VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

problem s virusom

https://forum.viry.cz:443/viewtopic.php?t=120383

Stránka 1 z 1

problem s virusom

Napsal: 14 bře 2012 14:54
od stava
zdravim vas,
mam problem s nejakym virusom, plocha je cierna a prazdna, subory su skryte, prosim o pomoc...

Logfile of random's system information tool 1.09 (written by random/random)
Run by Zuzanka at 2012-03-14 14:25:54
Microsoft Windows 7 Professional
System drive C: has 39 GB (51%) free of 76 GB
Total RAM: 2940 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:25:59, on 14. 3. 2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv9.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Windows\system32\wuauclt.exe
D:\QIP2005\QIP 2010\qip.exe
C:\Users\Zuzanka\Desktop\RSIT.exe
C:\Program Files\trend micro\Zuzanka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {75bd4519-50fa-4d79-b44f-f3c0a90592d1} - (no file)
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ironsource LTD Helper Object - {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\Program Files\Ironsource\searchya\1.5.13.0\bh\searchya.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SearchYa Toolbar - {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\Program Files\Ironsource\searchya\1.5.13.0\searchyaTlbr.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Orezávač obrazovky a spúšťač programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: ANSYS, Inc. License Manager - ANSYS, Inc. - C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: S7 HSP Service (s7hspsvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\s7bin\s7hspsvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 10404 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-934657844-2283313729-1472293146-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-934657844-2283313729-1472293146-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25927741-5E5B-4D27-8D8B-9188FE64373F}]
Ironsource LTD Helper Object - C:\Program Files\Ironsource\searchya\1.5.13.0\bh\searchya.dll [2012-02-14 261632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll [2011-08-14 270960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll [2011-09-05 265944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-09-21 3853984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\prxtbuTo0.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-14 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-08-24 1299248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\prxtbuTo0.dll [2011-05-09 176936]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll [2011-08-14 237680]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll [2011-09-05 220888]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-08-24 1299248]
{33AA308B-B565-4376-AC66-59EE9B6AD13E} - SearchYa Toolbar - C:\Program Files\Ironsource\searchya\1.5.13.0\searchyaTlbr.dll [2012-02-14 270336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-03-31 2221352]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080]
"facemoods"=C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe [2011-09-05 362200]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-02-22 500208]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2011-08-01 114992]
"S7UB Start"=C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe [2010-06-03 102453]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-05 1305408]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2011-06-16 1500160]

C:\Users\Zuzanka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-02-11 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\scrabble\ScrabblePCR.exe"="D:\scrabble\ScrabblePCR.exe:*:Enabled:ScrabblePCR"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"D:\scrabble\ScrabblePCR.exe"="D:\scrabble\ScrabblePCR.exe:*:Enabled:ScrabblePCR"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\configmaster.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\quickstart.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.VMnc"=vmnc.dll
"vidc.XVID"=xvidvfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-03-14 14:25:54 ----D---- C:\rsit
2012-03-14 14:25:54 ----D---- C:\Program Files\trend micro
2012-03-13 22:45:19 ----A---- C:\Windows\isRS-000.tmp
2012-03-13 22:41:51 ----D---- C:\Program Files\PC Tools Security
2012-03-13 19:56:32 ----D---- C:\Program Files\PC Tools
2012-03-13 19:55:32 ----A---- C:\Windows\system32\drivers\Cat.DB
2012-03-13 19:55:23 ----A---- C:\Windows\system32\drivers\PCTSD.sys
2012-03-13 19:55:20 ----D---- C:\Program Files\Common Files\PC Tools
2012-03-13 19:55:04 ----AD---- C:\ProgramData\TEMP
2012-03-13 19:55:02 ----D---- C:\ProgramData\PC Tools
2012-03-13 19:55:01 ----D---- C:\Users\Zuzanka\AppData\Roaming\TestApp
2012-03-06 22:33:16 ----D---- C:\ProgramData\IsolatedStorage
2012-03-03 21:20:42 ----D---- C:\ProgramData\FNP
2012-03-03 21:19:37 ----A---- C:\license.txt
2012-03-03 21:14:04 ----D---- C:\Program Files\ANSYS Inc
2012-03-03 18:03:20 ----HD---- C:\Users\Zuzanka\AppData\Roaming\Ansys
2012-03-03 03:02:39 ----A---- C:\Windows\system32\wininet.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\wextract.exe
2012-03-03 03:02:39 ----A---- C:\Windows\system32\webcheck.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\vbscript.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\urlmon.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\url.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2012-03-03 03:02:39 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2012-03-03 03:02:39 ----A---- C:\Windows\system32\pngfilt.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\occache.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\msrating.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\msls31.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\mshtmler.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\mshtmled.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\mshtml.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\mshta.exe
2012-03-03 03:02:39 ----A---- C:\Windows\system32\msfeedssync.exe
2012-03-03 03:02:39 ----A---- C:\Windows\system32\msfeedsbs.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\msfeeds.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\licmgr10.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\jsproxy.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\jscript9.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\jscript.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\inseng.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\imgutil.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\iexpress.exe
2012-03-03 03:02:39 ----A---- C:\Windows\system32\ieUnatt.exe
2012-03-03 03:02:39 ----A---- C:\Windows\system32\ieui.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\iesysprep.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\iesetup.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\iertutil.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\iernonce.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\iepeers.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\ieframe.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\iedkcs32.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\ieapfltr.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\ieapfltr.dat
2012-03-03 03:02:39 ----A---- C:\Windows\system32\ieakui.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\ieaksie.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\ieakeng.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\IEAdvpack.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\ie4uinit.exe
2012-03-03 03:02:39 ----A---- C:\Windows\system32\icardie.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\dxtrans.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\dxtmsft.dll
2012-03-03 03:02:39 ----A---- C:\Windows\system32\admparse.dll
2012-03-02 21:33:28 ----HD---- C:\Users\Zuzanka\AppData\Roaming\e-academy Inc
2012-02-29 10:14:57 ----D---- C:\Windows\system32\5PUPSPPPPPfmis
2012-02-29 10:14:57 ----D---- C:\Windows\5PUPSPPPPPfmis
2012-02-29 00:33:23 ----A---- C:\user.js
2012-02-29 00:33:21 ----D---- C:\Program Files\Ironsource
2012-02-28 20:20:36 ----D---- C:\Windows\system32\5PUPRPPPPPfmis
2012-02-28 20:20:36 ----D---- C:\Windows\5PUPRPPPPPfmis
2012-02-28 03:00:50 ----D---- C:\Program Files\MSXML 4.0
2012-02-26 17:52:16 ----SHD---- C:\AX NF ZZ
2012-02-26 17:52:16 ----D---- C:\Windows\system32\5PUPQPPPPPfmis
2012-02-26 17:52:16 ----D---- C:\Windows\5PUPQPPPPPfmis
2012-02-26 17:45:38 ----D---- C:\Program Files\Common Files\PKWARE
2012-02-26 17:45:37 ----D---- C:\Program Files\PKWARE
2012-02-26 16:47:15 ----D---- C:\Program Files\Siemens
2012-02-26 16:47:15 ----D---- C:\Program Files\Common Files\Siemens
2012-02-26 16:40:24 ----A---- C:\Windows\ISScript_aux_log.txt
2012-02-26 16:40:20 ----D---- C:\Windows\TempRASETUP
2012-02-26 16:35:27 ----D---- C:\ProgramData\Siemens
2012-02-22 13:57:34 ----D---- C:\ProgramData\SweetIM
2012-02-22 13:57:34 ----D---- C:\Program Files\SweetIM
2012-02-16 08:52:17 ----A---- C:\Windows\system32\shell32.dll
2012-02-16 08:52:16 ----A---- C:\Windows\system32\ntshrui.dll
2012-02-16 08:51:37 ----A---- C:\Windows\system32\msvcrt.dll
2012-02-16 08:51:36 ----A---- C:\Windows\system32\win32k.sys

======List of files/folders modified in the last 1 month======

2012-03-14 14:25:54 ----RD---- C:\Program Files
2012-03-14 14:25:54 ----D---- C:\Windows\Temp
2012-03-14 13:41:18 ----HD---- C:\ProgramData
2012-03-14 13:41:18 ----D---- C:\Windows\Tasks
2012-03-14 13:41:18 ----D---- C:\Windows\system32\Tasks
2012-03-14 13:37:59 ----D---- C:\Windows\system32\config
2012-03-14 13:26:08 ----D---- C:\Windows\system32\catroot2
2012-03-14 13:26:08 ----D---- C:\Windows\system32\catroot
2012-03-14 13:24:22 ----D---- C:\Windows
2012-03-14 13:22:53 ----D---- C:\ProgramData\VMware
2012-03-14 13:22:36 ----SHD---- C:\System Volume Information
2012-03-14 13:21:07 ----D---- C:\Windows\winsxs
2012-03-14 13:20:47 ----D---- C:\Windows\system32\drivers
2012-03-13 22:41:57 ----SHD---- C:\Windows\Installer
2012-03-13 19:55:20 ----D---- C:\Program Files\Common Files
2012-03-13 19:29:46 ----D---- C:\Windows\System32
2012-03-13 19:29:45 ----D---- C:\Windows\inf
2012-03-13 19:29:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-13 18:36:09 ----HD---- C:\Users\Zuzanka\AppData\Roaming\uTorrent
2012-03-12 23:20:26 ----D---- C:\Program Files\Common Files\Adobe
2012-03-07 14:42:41 ----D---- C:\Windows\system32\FxsTmp
2012-03-07 14:38:24 ----HD---- C:\Users\Zuzanka\AppData\Roaming\VMware
2012-03-05 10:06:39 ----RSD---- C:\Windows\assembly
2012-03-05 10:06:39 ----D---- C:\Windows\Microsoft.NET
2012-03-03 21:15:21 ----D---- C:\Windows\Prefetch
2012-03-03 09:54:58 ----D---- C:\Program Files\uTorrent
2012-03-03 03:57:57 ----D---- C:\Windows\rescache
2012-03-03 03:20:32 ----D---- C:\Program Files\WinRAR
2012-03-03 03:18:53 ----D---- C:\Windows\system32\migration
2012-03-03 03:18:53 ----D---- C:\Windows\system32\en-US
2012-03-03 03:18:53 ----D---- C:\Windows\PolicyDefinitions
2012-03-03 03:18:53 ----D---- C:\Program Files\Internet Explorer
2012-03-03 03:03:01 ----D---- C:\Windows\Logs
2012-03-02 22:00:18 ----SD---- C:\Users\Zuzanka\AppData\Roaming\Microsoft
2012-03-02 22:00:18 ----D---- C:\Windows\system32\appmgmt
2012-03-02 17:55:04 ----D---- C:\Windows\system32\NDF
2012-02-29 00:33:18 ----D---- C:\Program Files\Mozilla Firefox
2012-02-26 17:49:58 ----D---- C:\Windows\Setup
2012-02-26 16:53:21 ----D---- C:\Windows\system32\DriverStore
2012-02-26 16:40:44 ----D---- C:\Program Files\Common Files\InstallShield
2012-02-26 16:40:05 ----D---- C:\Windows\security
2012-02-23 16:19:46 ----D---- C:\Program Files\uTorrentBar
2012-02-23 16:18:30 ----D---- C:\Program Files\Opera
2012-02-23 16:07:37 ----D---- C:\Program Files\Alldj_MPEG_Rebuilder
2012-02-23 16:05:23 ----D---- C:\Program Files\Adobe
2012-02-23 09:18:36 ----N---- C:\Windows\system32\MpSigStub.exe
2012-02-17 03:28:32 ----HD---- C:\Users\Zuzanka\AppData\Roaming\Skype
2012-02-17 03:10:50 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-02-15 721904]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 dpmconv;SIMATIC NET DP Driver; C:\Windows\system32\DRIVERS\dpmconv32.sys [2010-04-28 288256]
R1 DPMTRCDD;SIMATIC NET Softnet Trace Driver; C:\Windows\system32\DRIVERS\DPMTRCDD32.sys [2010-03-22 72248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-18 218176]
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
R1 vsnl2ada;SIMATIC NET FDL Driver; C:\Windows\system32\DRIVERS\vsnl2ada32.sys [2010-03-22 98944]
R1 VWiFiFlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2011-03-25 32368]
R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP); C:\Windows\system32\DRIVERS\s7opcsrtx.sys [2010-06-07 31744]
R2 S7otranx32;SIMATIC Transport; C:\Windows\System32\Drivers\S7otranx32.sys [2010-03-18 521216]
R2 s7snsrtx;PROFINET IO RT-Protocol V1.0; C:\Windows\system32\DRIVERS\s7snsrtx.sys [2009-02-24 73088]
R2 SNTIE;SIMATIC Industrial Ethernet (ISO); C:\Windows\system32\DRIVERS\sntie.sys [2010-01-24 336128]
R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2011-03-25 70768]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2011-03-25 36400]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2011-03-25 26352]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2011-03-25 854256]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2010-08-19 22448]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-02-11 9036800]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
R3 S7odpx2x32;SIMATIC Knotentaufe; C:\Windows\System32\Drivers\S7odpx2x32.sys [2010-03-18 87552]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-03-31 1335472]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2011-09-22 10064]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2011-03-25 24688]
S0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys []
S0 TfFsMon;TfFsMon; C:\Windows\system32\drivers\TfFsMon.sys []
S0 TFSysMon;TfSysMon; C:\Windows\system32\drivers\TfSysMon.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner; C:\Windows\system32\drivers\AVerFx2hbtv.sys [2009-12-08 437888]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 PCTBD;PC Tools Browser Defender Driver; C:\Windows\System32\Drivers\PCTBD.sys []
S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2004-04-01 10368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2011-03-25 16560]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2011-03-25 31280]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S3 WINUSB;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 almservice;Automation License Manager Service; C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe [2010-05-06 1102848]
R2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe [2010-09-20 3326976]
R2 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-10-30 348160]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-12-07 397312]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 s7hspsvx;S7 HSP Service; C:\Program Files\Siemens\Step7\s7bin\s7hspsvx.exe [2010-06-02 61493]
R2 s7oiehsx;SIMATIC IEPG Help Service; C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [2010-06-07 1576072]
R2 S7TraceServiceX;S7TraceServiceX; C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [2010-06-07 240776]
R2 ScrybeUpdater;Scrybe Updater; C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2011-10-20 1479488]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2011-03-25 113264]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2011-03-25 334448]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2011-03-25 404080]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2010-08-19 191024]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-17 1343400]
S4 AVerUpdateServer;AVerUpdateServer; C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2011-01-06 168448]
S4 SnugTV Service;SnugTV Service; C:\Program Files\SnugTV\SnugTV Station\AMAServer.exe [2011-01-05 570880]

-----------------EOF-----------------

Re: problem s virusom

Napsal: 14 bře 2012 18:33
od Rudy
Také zdravím!
Poprosím o log ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: problem s virusom

Napsal: 14 bře 2012 19:47
od stava
ComboFix 12-03-14.01 - Zuzanka . 03. 2012 19:16:03.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.421.1033.18.2940.1885 [GMT 1:00]
Running from: c:\users\Zuzanka\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\program files\facemoods.com\sqlite3.dll
c:\program files\Ironsource\searchya\1.5.13.0\bh\seARchya.dll
c:\program files\Ironsource\searchya\1.5.13.0\seARchyatlbr.dll
c:\programdata\~ZmLb4J1Bbu22Sn
c:\programdata\~ZmLb4J1Bbu22Snr
c:\programdata\ZmLb4J1Bbu22Sn
c:\windows\isRS-000.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SET1D9E.tmp
c:\windows\system32\SET22DE.tmp
c:\windows\system32\SET53A0.tmp
c:\windows\system32\SET544C.tmp
c:\windows\system32\SET5518.tmp
c:\windows\system32\SET55E4.tmp
c:\windows\system32\SET831F.tmp
c:\windows\system32\SET8439.tmp
c:\windows\system32\SET8553.tmp
c:\windows\system32\SET868C.tmp
c:\windows\system32\SET9875.tmp
c:\windows\system32\SET9FCA.tmp
c:\windows\system32\SETA0F4.tmp
c:\windows\system32\SETA6C1.tmp
c:\windows\system32\SETB298.tmp
c:\windows\system32\SETB46F.tmp
c:\windows\system32\SETB547.tmp
c:\windows\system32\SETB644.tmp
c:\windows\system32\SETB7AC.tmp
c:\windows\system32\SETB874.tmp
c:\windows\system32\SETB914.tmp
c:\windows\system32\SETB9DC.tmp
c:\windows\system32\SETE72F.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-14 to 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-14 18:22 . 2012-03-14 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-14 13:25 . 2012-03-14 13:26 -------- d-----w- C:\rsit
2012-03-14 13:25 . 2012-03-14 13:25 -------- d-----w- c:\program files\trend micro
2012-03-14 12:26 . 2012-03-14 12:26 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{89E2393D-13EC-4F80-9D3D-B34F3A25DF68}\offreg.dll
2012-03-13 21:41 . 2012-03-14 12:22 -------- d-----w- c:\program files\PC Tools Security
2012-03-13 18:56 . 2012-03-13 18:56 -------- d-----w- c:\program files\PC Tools
2012-03-13 18:55 . 2012-02-24 09:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-13 18:55 . 2012-03-14 12:22 -------- d-----w- c:\program files\Common Files\PC Tools
2012-03-13 18:55 . 2012-03-14 12:20 -------- d-----w- c:\programdata\PC Tools
2012-03-13 18:55 . 2012-03-13 18:55 -------- d-----w- c:\users\Zuzanka\AppData\Roaming\TestApp
2012-03-13 09:33 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{89E2393D-13EC-4F80-9D3D-B34F3A25DF68}\mpengine.dll
2012-03-06 21:33 . 2012-03-06 21:33 -------- d--h--w- c:\users\Zuzanka\AppData\Local\ProjectDirectory
2012-03-06 21:33 . 2012-03-06 21:33 -------- d-----w- c:\programdata\IsolatedStorage
2012-03-03 20:20 . 2012-03-03 20:20 -------- d-----w- c:\programdata\FNP
2012-03-03 20:14 . 2012-03-03 20:21 -------- d-----w- c:\program files\ANSYS Inc
2012-03-03 17:03 . 2012-03-06 21:09 -------- d--h--w- c:\users\Zuzanka\AppData\Roaming\Ansys
2012-03-02 20:59 . 2012-03-02 20:59 -------- d--h--w- c:\users\Zuzanka\AppData\Local\abc
2012-03-02 20:33 . 2012-03-02 20:33 -------- d--h--w- c:\users\Zuzanka\AppData\Roaming\e-academy Inc
2012-02-29 09:14 . 2012-02-29 09:14 -------- d-----w- c:\windows\system32\5PUPSPPPPPfmis
2012-02-29 09:14 . 2012-02-29 09:14 -------- d-----w- c:\windows\5PUPSPPPPPfmis
2012-02-28 23:33 . 2012-02-28 23:33 58 ----a-w- C:\user.js
2012-02-28 23:33 . 2012-02-28 23:33 -------- d-----w- c:\program files\Ironsource
2012-02-28 19:20 . 2012-02-28 19:20 -------- d-----w- c:\windows\system32\5PUPRPPPPPfmis
2012-02-28 19:20 . 2012-02-28 19:20 -------- d-----w- c:\windows\5PUPRPPPPPfmis
2012-02-28 02:00 . 2012-02-28 02:00 -------- d-----w- c:\program files\MSXML 4.0
2012-02-26 16:52 . 2012-02-29 09:14 -------- d-----w- C:\AX NF ZZ
2012-02-26 16:52 . 2012-02-26 16:52 -------- d-----w- c:\windows\system32\5PUPQPPPPPfmis
2012-02-26 16:52 . 2012-02-26 16:52 -------- d-----w- c:\windows\5PUPQPPPPPfmis
2012-02-26 16:45 . 2012-02-26 16:45 -------- d-----w- c:\program files\Common Files\PKWARE
2012-02-26 16:45 . 2012-02-26 16:45 -------- d-----w- c:\program files\PKWARE
2012-02-26 15:47 . 2012-02-26 16:49 -------- d-----w- c:\program files\Common Files\Siemens
2012-02-26 15:47 . 2012-02-26 16:44 -------- d-----w- c:\program files\Siemens
2012-02-26 15:40 . 2012-02-26 16:02 -------- d-----w- c:\windows\TempRASETUP
2012-02-26 15:35 . 2012-02-26 16:44 -------- d-----w- c:\programdata\Siemens
2012-02-22 12:57 . 2012-02-22 12:57 -------- d-----w- c:\program files\SweetIM
2012-02-22 12:57 . 2012-02-22 12:57 -------- d-----w- c:\programdata\SweetIM
2012-02-22 12:56 . 2012-03-03 08:51 -------- d--h--w- c:\users\Zuzanka\AppData\Local\MediaGet2
2012-02-16 07:52 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 07:52 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 07:51 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 07:51 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2011-02-15 19:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-12 16:12 . 2011-06-24 18:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-25 16:03 . 2011-09-25 16:03 774144 ----a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 17:21 1299248 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"S7UB Start"="c:\program files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" [2010-06-03 102453]
.
c:\users\Zuzanka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Zuzanka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe"
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [2009-12-08 437888]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-17 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R4 AVerUpdateServer;AVerUpdateServer;c:\program files\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2011-01-06 168448]
R4 SnugTV Service;SnugTV Service;c:\program files\SnugTV\SnugTV Station\AMAServer.exe [2011-01-05 570880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-15 721904]
S1 dpmconv;SIMATIC NET DP Driver;c:\windows\system32\DRIVERS\dpmconv32.sys [2010-04-28 288256]
S1 DPMTRCDD;SIMATIC NET Softnet Trace Driver;c:\windows\system32\DRIVERS\DPMTRCDD32.sys [2010-03-22 72248]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-18 218176]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
S1 vsnl2ada;SIMATIC NET FDL Driver;c:\windows\system32\DRIVERS\vsnl2ada32.sys [2010-03-22 98944]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 almservice;Automation License Manager Service;c:\program files\Common Files\Siemens\sws\almsrv\almsrvx.exe [2010-05-06 1102848]
S2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager;c:\program files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe [2010-09-20 3326976]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-10-30 348160]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-12-07 397312]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
S2 s7hspsvx;S7 HSP Service;c:\program files\Siemens\Step7\s7bin\s7hspsvx.exe [2010-06-02 61493]
S2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [2010-06-07 1576072]
S2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\DRIVERS\s7opcsrtx.sys [2010-06-07 31744]
S2 S7otranx32;SIMATIC Transport;c:\windows\system32\Drivers\S7otranx32.sys [2010-03-18 521216]
S2 s7snsrtx;PROFINET IO RT-Protocol V1.0;c:\windows\system32\DRIVERS\s7snsrtx.sys [2009-02-24 73088]
S2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [2010-06-07 240776]
S2 ScrybeUpdater;Scrybe Updater;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2011-10-20 1479488]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2011-03-25 70768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 S7odpx2x32;SIMATIC Knotentaufe;c:\windows\system32\Drivers\S7odpx2x32.sys [2010-03-18 87552]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2011-09-22 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-934657844-2283313729-1472293146-1000Core.job
- c:\users\Zuzanka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 19:20]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-934657844-2283313729-1472293146-1000UA.job
- c:\users\Zuzanka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://home.sweetim.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 147.175.167.251 147.175.189.200
TCP: Interfaces\{2D6F10E4-5DB5-4736-8349-944C8C9DD502}: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2D6F10E4-5DB5-4736-8349-944C8C9DD502}\A557A716E6162436: DhcpNameServer = 192.168.137.1
TCP: Interfaces\{2D6F10E4-5DB5-4736-8349-944C8C9DD502}\A757A757A757A757: DhcpNameServer = 192.168.137.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{75bd4519-50fa-4d79-b44f-f3c0a90592d1} - (no file)
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{75BD4519-50FA-4D79-B44F-F3C0A90592D1} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-934657844-2283313729-1472293146-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**_Ú{ĽĐz]
"LP_LastUpdateTime"="1330728213"
"LP_LastCheckTime"=dword:4f514d1e
"LP_ReloadIntervalInHours"=dword:000002a0
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-14 19:31:10
ComboFix-quarantined-files.txt 2012-03-14 18:31
.
Pre-Run: 43 077 799 936 bytes free
Post-Run: 42 521 456 640 bytes free
.
- - End Of File - - 511EA617B791BFF13DDA7EFD2D38A746

Re: problem s virusom

Napsal: 14 bře 2012 20:30
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Folder::
c:\windows\system32\5PUPSPPPPPfmis
c:\windows\5PUPRPPPPPfmis
c:\windows\system32\5PUPRPPPPPfmis
c:\windows\5PUPRPPPPPfmis
c:\windows\system32\5PUPQPPPPPfmis
c:\windows\5PUPQPPPPPfmis
c:\program files\SweetIM
c:\programdata\SweetIM
c:\program files\uTorrentBar
c:\users\Zuzanka\AppData\Local\Google\Update

Collect::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-934657844-2283313729-1472293146-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-934657844-2283313729-1472293146-1000UA.job

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-

RegLock::
[HKEY_USERS\S-1-5-21-934657844-2283313729-1472293146-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**_Ú{ĽĐz]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: problem s virusom

Napsal: 14 bře 2012 21:01
od stava
no vyzera to uz lepsie, dakujem velmo pekne :|

Re: problem s virusom

Napsal: 14 bře 2012 21:03
od Rudy
Nemáte zač!
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz