Nejde mi Facebook

Zpráva

Kn1gu4 · #1 Příspěvek od **Kn1gu4** » 10 čer 2012 14:26

Už asi týždeň mi nejde FB , niekedy ho načíta ale aj to len fb wall a potom keď si chcem otvoriť nejaký profil znova mi napíše, že spojenie vypršalo
Pridávam log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Roman at 2012-06-10 15:23:24
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 660 GB (69%) free of 954 GB
Total RAM: 3326 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:23:54, on 10. 6. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Roman\Downloads\RSIT.exe
C:\Program Files\trend micro\Roman.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ToolboxFX] "C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe "HP LaserJet Professional CM1410 Series Fax"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 9462 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\Driver Robot.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\dqmr1v5v.default

prefs.js - "browser.startup.homepage" - "http://www.facebook.com/"

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72]
"Description"=15.0.2.72
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
np32dsw.dll
npdeployJava1.dll
nppdf32.dll
nppl3260.dll
nppl3260.xpt
nprjplug.dll
nprpjplug.dll
nsjsrealplayerplugin.xpt
ShockwavePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\dqmr1v5v.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{f999a48b-1950-4d81-9971-79018f807b4b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-04-07 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-22 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-22 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-09-15 7739936]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-04-27 336384]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-02-01 446392]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"TkBellExe"=C:\Program Files\Real\RealPlayer\Update\realsched.exe [2012-04-07 296056]
"AdobeCS6ServiceManager"=C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-02-22 1073312]
"ToolboxFX"=C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe [2010-10-25 58936]
"HP LaserJet Professional CM1410 Series Fax"=C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [2010-08-24 2459192]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-05-02 348624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"Google Update"=C:\Users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-11 136176]
"AdobeBridge"= []
"Sony PC Companion"=C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [2012-04-12 445624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-05-02 348624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX585 Series]
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE /FU C:\Windows\TEMP\E_SB784.tmp /EF HKCU []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.divx"=divx.dll
"vidc.yv12"=divx.dll
"vidc.ffds"=ff_vfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.divxa32"=DivXa32.acm
"msacm.lameacm"=LameACM.acm
"VIDC.FPS1"=frapsvid.dll
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-06-10 15:23:24 ----D---- C:\rsit
2012-06-10 15:23:24 ----D---- C:\Program Files\trend micro
2012-06-10 14:16:22 ----D---- C:\Users\Roman\AppData\Roaming\Avira
2012-06-10 14:14:07 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2012-06-10 14:14:06 ----D---- C:\Program Files\Avira
2012-06-10 14:14:06 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2012-06-10 14:14:06 ----A---- C:\Windows\system32\drivers\avipbb.sys
2012-06-10 14:14:06 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2012-06-10 13:54:15 ----A---- C:\Windows\system32\RTNUninst32.dll
2012-06-10 13:54:15 ----A---- C:\Windows\system32\RtNicProp32.dll
2012-06-04 16:12:09 ----D---- C:\Program Files\Hewlett-Packard
2012-06-04 16:12:04 ----D---- C:\Users\Roman\AppData\Roaming\HpUpdate
2012-06-04 16:11:49 ----N---- C:\Windows\system32\hppfaxprintermonui5.dll
2012-06-04 16:11:49 ----N---- C:\Windows\system32\hppfaxprintermon5.dll
2012-06-04 16:11:48 ----ASH---- C:\Windows\system32\winzvprt5.sys
2012-06-04 16:11:48 ----A---- C:\Windows\system32\hppfaxprinter5.ini
2012-06-04 16:11:36 ----D---- C:\Users\Roman\AppData\Roaming\Hewlett-Packard Company
2012-06-04 16:06:53 ----D---- C:\ProgramData\Hewlett-Packard
2012-06-04 16:06:49 ----D---- C:\ProgramData\HP
2012-06-04 16:04:15 ----A---- C:\Windows\system32\hppccompio.dll
2012-06-04 16:04:14 ----A---- C:\Windows\system32\hpcpn103.dll
2012-05-30 20:54:25 ----HD---- C:\Windows\AxInstSV
2012-05-20 12:20:22 ----D---- C:\Program Files\Common Files\SWF Studio
2012-05-20 12:20:20 ----SHD---- C:\Users\Roman\AppData\Roaming\.#
2012-05-20 12:05:35 ----D---- C:\Program Files\HP
2012-05-20 12:03:53 ----A---- C:\Windows\system32\drivers\hppcgenio.sys
2012-05-20 12:03:53 ----A---- C:\Windows\system32\drivers\hppcfaxio.sys
2012-05-20 12:03:45 ----A---- C:\Windows\system32\hpxp1410.dll
2012-05-20 12:03:45 ----A---- C:\Windows\system32\hpptsp08.dll
2012-05-20 12:03:45 ----A---- C:\Windows\system32\hppscancoins32.dll
2012-05-20 12:03:45 ----A---- C:\Windows\system32\hppcfaxcompio.dll
2012-05-20 12:03:45 ----A---- C:\Windows\system32\hpmldmfax01.dll
2012-05-20 12:03:44 ----A---- C:\Windows\system32\hpbcoins32.dll
2012-05-20 12:03:18 ----D---- C:\CM1410_MFP_Series_Basic_Solution

======List of files/folders modified in the last 1 month======

2012-06-10 15:23:28 ----D---- C:\Windows\Temp
2012-06-10 15:23:24 ----RD---- C:\Program Files
2012-06-10 15:20:17 ----SHD---- C:\System Volume Information
2012-06-10 14:21:19 ----D---- C:\Windows\system32\config
2012-06-10 14:14:14 ----D---- C:\Windows\system32\catroot
2012-06-10 14:14:07 ----D---- C:\Windows\system32\drivers
2012-06-10 14:09:07 ----D---- C:\Windows\system32\NDF
2012-06-10 14:08:15 ----D---- C:\Windows
2012-06-10 14:07:31 ----D---- C:\Windows\System32
2012-06-10 14:06:51 ----SHD---- C:\Windows\Installer
2012-06-10 14:06:18 ----HD---- C:\ProgramData
2012-06-10 14:05:29 ----D---- C:\Windows\system32\DriverStore
2012-06-10 14:05:29 ----D---- C:\Windows\inf
2012-06-10 14:03:24 ----D---- C:\Program Files\Share Rapid Uploader
2012-06-10 14:02:33 ----D---- C:\ProgramData\EPSON
2012-06-10 14:00:46 ----D---- C:\Program Files\Common Files\Common Share
2012-06-10 14:00:11 ----D---- C:\Windows\system32\Tasks
2012-06-10 13:54:57 ----D---- C:\Windows\Prefetch
2012-06-10 13:54:12 ----D---- C:\Program Files\Realtek
2012-06-10 13:54:05 ----HD---- C:\Program Files\InstallShield Installation Information
2012-06-10 13:12:56 ----D---- C:\Windows\Logs
2012-06-10 13:12:56 ----D---- C:\Windows\debug
2012-06-10 13:12:21 ----D---- C:\Program Files\CCleaner
2012-06-09 21:33:25 ----D---- C:\Windows\system32\catroot2
2012-06-08 12:25:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-04 16:11:35 ----D---- C:\Windows\twain_32
2012-06-02 15:46:47 ----D---- C:\ProgramData\Real
2012-06-02 15:46:43 ----D---- C:\Users\Roman\AppData\Roaming\Real
2012-05-26 14:35:01 ----D---- C:\Users\Roman\AppData\Roaming\Skype
2012-05-20 12:20:22 ----D---- C:\Program Files\Common Files
2012-05-19 11:12:11 ----RSD---- C:\Windows\Fonts
2012-05-15 16:38:51 ----D---- C:\Users\Roman\AppData\Roaming\gtk-2.0
2012-05-14 21:01:20 ----D---- C:\Program Files\EA Sports

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 14392]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2011-03-18 25240]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2012-04-27 137928]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-17 239168]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2012-04-25 83392]
R3 amdiox86;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-04-27 7770624]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-04-27 242176]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-09-15 2772192]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-05-16 391272]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]
S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AODDriver4.0;AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-09-30 104976]
S3 AVFSFilter;AVFSFilter; C:\Windows\system32\DRIVERS\avfsfilter.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-09-27 25280]
S3 HPFXBULKLEDM;HPFXBULKLEDM; C:\Windows\system32\drivers\hppcbulkio.sys [2010-10-03 20504]
S3 HPFXFAX;HPFXFAX; C:\Windows\system32\drivers\hppcfaxio.sys [2010-12-08 21528]
S3 ManyCam;ManyCam Virtual Webcam; C:\Windows\system32\DRIVERS\mcvidrv.sys [2012-01-11 32000]
S3 mcaudrv_simple;ManyCam Virtual Microphone; C:\Windows\system32\drivers\mcaudrv.sys [2012-02-22 22400]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2009-06-24 159776]
S3 s1029bus;Sony Ericsson Device 1029 driver (WDM); C:\Windows\system32\DRIVERS\s1029bus.sys [2009-05-25 90280]
S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1029mdfl.sys [2009-05-25 15016]
S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1029mdm.sys [2009-05-25 122280]
S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1029mgmt.sys [2009-05-25 115880]
S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1029nd5.sys [2009-05-25 26024]
S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1029obex.sys [2009-05-25 111912]
S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1029unic.sys [2009-05-25 116904]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S3 XDva391;XDva391; \??\C:\Windows\system32\XDva391.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-04-27 176128]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-27 294400]
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-05-02 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
R2 HP LaserJet Service;HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-11-05 66872]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-25 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 10 čer 2012 16:59

Nejprve odinstalujte cracklé Office. Toto fórum nepodporuje pirátský software.

Kn1gu4 · #3 Příspěvek od **Kn1gu4** » 10 čer 2012 17:48

No mám, tak ?

#4 Příspěvek od **Rudy** » 10 čer 2012 18:24

Dejte nový log RSIT.

Kn1gu4 · #5 Příspěvek od **Kn1gu4** » 10 čer 2012 19:00

Logfile of random's system information tool 1.09 (written by random/random)
Run by Roman at 2012-06-10 19:58:31
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 663 GB (70%) free of 954 GB
Total RAM: 3326 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:59:10, on 10. 6. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Roman\Downloads\RSIT.exe
C:\Program Files\trend micro\Roman.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ToolboxFX] "C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe "HP LaserJet Professional CM1410 Series Fax"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8324 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\Driver Robot.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\dqmr1v5v.default

prefs.js - "browser.startup.homepage" - "http://www.facebook.com/"

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72]
"Description"=15.0.2.72
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
np32dsw.dll
npdeployJava1.dll
nppdf32.dll
nppl3260.dll
nppl3260.xpt
nprjplug.dll
nprpjplug.dll
nsjsrealplayerplugin.xpt
ShockwavePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\dqmr1v5v.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{f999a48b-1950-4d81-9971-79018f807b4b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-04-07 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-22 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-22 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-09-15 7739936]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-04-27 336384]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-02-01 446392]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"TkBellExe"=C:\Program Files\Real\RealPlayer\Update\realsched.exe [2012-04-07 296056]
"AdobeCS6ServiceManager"=C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-02-22 1073312]
"ToolboxFX"=C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe [2010-10-25 58936]
"HP LaserJet Professional CM1410 Series Fax"=C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [2010-08-24 2459192]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-05-02 348624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"Google Update"=C:\Users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-11 136176]
"AdobeBridge"= []
"Sony PC Companion"=C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [2012-04-12 445624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-05-02 348624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX585 Series]
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE /FU C:\Windows\TEMP\E_SB784.tmp /EF HKCU []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.divx"=divx.dll
"vidc.yv12"=divx.dll
"vidc.ffds"=ff_vfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.divxa32"=DivXa32.acm
"msacm.lameacm"=LameACM.acm
"VIDC.FPS1"=frapsvid.dll
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-06-10 19:53:16 ----SHD---- C:\Config.Msi
2012-06-10 15:23:24 ----D---- C:\rsit
2012-06-10 15:23:24 ----D---- C:\Program Files\trend micro
2012-06-10 14:16:22 ----D---- C:\Users\Roman\AppData\Roaming\Avira
2012-06-10 14:14:07 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2012-06-10 14:14:06 ----D---- C:\Program Files\Avira
2012-06-10 14:14:06 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2012-06-10 14:14:06 ----A---- C:\Windows\system32\drivers\avipbb.sys
2012-06-10 14:14:06 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2012-06-10 13:54:15 ----A---- C:\Windows\system32\RTNUninst32.dll
2012-06-10 13:54:15 ----A---- C:\Windows\system32\RtNicProp32.dll
2012-06-04 16:12:09 ----D---- C:\Program Files\Hewlett-Packard
2012-06-04 16:12:04 ----D---- C:\Users\Roman\AppData\Roaming\HpUpdate
2012-06-04 16:11:49 ----N---- C:\Windows\system32\hppfaxprintermonui5.dll
2012-06-04 16:11:49 ----N---- C:\Windows\system32\hppfaxprintermon5.dll
2012-06-04 16:11:48 ----ASH---- C:\Windows\system32\winzvprt5.sys
2012-06-04 16:11:48 ----A---- C:\Windows\system32\hppfaxprinter5.ini
2012-06-04 16:11:36 ----D---- C:\Users\Roman\AppData\Roaming\Hewlett-Packard Company
2012-06-04 16:06:53 ----D---- C:\ProgramData\Hewlett-Packard
2012-06-04 16:06:49 ----D---- C:\ProgramData\HP
2012-06-04 16:04:15 ----A---- C:\Windows\system32\hppccompio.dll
2012-06-04 16:04:14 ----A---- C:\Windows\system32\hpcpn103.dll
2012-05-30 20:54:25 ----HD---- C:\Windows\AxInstSV
2012-05-20 12:20:22 ----D---- C:\Program Files\Common Files\SWF Studio
2012-05-20 12:20:20 ----SHD---- C:\Users\Roman\AppData\Roaming\.#
2012-05-20 12:05:35 ----D---- C:\Program Files\HP
2012-05-20 12:03:53 ----A---- C:\Windows\system32\drivers\hppcgenio.sys
2012-05-20 12:03:53 ----A---- C:\Windows\system32\drivers\hppcfaxio.sys
2012-05-20 12:03:45 ----A---- C:\Windows\system32\hpxp1410.dll
2012-05-20 12:03:45 ----A---- C:\Windows\system32\hpptsp08.dll
2012-05-20 12:03:45 ----A---- C:\Windows\system32\hppscancoins32.dll
2012-05-20 12:03:45 ----A---- C:\Windows\system32\hppcfaxcompio.dll
2012-05-20 12:03:45 ----A---- C:\Windows\system32\hpmldmfax01.dll
2012-05-20 12:03:44 ----A---- C:\Windows\system32\hpbcoins32.dll
2012-05-20 12:03:18 ----D---- C:\CM1410_MFP_Series_Basic_Solution

======List of files/folders modified in the last 1 month======

2012-06-10 19:58:42 ----D---- C:\Windows\Prefetch
2012-06-10 19:58:36 ----D---- C:\Windows\Temp
2012-06-10 19:57:53 ----D---- C:\Windows\system32\Tasks
2012-06-10 19:56:42 ----D---- C:\Windows\system32\catroot
2012-06-10 19:56:35 ----D---- C:\Windows\Microsoft.NET
2012-06-10 19:56:26 ----SHD---- C:\Windows\Installer
2012-06-10 19:56:15 ----RSD---- C:\Windows\assembly
2012-06-10 19:56:15 ----D---- C:\ProgramData\Microsoft Help
2012-06-10 19:55:32 ----SD---- C:\ProgramData\Microsoft
2012-06-10 19:55:32 ----RD---- C:\Program Files
2012-06-10 19:55:32 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2012-06-10 19:55:31 ----D---- C:\Program Files\Microsoft.NET
2012-06-10 19:55:31 ----D---- C:\Program Files\Common Files\microsoft shared
2012-06-10 19:55:21 ----RSD---- C:\Windows\Fonts
2012-06-10 19:55:17 ----D---- C:\Program Files\MSBuild
2012-06-10 19:55:15 ----D---- C:\Windows\System32
2012-06-10 19:55:15 ----D---- C:\Program Files\Common Files
2012-06-10 19:53:24 ----D---- C:\Windows\ShellNew
2012-06-10 19:53:08 ----D---- C:\Program Files\Common Files\System
2012-06-10 19:53:08 ----A---- C:\Windows\win.ini
2012-06-10 19:52:05 ----SHD---- C:\System Volume Information
2012-06-10 18:35:51 ----D---- C:\Windows\system32\config
2012-06-10 16:49:13 ----D---- C:\Windows
2012-06-10 15:32:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-10 15:32:36 ----D---- C:\Windows\inf
2012-06-10 14:14:07 ----D---- C:\Windows\system32\drivers
2012-06-10 14:09:07 ----D---- C:\Windows\system32\NDF
2012-06-10 14:06:18 ----HD---- C:\ProgramData
2012-06-10 14:05:29 ----D---- C:\Windows\system32\DriverStore
2012-06-10 14:03:24 ----D---- C:\Program Files\Share Rapid Uploader
2012-06-10 14:02:33 ----D---- C:\ProgramData\EPSON
2012-06-10 14:00:46 ----D---- C:\Program Files\Common Files\Common Share
2012-06-10 13:54:12 ----D---- C:\Program Files\Realtek
2012-06-10 13:54:05 ----HD---- C:\Program Files\InstallShield Installation Information
2012-06-10 13:12:56 ----D---- C:\Windows\Logs
2012-06-10 13:12:56 ----D---- C:\Windows\debug
2012-06-10 13:12:21 ----D---- C:\Program Files\CCleaner
2012-06-09 21:33:25 ----D---- C:\Windows\system32\catroot2
2012-06-04 16:11:35 ----D---- C:\Windows\twain_32
2012-06-02 15:46:47 ----D---- C:\ProgramData\Real
2012-06-02 15:46:43 ----D---- C:\Users\Roman\AppData\Roaming\Real
2012-05-26 14:35:01 ----D---- C:\Users\Roman\AppData\Roaming\Skype
2012-05-15 16:38:51 ----D---- C:\Users\Roman\AppData\Roaming\gtk-2.0
2012-05-14 21:01:20 ----D---- C:\Program Files\EA Sports

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 14392]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2011-03-18 25240]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2012-04-27 137928]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-17 239168]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2012-04-25 83392]
R3 amdiox86;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-04-27 7770624]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-04-27 242176]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-09-15 2772192]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-05-16 391272]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AODDriver4.0;AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-09-30 104976]
S3 AVFSFilter;AVFSFilter; C:\Windows\system32\DRIVERS\avfsfilter.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-09-27 25280]
S3 HPFXBULKLEDM;HPFXBULKLEDM; C:\Windows\system32\drivers\hppcbulkio.sys [2010-10-03 20504]
S3 HPFXFAX;HPFXFAX; C:\Windows\system32\drivers\hppcfaxio.sys [2010-12-08 21528]
S3 ManyCam;ManyCam Virtual Webcam; C:\Windows\system32\DRIVERS\mcvidrv.sys [2012-01-11 32000]
S3 mcaudrv_simple;ManyCam Virtual Microphone; C:\Windows\system32\drivers\mcaudrv.sys [2012-02-22 22400]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2009-06-24 159776]
S3 s1029bus;Sony Ericsson Device 1029 driver (WDM); C:\Windows\system32\DRIVERS\s1029bus.sys [2009-05-25 90280]
S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1029mdfl.sys [2009-05-25 15016]
S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1029mdm.sys [2009-05-25 122280]
S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1029mgmt.sys [2009-05-25 115880]
S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1029nd5.sys [2009-05-25 26024]
S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1029obex.sys [2009-05-25 111912]
S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1029unic.sys [2009-05-25 116904]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S3 XDva391;XDva391; \??\C:\Windows\system32\XDva391.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-04-27 176128]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-27 294400]
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-05-02 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
R2 HP LaserJet Service;HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-11-05 66872]
R2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-25 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#6 Příspěvek od **Rudy** » 10 čer 2012 19:22

V logu vidím dokonce i rootkit. Dejte log ComboFix a budeme mazat:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Kn1gu4 · #7 Příspěvek od **Kn1gu4** » 10 čer 2012 20:31

spustil som combofix a po jeho ukončeni ked som chcel niečo spustiť (hocičo) mi napisalo že sa neda otvoriť pretože bol program označeny na odstranenie v Registry alebo niečo take , tak som reštartoval PC a neviem kde teraz najdem log ?

#8 Příspěvek od **Rudy** » 10 čer 2012 21:00

Log by měl být v c:\combofix.txt.

Kn1gu4 · #9 Příspěvek od **Kn1gu4** » 10 čer 2012 21:04

ok mám

ComboFix 12-06-10.01 - Roman . 06. 2012 21:03:37.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3326.2121 [GMT 2:00]
Running from: c:\users\Roman\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\RelevantKnowledge
c:\users\Roman\AppData\Roaming\.#
c:\windows\system32\tmp66B1.tmp
c:\windows\system32\tmp66B2.tmp
c:\windows\system32\tmpB1.tmp
c:\windows\system32\tmpB2.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))
.
.
2012-06-10 19:08 . 2012-06-10 19:08 -------- d-----w- c:\users\Mama\AppData\Local\temp
2012-06-10 19:08 . 2012-06-10 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-10 18:31 . 2012-06-10 19:08 -------- d-----w- c:\users\Roman\AppData\Local\temp
2012-06-10 16:39 . 2012-06-10 16:39 -------- d-----w- c:\users\Mama\AppData\Roaming\Avira
2012-06-10 13:23 . 2012-06-10 17:58 -------- d-----w- c:\program files\trend micro
2012-06-10 13:23 . 2012-06-10 13:23 -------- d-----w- C:\rsit
2012-06-10 12:16 . 2012-06-10 12:16 -------- d-----w- c:\users\Roman\AppData\Roaming\Avira
2012-06-10 12:14 . 2012-06-10 12:14 -------- d-----w- c:\program files\Avira
2012-06-10 12:14 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-10 12:14 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-10 12:14 . 2012-04-16 19:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-10 11:54 . 2011-05-16 20:55 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-10 11:54 . 2011-05-16 20:55 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-06-08 09:24 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8D5890D-C524-4EF5-B587-653D78EA5871}\mpengine.dll
2012-06-04 17:54 . 2012-06-04 17:54 -------- d-----w- c:\users\Mama\AppData\Roaming\Hewlett-Packard Company
2012-06-04 14:13 . 2012-06-04 14:13 -------- d-----w- c:\users\Roman\AppData\Local\HP
2012-06-04 14:12 . 2012-06-04 14:12 -------- d-----w- c:\program files\Hewlett-Packard
2012-05-20 10:03 . 2010-12-08 18:12 21528 ----a-w- c:\windows\system32\drivers\hppcfaxio.sys
2012-05-20 10:03 . 2010-12-08 18:10 26648 ----a-w- c:\windows\system32\drivers\hppcgenio.sys
2012-05-20 10:03 . 2010-12-08 18:11 59928 ----a-w- c:\windows\system32\hppcfaxcompio.dll
2012-05-20 10:03 . 2010-12-08 18:11 187960 ----a-w- c:\windows\system32\hppscancoins32.dll
2012-05-20 10:03 . 2010-12-08 18:10 188416 ----a-w- c:\windows\system32\hpmldmfax01.dll
2012-05-20 10:03 . 2010-12-08 18:10 751160 ----a-w- c:\windows\system32\hpptsp08.dll
2012-05-20 10:03 . 2010-12-08 18:10 755256 ----a-w- c:\windows\system32\hpxp1410.dll
2012-05-20 10:03 . 2010-12-08 18:11 238080 ----a-w- c:\windows\system32\hpbcoins32.dll
2012-05-20 10:03 . 2012-06-04 14:03 -------- d-----w- C:\CM1410_MFP_Series_Basic_Solution
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 19:01 . 2012-03-31 09:08 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 19:01 . 2011-09-25 12:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-30 16:45 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-07 21:23 . 2011-08-19 09:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-04-07 21:23 . 2011-08-19 09:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-31 04:39 . 2012-05-09 14:48 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 14:48 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 02:36 . 2012-05-09 14:48 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:23 . 2012-05-09 14:49 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:27 . 2012-05-09 14:48 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-17 18:17 . 2011-09-25 12:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2012-04-12 445624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-15 7739936]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-27 336384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-02-01 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-04-07 296056]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-02-22 1073312]
"ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]
"HP LaserJet Professional CM1410 Series Fax"="c:\program files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2010-08-24 2459192]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-05-01 22:31 348624 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-10-03 20504]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2010-12-08 21528]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2012-01-11 32000]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-02-22 22400]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [2009-05-25 90280]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [2009-05-25 15016]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [2009-05-25 122280]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [2009-05-25 115880]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [2009-05-25 26024]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [2009-05-25 111912]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [2009-05-25 116904]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-25 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-17 239168]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-27 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-27 294400]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-27 7770624]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-27 242176]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-05-16 391272]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:01]
.
2012-06-10 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2011-09-25 17:00]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000Core.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-11 19:33]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000UA.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-11 19:33]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005Core.job
- c:\users\Mama\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-21 18:28]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005UA.job
- c:\users\Mama\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-21 18:28]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\dqmr1v5v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-EPSON Stylus Photo RX585 Series - c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-10 21:10:02
ComboFix-quarantined-files.txt 2012-06-10 19:10
.
Pre-Run: 694 695 616 512 bytes free
Post-Run: 694 349 545 472 bytes free
.
- - End Of File - - 647F4B80F0B4B9D43583CB84822CC505

#10 Příspěvek od **Rudy** » 10 čer 2012 21:49

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\system32\XDva391.sys
c:\windows\Tasks\AutoKMS.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005UA.job

Driver::
XDva391

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Kn1gu4 · #11 Příspěvek od **Kn1gu4** » 11 čer 2012 14:36

hádam zmazané ale fb stále nejde

ComboFix 12-06-10.01 - Roman . 06. 2012 15:18:02.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3326.2028 [GMT 2:00]
Running from: c:\users\Roman\Downloads\ComboFix.exe
Command switches used :: c:\users\Roman\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\windows\Tasks\AutoKMS.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000Core.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000UA.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005Core.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\AutoKMS.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA391
-------\Service_XDva391
.
.
((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))
.
.
2012-06-11 13:23 . 2012-06-11 13:23 -------- d-----w- c:\users\Mama\AppData\Local\temp
2012-06-10 16:39 . 2012-06-10 16:39 -------- d-----w- c:\users\Mama\AppData\Roaming\Avira
2012-06-10 13:23 . 2012-06-10 17:58 -------- d-----w- c:\program files\trend micro
2012-06-10 13:23 . 2012-06-10 13:23 -------- d-----w- C:\rsit
2012-06-10 12:16 . 2012-06-10 12:16 -------- d-----w- c:\users\Roman\AppData\Roaming\Avira
2012-06-10 12:14 . 2012-06-10 12:14 -------- d-----w- c:\program files\Avira
2012-06-10 12:14 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-10 12:14 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-10 12:14 . 2012-04-16 19:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-10 11:54 . 2011-05-16 20:55 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-10 11:54 . 2011-05-16 20:55 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-06-08 09:24 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8D5890D-C524-4EF5-B587-653D78EA5871}\mpengine.dll
2012-06-04 17:54 . 2012-06-04 17:54 -------- d-----w- c:\users\Mama\AppData\Roaming\Hewlett-Packard Company
2012-06-04 14:13 . 2012-06-04 14:13 -------- d-----w- c:\users\Roman\AppData\Local\HP
2012-06-04 14:12 . 2012-06-04 14:12 -------- d-----w- c:\program files\Hewlett-Packard
2012-05-20 10:03 . 2010-12-08 18:12 21528 ----a-w- c:\windows\system32\drivers\hppcfaxio.sys
2012-05-20 10:03 . 2010-12-08 18:10 26648 ----a-w- c:\windows\system32\drivers\hppcgenio.sys
2012-05-20 10:03 . 2010-12-08 18:11 59928 ----a-w- c:\windows\system32\hppcfaxcompio.dll
2012-05-20 10:03 . 2010-12-08 18:11 187960 ----a-w- c:\windows\system32\hppscancoins32.dll
2012-05-20 10:03 . 2010-12-08 18:10 188416 ----a-w- c:\windows\system32\hpmldmfax01.dll
2012-05-20 10:03 . 2010-12-08 18:10 751160 ----a-w- c:\windows\system32\hpptsp08.dll
2012-05-20 10:03 . 2010-12-08 18:10 755256 ----a-w- c:\windows\system32\hpxp1410.dll
2012-05-20 10:03 . 2010-12-08 18:11 238080 ----a-w- c:\windows\system32\hpbcoins32.dll
2012-05-20 10:03 . 2012-06-04 14:03 -------- d-----w- C:\CM1410_MFP_Series_Basic_Solution
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 19:01 . 2012-03-31 09:08 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 19:01 . 2011-09-25 12:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-30 16:45 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-07 21:23 . 2011-08-19 09:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-04-07 21:23 . 2011-08-19 09:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-31 04:39 . 2012-05-09 14:48 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 14:48 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 02:36 . 2012-05-09 14:48 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:23 . 2012-05-09 14:49 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:27 . 2012-05-09 14:48 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-17 18:17 . 2011-09-25 12:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-10_19.08.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-23 16:09 . 2012-06-11 13:12 35254 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-06-11 13:12 31588 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-23 16:03 . 2012-06-11 13:12 13740 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1288046891-744878920-3793059904-1000_UserData.bin
- 2012-06-10 18:56 . 2012-06-10 18:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-11 13:10 . 2012-06-11 13:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-10 18:56 . 2012-06-10 18:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-11 13:10 . 2012-06-11 13:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:47 . 2012-06-10 18:55 487276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-06-10 20:19 487276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-25 18:10 . 2012-06-10 20:19 4031240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-09-25 18:10 . 2012-06-10 18:55 4031240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-09-25 13:22 . 2012-06-10 18:55 47392028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1288046891-744878920-3793059904-1000-8192.dat
+ 2011-09-25 13:22 . 2012-06-10 20:19 47392028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1288046891-744878920-3793059904-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2012-04-12 445624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-15 7739936]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-27 336384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-02-01 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-04-07 296056]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-02-22 1073312]
"ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]
"HP LaserJet Professional CM1410 Series Fax"="c:\program files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2010-08-24 2459192]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-05-01 22:31 348624 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 CFcatchme;CFcatchme;c:\users\Roman\AppData\Local\Temp\CFcatchme.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-10-03 20504]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2010-12-08 21528]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2012-01-11 32000]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-02-22 22400]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [2009-05-25 90280]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [2009-05-25 15016]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [2009-05-25 122280]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [2009-05-25 115880]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [2009-05-25 26024]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [2009-05-25 111912]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [2009-05-25 116904]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-25 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-17 239168]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-27 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-27 294400]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-27 7770624]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-27 242176]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-05-16 391272]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:01]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\dqmr1v5v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(684)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Sony\Sony PC Companion\PCCompanionInfo.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\DllHost.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2012-06-11 15:34:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-11 13:34
ComboFix2.txt 2012-06-10 19:10
.
Pre-Run: 694 406 750 208 bytes free
Post-Run: 693 809 197 056 bytes free
.
- - End Of File - - 55A8C4B6BF2066283B6BCFBBD7D9CEF4
Upload was successful

#12 Příspěvek od **Rudy** » 11 čer 2012 15:53

Log již vypadá OK. Na zkoušku vypněte antivir. Pokud se ani pak nezdaří připojení, informujte webmastera FB. Problém nemusí být nutně u vás.

Kn1gu4 · #13 Příspěvek od **Kn1gu4** » 11 čer 2012 16:13

A ako ho vypnem ? lebo keď to skúšam v procesoch tak mi napíše že prístup bol odmietnutý

#14 Příspěvek od **Rudy** » 11 čer 2012 17:00

Otevřte okno antiviru a v nastavení musí být možnost vypnout rez. štít. Že je vypnutý, poznáte tak, že deštník v ikoně na tray bude zavřený.

Kn1gu4 · #15 Příspěvek od **Kn1gu4** » 11 čer 2012 17:53

Mám ale stále nič . Nemám ani ako informovať webmastera keďže mi nenačíta ani uvodnu stranku FB

VIRY.CZ

Nejde mi Facebook

Nejde mi Facebook

Re: Nejde mi Facebook

Re: Nejde mi Facebook

Re: Nejde mi Facebook

Re: Nejde mi Facebook

Re: Nejde mi Facebook

Re: Nejde mi Facebook

Re: Nejde mi Facebook

Re: Nejde mi Facebook

Re: Nejde mi Facebook

Re: Nejde mi Facebook

Re: Nejde mi Facebook

Re: Nejde mi Facebook

Re: Nejde mi Facebook

Re: Nejde mi Facebook