uklidím po sobě
ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

Stáhni a spusť T-cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe)

je to jen úklid, kdyby některý bod nefungoval, pokračuj dalším

Tak dokoncil jsem cisteni, vsechno probehlo uspesne.
jeste jednou diky moc.

Co se tyce toho problemu s routerem, mam zalozit nove topic? nebo Vy me nekam presmerujete?