VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

kontrola logov z MBAM a RSIT, odstranenie havede z PC

https://forum.viry.cz:443/viewtopic.php?t=116684

Stránka 1 z 1

kontrola logov z MBAM a RSIT, odstranenie havede z PC

Napsal: 02 lis 2011 20:49
od 81051401
Dobry vecer, prosim o kontrolu logov z MBAM a RSIT. MBAM nieco nasiel, ale netrufam si vsetko len tak odkliknut...

MBAM
Malwarebytes' Anti-Malware 1.51.2.1300
http://www.malwarebytes.org

Verzia databázy: 8071

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2.11.2011 20:41:55
mbam-log-2011-11-02 (20-41-49).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 167340
Uplynutý čas: 10 min, 33 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 8
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 1
Infikované priečinky: 1
Infikované súbory: 6

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sfmgr (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\HtmlViewFile (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken.
HKEY_CLASSES_ROOT\mhtmlfile\shell\HTMLView (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Sob Software (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Sob Software (Trojan.Downloader) -> No action taken.

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Infikované priečinky:
c:\RECYCLER\s-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> No action taken.

Infikované súbory:
c:\Program Files\Autodesk VIZ 4\Brazil\licensing\sfmgr\sfmgr.exe (Trojan.Downloader) -> No action taken.
c:\winhost.exe (Malware.Packer.Krunchy) -> No action taken.
c:\program files\common files\microsoft shared\HTMLView\htmlview.exe (Worm.AutoIT) -> No action taken.
c:\program files\common files\microsoft shared\HTMLView\sobsoftex.dll (Worm.AutoIT) -> No action taken.
c:\program files\common files\microsoft shared\log.txt (Stolen.data) -> No action taken.
c:\RECYCLER\s-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> No action taken.



RSIT
Logfile of random's system information tool 1.09 (written by random/random)
Run by zuzu at 2011-11-02 20:47:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (10%) free of 78 GB
Total RAM: 1535 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:48:05, on 2.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\PROGRA~1\AUTODE~1\Brazil\Licensing\sfmgr\sfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
G:\OperaPortable 11.51\opera.exe
c:\Program Files\HijackThis\RSIT.exe
C:\zuzu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6431942B-D081-44B3-9B6E-4EDB6E568888}: NameServer = 195.146.128.60,195.146.132.59
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\PROGRA~1\AUTODE~1\Brazil\Licensing\sfmgr\sfmgr.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 9373 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PROGRA~1\PCTRAN~1\webie.dll [2004-05-13 319488]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-05 57344]
"pdfFactory Pro Dispatcher v2"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [2005-01-05 466944]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"VMware hqtray"=C:\Program Files\VMware\VMware Player\hqtray.exe [2010-05-20 64048]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-12-21 1483264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\PROGRA~1\Eraser\Eraser.exe [2010-04-10 979344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2006-11-10 1051648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-12-21 1483264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-10-07 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-05-28 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
C:\PROGRA~1\APC\APCPOW~1\Display.exe [2002-10-15 209016]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\@Last Software\SketchUp 5\SketchUp.exe"="C:\Program Files\@Last Software\SketchUp 5\SketchUp.exe:*:Enabled:SketchUp Application"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Autodesk VIZ 4\3dsviz.exe"="C:\Program Files\Autodesk VIZ 4\3dsviz.exe:*:Enabled:Autodesk VIZ"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Google\Google SketchUp 7\SketchUp.exe"="C:\Program Files\Google\Google SketchUp 7\SketchUp.exe:*:Enabled:SketchUp Application"
"J:\OperaPortable\opera10.exe"="J:\OperaPortable\opera10.exe:*:Enabled:Opera Internet Browser"
"C:\Documents and Settings\zuzu\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\zuzu\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"L:\OperaPortable\opera10.exe"="L:\OperaPortable\opera10.exe:*:Enabled:Opera Internet Browser"
"C:0\OperaPortable\opera10.exe"="C:0\OperaPortable\opera10.exe:*:Enabled:opera10.exe"
"C:\Program Files\VMware\VMware Player\vmware-authd.exe"="C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd"
"C:2\OperaPortable\opera10.exe"="C:2\OperaPortable\opera10.exe:*:Enabled:opera10.exe"
"D:\Jonatan\OperaPortable\opera10.exe"="D:\Jonatan\OperaPortable\opera10.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:3\OperaPortable\opera10.exe"="C:3\OperaPortable\opera10.exe:*:Enabled:opera10.exe"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"J:\OperaPortable 11.50\opera.exe"="J:\OperaPortable 11.50\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\VMware\VMware Player\vmware-authd.exe"="C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=L3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.DIV3"=DivXc32.dll
"vidc.DIV4"=DivXc32f.dll
"msacm.divxa32"=DivXa32.acm
"vidc.DIVX"=DivX.dll
"vidc.XVID"=xvidvfw.dll
"VIDC.HFYU"=huffyuv.dll
"vidc.ffds"=C:\Program Files\ffdshow\ffdshow.ax
"VIDC.YV12"=divx.dll
"VIDC.VMnc"=vmnc.dll

======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2011-11-02 20:46:48 ----A---- C:\zuzu.exe
2011-11-02 20:46:44 ----D---- C:\rsit
2011-11-02 20:28:44 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-11-02 20:23:17 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-11-02 20:23:17 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-11-02 20:23:14 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-11-02 20:23:13 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-11-02 20:23:13 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-11-02 20:23:11 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-11-02 20:23:11 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-11-02 20:23:11 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-11-02 20:22:57 ----A---- C:\WINDOWS\avastSS.scr
2011-11-02 20:22:56 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-11-02 20:22:47 ----D---- C:\Program Files\AVAST Software
2011-11-02 20:22:47 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2011-11-02 20:07:07 ----D---- C:\Documents and Settings\zuzu\Application Data\Malwarebytes
2011-11-02 20:06:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-11-02 20:06:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-11-02 20:06:52 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-10-21 11:10:16 ----D---- C:\Program Files\Common Files\Java
2011-10-21 11:10:02 ----A---- C:\WINDOWS\system32\javaws.exe
2011-10-21 11:10:02 ----A---- C:\WINDOWS\system32\javaw.exe
2011-10-21 11:10:02 ----A---- C:\WINDOWS\system32\java.exe
2011-10-20 17:05:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-20 16:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-20 16:58:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$

======List of files/folders modified in the last 1 month======

2011-11-02 20:47:58 ----D---- C:\WINDOWS\Prefetch
2011-11-02 20:47:38 ----D---- C:\Program Files\HijackThis
2011-11-02 20:42:02 ----A---- C:\WINDOWS\wincmd.ini
2011-11-02 20:38:38 ----D---- C:\WINDOWS\Temp
2011-11-02 20:28:44 ----D---- C:\WINDOWS\system32\drivers
2011-11-02 20:23:07 ----SHD---- C:\WINDOWS\Installer
2011-11-02 20:23:07 ----D---- C:\WINDOWS\WinSxS
2011-11-02 20:22:57 ----D---- C:\WINDOWS
2011-11-02 20:22:56 ----D---- C:\WINDOWS\system32
2011-11-02 20:22:47 ----D---- C:\Program Files
2011-11-02 20:21:28 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2011-11-02 20:19:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-02 20:04:25 ----D---- C:\Program Files\ESET
2011-11-01 21:54:46 ----A---- C:\WINDOWS\wdict32.INI
2011-11-01 20:19:44 ----D---- C:\Temp
2011-11-01 19:37:23 ----D---- C:\Program Files\JDownloader
2011-10-30 20:04:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-29 17:33:36 ----HD---- C:\WINDOWS\inf
2011-10-29 17:33:36 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-25 20:32:07 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-21 11:10:16 ----D---- C:\Program Files\Common Files
2011-10-21 11:09:59 ----D---- C:\Program Files\Java
2011-10-21 09:12:37 ----RSD---- C:\WINDOWS\assembly
2011-10-21 09:10:52 ----D---- C:\Program Files\Microsoft Silverlight
2011-10-21 09:10:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-10-20 16:59:11 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-20 16:59:06 ----A---- C:\WINDOWS\imsins.BAK
2011-10-20 16:58:52 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-20 16:58:36 ----D---- C:\Program Files\Internet Explorer
2011-10-12 21:45:43 ----D---- C:\Documents and Settings\zuzu\Application Data\Mozilla
2011-10-03 09:35:11 ----A---- C:\WINDOWS\system32\mshtml.dll
2011-10-03 04:06:03 ----A---- C:\WINDOWS\system32\deployJava1.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-05-16 46080]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-10-06 643072]
R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 9216]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-09-06 30808]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-09-06 34392]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-09-06 320856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-09-06 52568]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2006-11-10 31360]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2006-11-10 33792]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-09-06 20568]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-09-06 110552]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys []
R2 vmci;VMware vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2010-05-20 32688]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-07 404608]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-05 460864]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2007-10-06 223128]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2010-05-20 16560]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2006-11-10 102912]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-09-06 442200]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-07-30 18048]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-07-30 23040]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-07-30 8192]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-07-30 8192]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2002-10-15 155770]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2001-12-12 32256]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2006-11-10 859136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 sfmgr;CaReTaKeR-CT NetMgr 1.2.1; C:\PROGRA~1\AUTODE~1\Brazil\Licensing\sfmgr\sfmgr.exe [2004-02-11 171008]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2010-05-20 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2010-05-20 334384]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-05-20 539184]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2010-05-20 399920]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-08-06 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 InstallShield Licensing Service;InstallShield Licensing Service; C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe [2011-03-27 78536]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [2010-04-27 191024]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: kontrola logov z MBAM a RSIT, odstranenie havede z PC

Napsal: 02 lis 2011 21:14
od Rudy
Zdravím!
Smažte vše, co MBAM nalezl. Restartujte PC a dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: kontrola logov z MBAM a RSIT, odstranenie havede z PC

Napsal: 05 lis 2011 17:07
od 81051401
Dobry den, chvilku trvalo kym som sa k tomu PC dostal, dakujem za trpezlivost :)

ComboFix 11-11-05.02 - zuzu 05.11.2011 16:48:25.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1535.1068 [GMT 1:00]
Running from: c:\documents and settings\zuzu\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\zuzu\WINDOWS
c:\program files\Common Files\Microsoft Shared\HTMLView
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2011-10-05 to 2011-11-05 )))))))))))))))))))))))))))))))
.
.
2011-11-02 19:46 . 2011-01-26 19:45 388608 ----a-w- C:\zuzu.exe
2011-11-02 19:46 . 2011-11-02 19:47 -------- d-----w- C:\rsit
2011-11-02 19:23 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-02 19:23 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-02 19:23 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-02 19:23 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-02 19:23 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-02 19:23 . 2011-09-06 21:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-02 19:23 . 2011-09-06 21:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-02 19:23 . 2011-09-06 21:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-02 19:22 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-02 19:22 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-02 19:22 . 2011-11-02 19:22 -------- d-----w- c:\program files\AVAST Software
2011-11-02 19:22 . 2011-11-02 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-11-02 19:07 . 2011-11-02 19:07 -------- d-----w- c:\documents and settings\zuzu\Application Data\Malwarebytes
2011-11-02 19:06 . 2011-11-02 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-02 19:06 . 2011-11-02 19:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-02 19:06 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-21 10:10 . 2011-10-21 10:10 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 22:09 . 2011-07-14 19:37 3452 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-10-12 10:00 . 2011-05-19 19:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 03:06 . 2010-07-28 19:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2010-04-11 09:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 09:41 . 2008-07-29 17:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-08-23 13:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2001-08-23 13:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-03 22:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-03 21:17 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-28 18:48 . 2011-08-28 18:48 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-08-22 23:48 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-03 22:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 23:48 . 2004-08-03 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2004-08-03 20:59 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-03 21:14 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 57344]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-01-05 466944]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-05-20 64048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Akcelerátor spuštění AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
backup=c:\windows\pss\APC UPS Status.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-16 17:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-04-10 06:45 979344 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2006-11-10 14:19 1051648 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 09:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-07 15:44 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-05-28 09:14 528384 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\@Last Software\\SketchUp 5\\SketchUp.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Autodesk VIZ 4\\3dsviz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Google\\Google SketchUp 7\\SketchUp.exe"=
"c:\\Documents and Settings\\zuzu\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"l:\\OperaPortable\\opera10.exe"=
"C:0\\OperaPortable\\opera10.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"C:2\\OperaPortable\\opera10.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:3\\OperaPortable\\opera10.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.10.2007 18:14 643072]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2.11.2011 20:23 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.11.2011 20:23 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.11.2011 20:23 20568]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [20.5.2010 23:40 70704]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6431942B-D081-44B3-9B6E-4EDB6E568888}: NameServer = 195.146.128.60,195.146.132.59
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-HijackThis - c:\program files\HijackThis\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-05 16:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-11-05 17:04:02
ComboFix-quarantined-files.txt 2011-11-05 16:03
.
Pre-Run: 10 930 016 256 bytes free
Post-Run: 11 512 205 312 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 300A546B08DED0DEFEC929468641C17C

Re: kontrola logov z MBAM a RSIT, odstranenie havede z PC

Napsal: 05 lis 2011 18:18
od Rudy
Několik položek CF smazal, zbytek logu vypadá čistý.

Re: kontrola logov z MBAM a RSIT, odstranenie havede z PC

Napsal: 06 lis 2011 10:48
od 81051401
Vdaka :)

Re: kontrola logov z MBAM a RSIT, odstranenie havede z PC

Napsal: 06 lis 2011 11:13
od Rudy
Nemáte zač!
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz