Logfile of random's system information tool 1.09 (written by random/random)
Run by MAjor at 2012-08-28 19:44:17
Microsoft Windows 7 Ultimate N
System drive D: has 68 GB (33%) free of 205 GB
Total RAM: 3327 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:44:20, on 28.8.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Alwil Software\Avast5\AvastUI.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Steam\Steam.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Users\Public\smss.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
D:\Users\MAjor\AppData\Roaming\web2net.exe
D:\Users\MAjor\M-1-52-5782-8754-5245\winsam.exe
D:\Program Files\VideoLAN\VLC\vlc.exe
D:\Users\MAjor\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\MAjor\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\MAjor\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\MAjor\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\MAjor\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Windows\system32\wuauclt.exe
D:\Users\MAjor\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\MAjor\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\MAjor\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\MAjor\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\MAjor\Downloads\RSIT.exe
D:\Users\MAjor\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\MAjor\Downloads\RSIT.exe
D:\Program Files\trend micro\MAjor.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zonedirector.com/1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Nikon Message Center 2] D:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast5] "D:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "D:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RavenBleuSA] "D:\Users\MAjor\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe"
O4 - HKCU\..\Run: [RGSC] D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Microsoft® Windows System] D:\Users\MAjor\M-1-52-5782-8754-5245\winsam.exe
O4 - HKCU\..\Run: [Google Update] "D:\Users\MAjor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Windows Login access] D:\Users\MAjor\AppData\Roaming\web2net.exe
O4 - HKCU\..\Run: [Windows System Controler] d:\users\public\smss.exe
O4 - Startup: fliptoast.lnk = D:\Program Files\fliptoast\fliptoast.exe
O4 - Global Startup: GamePark klient 2.lnk = D:\Program Files\GamePark2\gpcl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - D:\Users\MAjor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: d:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - D:\Windows\system32\atiesrxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - D:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - D:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - D:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 7691 bytes
======Scheduled tasks folder======
D:\Windows\tasks\Adobe Flash Player Updater.job
D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1346858010-2952013356-17835165-1000Core.job
D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1346858010-2952013356-17835165-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-07-05 453544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05 157616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"Nikon Message Center 2"=D:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [2010-05-25 619008]
"GrooveMonitor"=D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"WinampAgent"=D:\Program Files\Winamp\winampa.exe []
"avast5"=D:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-05 3396624]
"SunJavaUpdateSched"=D:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-06-11 641704]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min D:\Program Files\AMD AVT\bin\kdbsync.exe aml []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=D:\Program Files\Steam\Steam.exe [2012-08-04 1353080]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]
"RavenBleuSA"=D:\Users\MAjor\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe []
"RGSC"=D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
"Microsoft® Windows System"=D:\Users\MAjor\M-1-52-5782-8754-5245\winsam.exe [2012-08-07 181248]
"Google Update"=D:\Users\MAjor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-09 116648]
"Windows Login access"=D:\Users\MAjor\AppData\Roaming\web2net.exe [2012-08-10 66048]
"Windows System Controler"=d:\users\public\smss.exe [2012-08-25 176640]
D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
GamePark klient 2.lnk - D:\Program Files\GamePark2\gpcl.exe
D:\Users\MAjor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
fliptoast.lnk - D:\Program Files\fliptoast\fliptoast.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - D:\Windows\system32\webcheck.dll [2012-03-15 203776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.RTV1"=rtvcvfw32.dll
"vidc.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
======File associations======
.js - edit - D:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2012-08-28 19:41:44 ----D---- D:\rsit
2012-08-28 19:41:44 ----D---- D:\Program Files\trend micro
2012-08-16 15:49:31 ----D---- D:\ProgramData\Codemasters
2012-08-16 15:48:57 ----D---- D:\Program Files\OpenAL
2012-08-16 15:48:57 ----A---- D:\Windows\system32\wrap_oal.dll
2012-08-16 15:48:57 ----A---- D:\Windows\system32\OpenAL32.dll
2012-08-16 15:48:33 ----A---- D:\Windows\system32\rapture3d_oal.dll
2012-08-16 15:48:33 ----A---- D:\Windows\system32\mkl_blueripple.dll
2012-08-16 15:48:32 ----D---- D:\Program Files\BRS
2012-08-16 15:48:14 ----HD---- D:\Windows\msdownld.tmp
2012-08-16 15:48:10 ----D---- D:\Windows\system32\directx
2012-08-16 15:36:18 ----D---- D:\Program Files\Codemasters
2012-08-15 11:10:04 ----A---- D:\Windows\system32\mshtmled.dll
2012-08-15 11:10:03 ----A---- D:\Windows\system32\ieui.dll
2012-08-15 11:10:03 ----A---- D:\Windows\system32\iertutil.dll
2012-08-15 11:10:02 ----A---- D:\Windows\system32\ieUnatt.exe
2012-08-15 11:10:01 ----A---- D:\Windows\system32\wininet.dll
2012-08-15 11:10:01 ----A---- D:\Windows\system32\url.dll
2012-08-15 11:10:01 ----A---- D:\Windows\system32\jsproxy.dll
2012-08-15 11:10:01 ----A---- D:\Windows\system32\jscript9.dll
2012-08-15 11:10:01 ----A---- D:\Windows\system32\jscript.dll
2012-08-15 11:10:00 ----A---- D:\Windows\system32\urlmon.dll
2012-08-15 11:10:00 ----A---- D:\Windows\system32\mshtml.dll
2012-08-15 11:09:59 ----A---- D:\Windows\system32\ieframe.dll
2012-08-15 10:48:23 ----A---- D:\Windows\system32\win32k.sys
2012-08-15 10:48:17 ----A---- D:\Windows\system32\netapi32.dll
2012-08-15 10:48:17 ----A---- D:\Windows\system32\browser.dll
2012-08-15 10:48:17 ----A---- D:\Windows\system32\browcli.dll
2012-08-15 10:48:16 ----A---- D:\Windows\system32\localspl.dll
2012-08-14 18:38:55 ----D---- D:\Users\MAjor\AppData\Roaming\com.amsoft.Autoskola-user.F7413B326E7EE190C62FFECB0195DD73C683900A.1
2012-08-14 18:38:52 ----D---- D:\Program Files\Autoškola testy
2012-08-10 17:39:44 ----SH---- D:\Users\MAjor\AppData\Roaming\web2net.exe
2012-08-09 15:16:38 ----A---- D:\Windows\system32\FlashPlayerApp.exe
2012-08-09 15:08:43 ----D---- D:\Users\MAjor\AppData\Roaming\Opera
2012-08-09 15:08:39 ----D---- D:\Program Files\Opera
2012-08-09 13:06:36 ----D---- D:\ProgramData\ATI
2012-08-09 13:06:35 ----D---- D:\Program Files\AMD AVT
2012-08-09 13:06:29 ----D---- D:\Program Files\AMD APP
2012-08-07 21:36:37 ----AH---- D:\Users\MAjor\AppData\Roaming\windrvconfig.txt
======List of files/folders modified in the last 1 month======
2012-08-28 19:44:20 ----D---- D:\Windows\temp
2012-08-28 19:42:02 ----D---- D:\Windows\Prefetch
2012-08-28 19:41:44 ----RD---- D:\Program Files
2012-08-28 19:31:15 ----D---- D:\Windows\system32\config
2012-08-28 19:27:07 ----D---- D:\Windows\System32
2012-08-28 19:27:07 ----A---- D:\Windows\system32\PerfStringBackup.INI
2012-08-28 19:21:24 ----D---- D:\Program Files\Steam
2012-08-28 17:41:00 ----D---- D:\Windows\system32\catroot2
2012-08-28 13:09:05 ----D---- D:\Users\MAjor\AppData\Roaming\HLSW
2012-08-28 13:06:09 ----D---- D:\Windows\system32\NDF
2012-08-28 11:59:49 ----D---- D:\Users\MAjor\AppData\Roaming\uTorrent
2012-08-26 20:33:34 ----D---- D:\Users\MAjor\AppData\Roaming\vlc
2012-08-26 20:33:22 ----D---- D:\Users\MAjor\AppData\Roaming\Youtube to MP3 Converter
2012-08-26 20:13:05 ----D---- D:\games
2012-08-26 19:14:12 ----SHD---- D:\System Volume Information
2012-08-24 19:24:51 ----A---- D:\Windows\system32\PnkBstrB.exe
2012-08-24 09:18:50 ----D---- D:\Program Files\Common Files\Steam
2012-08-17 19:35:02 ----D---- D:\Config.Msi
2012-08-16 22:23:13 ----D---- D:\Windows\system32\drivers
2012-08-16 22:23:11 ----D---- D:\Windows\system32\drivers\UMDF
2012-08-16 22:23:11 ----D---- D:\Windows\inf
2012-08-16 18:48:32 ----SHD---- D:\Windows\Installer
2012-08-16 18:48:32 ----D---- D:\Windows\system32\appmgmt
2012-08-16 18:48:23 ----D---- D:\ProgramData
2012-08-16 18:47:57 ----HD---- D:\Program Files\InstallShield Installation Information
2012-08-16 18:47:43 ----D---- D:\Program Files\MKVTOAVI
2012-08-16 18:42:43 ----D---- D:\Program Files\Common Files
2012-08-16 18:41:32 ----D---- D:\Windows
2012-08-16 15:48:45 ----D---- D:\Windows\winsxs
2012-08-15 11:53:14 ----D---- D:\Windows\system32\migration
2012-08-15 11:53:14 ----D---- D:\Program Files\Internet Explorer
2012-08-15 11:10:53 ----A---- D:\Windows\system32\MRT.exe
2012-08-15 11:10:18 ----D---- D:\Windows\system32\catroot
2012-08-09 15:16:39 ----D---- D:\Windows\Tasks
2012-08-09 15:16:39 ----D---- D:\Windows\system32\Tasks
2012-08-09 13:06:35 ----D---- D:\ProgramData\AMD
2012-08-09 13:06:14 ----D---- D:\Program Files\ATI Technologies
2012-08-09 13:04:22 ----D---- D:\Windows\system32\DriverStore
2012-08-04 18:31:04 ----D---- D:\Riot Games
2012-08-03 17:30:42 ----D---- D:\Windows\Microsoft.NET
2012-08-03 11:54:18 ----RSD---- D:\Windows\assembly
2012-08-03 11:53:22 ----D---- D:\Windows\system32\en-US
2012-08-03 11:52:20 ----D---- D:\Program Files\Common Files\Adobe AIR
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; D:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; D:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswSnx;aswSnx; D:\Windows\system32\drivers\aswSnx.sys [2011-01-05 357968]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; D:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; D:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-08 242240]
R3 amdkmdag;amdkmdag; D:\Windows\system32\DRIVERS\atikmdag.sys [2012-06-11 8733696]
R3 amdkmdap;amdkmdap; D:\Windows\system32\DRIVERS\atikmpag.sys [2012-06-11 295936]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; D:\Windows\system32\DRIVERS\l160x86.sys [2009-07-14 47104]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; D:\Windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
R3 MTsensor;ATK0110 ACPI UTILITY; D:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 pcouffin;VSO Software pcouffin; D:\Windows\System32\Drivers\pcouffin.sys [2012-01-24 47360]
S1 aswRdr;aswRdr; D:\Windows\system32\drivers\aswRdr.sys []
S1 aswSP;aswSP; D:\Windows\system32\drivers\aswSP.sys []
S1 aswTdi;avast! Network Shield Support; D:\Windows\system32\drivers\aswTdi.sys []
S2 aswFsBlk;aswFsBlk; D:\Windows\system32\drivers\aswFsBlk.sys []
S2 Parvdm;Parvdm; D:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; D:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; D:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; D:\Windows\system32\DRIVERS\atikmdag.sys [2012-06-11 8733696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; D:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; D:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\D:\Users\MAjor\AppData\Local\Temp\catchme.sys []
S3 HTCAND32;HTC Device Driver; D:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver; D:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
S3 MSICDSetup;MSICDSetup; \??\E:\CDriver.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; D:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; D:\Windows\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 RDPDR;Terminal Server Device Redirector Driver; D:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; D:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; D:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; D:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; D:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
S3 usb_rndisx;USB RNDIS Adapter; D:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 usbser;USB Modem Driver; D:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; D:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 viaagp;VIA AGP Bus Filter; D:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; D:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; D:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; D:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; D:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility; D:\Windows\system32\atiesrxx.exe [2012-06-11 217600]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; D:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; D:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 PassThru Service;Internet Pass-Through Service; D:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
R2 PnkBstrA;PnkBstrA; D:\Windows\system32\PnkBstrA.exe [2012-05-15 76888]
R2 wlidsvc;Windows Live ID Sign-in Assistant; D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R3 Steam Client Service;Steam Client Service; D:\Program Files\Common Files\Steam\SteamService.exe [2012-08-23 529744]
R3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; D:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-07 1343400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; D:\Program Files\Skype\Updater\Updater.exe [2012-07-03 160944]
S3 ACDaemon;ArcSoft Connect Daemon; D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; D:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056]
S3 AppMgmt;@appmgmts.dll,-3250; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; D:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-04-16 654848]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@D:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; D:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@D:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; D:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@D:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; D:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu(FBchat mi odesílá samovolně zprávy)
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Prosím o kontrolu logu(FBchat mi odesílá samovolně zprávy)
- Přílohy
-
- takhle to vypada v chatu
- spam.png (4.44 KiB) Zobrazeno 1085 x
Re: Prosím o kontrolu logu(FBchat mi odesílá samovolně zpráv
Zdravim, pekny vecer preji a vitam vas u nas na foru 
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
- Ukoncete vsechny programy
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Pockejte na dokonceni PreScanu
- Zvolte moznost Prohledat (scan)
- Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
- Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu(FBchat mi odesílá samovolně zpráv
Díky za rychlou odpověď .
Log je zde :
RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7600 ) 32 bits version
Spuštěno v : Normální režim
Uživatel : MAjor [Práva správce]
Mód : Kontrola -- Datum : 08/28/2012 21:43:57
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : RavenBleuSA ("D:\Users\MAjor\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe") -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : Windows Login access (D:\Users\MAjor\AppData\Roaming\web2net.exe) -> NALEZENO
[RUN][HJNAME] HKCU\[...]\Run : Windows System Controler (d:\users\public\smss.exe) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1346858010-2952013356-17835165-1000[...]\Run : RavenBleuSA ("D:\Users\MAjor\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe") -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1346858010-2952013356-17835165-1000[...]\Run : Windows Login access (D:\Users\MAjor\AppData\Roaming\web2net.exe) -> NALEZENO
[RUN][HJNAME] HKUS\S-1-5-21-1346858010-2952013356-17835165-1000[...]\Run : Windows System Controler (d:\users\public\smss.exe) -> NALEZENO
[TASK][SUSP PATH] RunAsStdUser Task : "D:\Users\MAjor\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe" -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> D:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAKS-00L9A0 ATA Device +++++
--- User ---
[MBR] ba3da4cc368fc8d2b44532e9729f0462
[BSP] fcc3f853c0a01a8b91fb76d040d9ada9 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204796620 | Size: 205244 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[1].txt >>
RKreport[1].txt
Log je zde :
RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7600 ) 32 bits version
Spuštěno v : Normální režim
Uživatel : MAjor [Práva správce]
Mód : Kontrola -- Datum : 08/28/2012 21:43:57
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : RavenBleuSA ("D:\Users\MAjor\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe") -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : Windows Login access (D:\Users\MAjor\AppData\Roaming\web2net.exe) -> NALEZENO
[RUN][HJNAME] HKCU\[...]\Run : Windows System Controler (d:\users\public\smss.exe) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1346858010-2952013356-17835165-1000[...]\Run : RavenBleuSA ("D:\Users\MAjor\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe") -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1346858010-2952013356-17835165-1000[...]\Run : Windows Login access (D:\Users\MAjor\AppData\Roaming\web2net.exe) -> NALEZENO
[RUN][HJNAME] HKUS\S-1-5-21-1346858010-2952013356-17835165-1000[...]\Run : Windows System Controler (d:\users\public\smss.exe) -> NALEZENO
[TASK][SUSP PATH] RunAsStdUser Task : "D:\Users\MAjor\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe" -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> D:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAKS-00L9A0 ATA Device +++++
--- User ---
[MBR] ba3da4cc368fc8d2b44532e9729f0462
[BSP] fcc3f853c0a01a8b91fb76d040d9ada9 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204796620 | Size: 205244 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[1].txt >>
RKreport[1].txt
Re: Prosím o kontrolu logu(FBchat mi odesílá samovolně zpráv
Spustte znovu RogueKiller
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
- Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu(FBchat mi odesílá samovolně zpráv
první log:
RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7600 ) 32 bits version
Spuštěno v : Normální režim
Uživatel : MAjor [Práva správce]
Mód : Kontrola -- Datum : 08/28/2012 21:43:57
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : RavenBleuSA ("D:\Users\MAjor\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe") -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : Windows Login access (D:\Users\MAjor\AppData\Roaming\web2net.exe) -> NALEZENO
[RUN][HJNAME] HKCU\[...]\Run : Windows System Controler (d:\users\public\smss.exe) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1346858010-2952013356-17835165-1000[...]\Run : RavenBleuSA ("D:\Users\MAjor\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe") -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1346858010-2952013356-17835165-1000[...]\Run : Windows Login access (D:\Users\MAjor\AppData\Roaming\web2net.exe) -> NALEZENO
[RUN][HJNAME] HKUS\S-1-5-21-1346858010-2952013356-17835165-1000[...]\Run : Windows System Controler (d:\users\public\smss.exe) -> NALEZENO
[TASK][SUSP PATH] RunAsStdUser Task : "D:\Users\MAjor\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe" -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> D:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAKS-00L9A0 ATA Device +++++
--- User ---
[MBR] ba3da4cc368fc8d2b44532e9729f0462
[BSP] fcc3f853c0a01a8b91fb76d040d9ada9 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204796620 | Size: 205244 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[1].txt >>
RKreport[1].txt
druhý log :
RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7600 ) 32 bits version
Spuštěno v : Normální režim
Uživatel : MAjor [Práva správce]
Mód : Oprava HOSTS -- Datum : 08/28/2012 21:53:27
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> D:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost
Dokončeno : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt
RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7600 ) 32 bits version
Spuštěno v : Normální režim
Uživatel : MAjor [Práva správce]
Mód : Kontrola -- Datum : 08/28/2012 21:43:57
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : RavenBleuSA ("D:\Users\MAjor\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe") -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : Windows Login access (D:\Users\MAjor\AppData\Roaming\web2net.exe) -> NALEZENO
[RUN][HJNAME] HKCU\[...]\Run : Windows System Controler (d:\users\public\smss.exe) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1346858010-2952013356-17835165-1000[...]\Run : RavenBleuSA ("D:\Users\MAjor\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe") -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1346858010-2952013356-17835165-1000[...]\Run : Windows Login access (D:\Users\MAjor\AppData\Roaming\web2net.exe) -> NALEZENO
[RUN][HJNAME] HKUS\S-1-5-21-1346858010-2952013356-17835165-1000[...]\Run : Windows System Controler (d:\users\public\smss.exe) -> NALEZENO
[TASK][SUSP PATH] RunAsStdUser Task : "D:\Users\MAjor\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe" -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> D:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAKS-00L9A0 ATA Device +++++
--- User ---
[MBR] ba3da4cc368fc8d2b44532e9729f0462
[BSP] fcc3f853c0a01a8b91fb76d040d9ada9 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204796620 | Size: 205244 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[1].txt >>
RKreport[1].txt
druhý log :
RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7600 ) 32 bits version
Spuštěno v : Normální režim
Uživatel : MAjor [Práva správce]
Mód : Oprava HOSTS -- Datum : 08/28/2012 21:53:27
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> D:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost
Dokončeno : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt
Re: Prosím o kontrolu logu(FBchat mi odesílá samovolně zpráv
Dejte jeste volbu smazat
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu(FBchat mi odesílá samovolně zpráv
RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7600 ) 32 bits version
Spuštěno v : Normální režim
Uživatel : MAjor [Práva správce]
Mód : Odebrat -- Datum : 08/28/2012 21:58:06
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> D:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAKS-00L9A0 ATA Device +++++
--- User ---
[MBR] ba3da4cc368fc8d2b44532e9729f0462
[BSP] fcc3f853c0a01a8b91fb76d040d9ada9 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204796620 | Size: 205244 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7600 ) 32 bits version
Spuštěno v : Normální režim
Uživatel : MAjor [Práva správce]
Mód : Odebrat -- Datum : 08/28/2012 21:58:06
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> D:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAKS-00L9A0 ATA Device +++++
--- User ---
[MBR] ba3da4cc368fc8d2b44532e9729f0462
[BSP] fcc3f853c0a01a8b91fb76d040d9ada9 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204796620 | Size: 205244 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt
Re: Prosím o kontrolu logu(FBchat mi odesílá samovolně zpráv
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Na plose vznikne log Rkill.txt ten mi sem vlozte
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu(FBchat mi odesílá samovolně zpráv
Rkill log :
Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/28/2012 10:07:17 PM in x86 mode.
Windows Version: Windows 7 Ultimate N
Checking for Windows services to stop.
* No malware services found to stop.
Checking for processes to terminate.
* D:\Users\MAjor\M-1-52-5782-8754-5245\winsam.exe (PID: 3780) [UP-HEUR]
1 proccess terminated!
Checking Registry for malware related settings.
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!
Performing miscellaneous checks.
* No issues found.
Checking Windows Service Integrity:
* WMPNetworkSvc [Missing Service]
Searching for Missing Digital Signatures:
* No issues found.
Program finished at: 08/28/2012 10:07:32 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)
Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/28/2012 10:07:17 PM in x86 mode.
Windows Version: Windows 7 Ultimate N
Checking for Windows services to stop.
* No malware services found to stop.
Checking for processes to terminate.
* D:\Users\MAjor\M-1-52-5782-8754-5245\winsam.exe (PID: 3780) [UP-HEUR]
1 proccess terminated!
Checking Registry for malware related settings.
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!
Performing miscellaneous checks.
* No issues found.
Checking Windows Service Integrity:
* WMPNetworkSvc [Missing Service]
Searching for Missing Digital Signatures:
* No issues found.
Program finished at: 08/28/2012 10:07:32 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)
Re: Prosím o kontrolu logu(FBchat mi odesílá samovolně zpráv
Super, hura do ComboFixu...
ale mrknu na nej az rano
ale mrknu na nej az rano
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu(FBchat mi odesílá samovolně zpráv
log :
ComboFix 12-08-28.03 - MAjor 28.08.2012 22:12:27.2.2 - x86
Microsoft Windows 7 Ultimate N 6.1.7600.0.1250.420.1033.18.3327.2502 [GMT 2:00]
Spuštěný z: d:\users\MAjor\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\programdata\909E04A1C9.sys
d:\users\MAjor\AppData\Roaming\web2net.exe
d:\users\Public\smss.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-28 do 2012-08-28 )))))))))))))))))))))))))))))))
.
.
2012-08-28 20:18 . 2012-08-28 20:18 -------- d-----w- d:\users\Public\AppData\Local\temp
2012-08-28 20:18 . 2012-08-28 20:18 -------- d-----w- d:\users\Default\AppData\Local\temp
2012-08-28 19:47 . 2012-08-28 19:48 -------- d-----w- D:\f7b17801685886edf3fb175e7a38ea89
2012-08-28 19:47 . 2012-08-28 19:47 -------- d-----w- D:\6c434efb0b35380e5671558b84
2012-08-28 17:41 . 2012-08-28 17:44 -------- d-----w- d:\program files\trend micro
2012-08-28 17:41 . 2012-08-28 17:42 -------- d-----w- D:\rsit
2012-08-28 17:23 . 2012-08-28 17:23 56200 ----a-w- d:\programdata\Microsoft\Windows Defender\Definition Updates\{DE27356C-E709-43C7-8810-8918065EBB2B}\offreg.dll
2012-08-16 13:49 . 2012-08-16 13:49 -------- d-----w- d:\users\MAjor\AppData\Local\FLT
2012-08-16 13:49 . 2012-08-16 13:49 -------- d-----w- d:\programdata\Codemasters
2012-08-16 13:48 . 2012-08-16 13:48 444952 ----a-w- d:\windows\system32\wrap_oal.dll
2012-08-16 13:48 . 2012-08-16 13:48 109080 ----a-w- d:\windows\system32\OpenAL32.dll
2012-08-16 13:48 . 2012-08-16 13:48 -------- d-----w- d:\program files\OpenAL
2012-08-16 13:48 . 2011-09-05 18:57 1306624 ----a-w- d:\windows\system32\rapture3d_oal.dll
2012-08-16 13:48 . 2010-09-22 12:12 19087360 ----a-w- d:\windows\system32\mkl_blueripple.dll
2012-08-16 13:48 . 2012-08-16 13:48 -------- d-----w- d:\program files\BRS
2012-08-16 13:48 . 2012-08-16 13:48 -------- d--h--w- d:\windows\msdownld.tmp
2012-08-16 13:36 . 2012-08-16 16:47 -------- d-----w- d:\program files\Codemasters
2012-08-15 08:48 . 2012-07-18 17:10 2344448 ----a-w- d:\windows\system32\win32k.sys
2012-08-15 08:48 . 2012-07-04 21:23 41472 ----a-w- d:\windows\system32\browcli.dll
2012-08-15 08:48 . 2012-07-04 21:23 102912 ----a-w- d:\windows\system32\browser.dll
2012-08-15 08:48 . 2012-05-14 04:37 768512 ----a-w- d:\windows\system32\localspl.dll
2012-08-14 16:38 . 2012-08-14 16:38 -------- d-----w- d:\users\MAjor\AppData\Roaming\com.amsoft.Autoskola-user.F7413B326E7EE190C62FFECB0195DD73C683900A.1
2012-08-14 16:38 . 2012-08-14 16:38 -------- d-----w- d:\program files\Autoškola testy
2012-08-09 13:16 . 2012-08-16 11:27 70344 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-09 13:16 . 2012-08-16 11:27 426184 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-08-09 13:08 . 2012-08-09 13:08 -------- d-----w- d:\users\MAjor\AppData\Local\Opera
2012-08-09 13:08 . 2012-08-09 13:08 -------- d-----w- d:\program files\Opera
2012-08-09 11:06 . 2012-08-09 11:06 -------- d-----w- d:\programdata\ATI
2012-08-09 11:06 . 2012-08-09 11:06 -------- d-----w- d:\program files\AMD AVT
2012-08-09 11:06 . 2012-08-09 11:06 -------- d-----w- d:\program files\AMD APP
2012-08-07 19:36 . 2012-08-07 19:36 -------- d-sh--r- d:\users\MAjor\M-1-52-5782-8754-5245
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 17:25 . 2011-12-05 04:48 139448 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2012-08-24 17:24 . 2011-12-05 05:29 282472 ----a-w- d:\windows\system32\PnkBstrB.xtr
2012-08-24 17:24 . 2011-12-05 04:47 282472 ----a-w- d:\windows\system32\PnkBstrB.exe
2012-08-24 17:23 . 2011-12-05 04:47 103736 ----a-w- d:\windows\system32\PnkBstrB.ex0
2012-07-05 20:06 . 2012-04-09 19:29 772544 ----a-w- d:\windows\system32\npdeployJava1.dll
2012-07-05 20:06 . 2012-04-09 19:29 687544 ----a-w- d:\windows\system32\deployJava1.dll
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- d:\windows\system32\msxml4.dll
2012-06-11 18:58 . 2012-06-11 18:58 8733696 ----a-w- d:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 58880 ----a-w- d:\windows\system32\coinst_8.98.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- d:\windows\system32\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- d:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2011-01-26 23:00 924160 ----a-w- d:\windows\system32\aticfx32.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- d:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 468992 ----a-w- d:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 217600 ----a-w- d:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 163840 ----a-w- d:\windows\system32\atitmmxx.dll
2012-06-11 17:17 . 2012-06-11 17:17 20992 ----a-w- d:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- d:\windows\system32\ati2edxx.dll
2012-06-11 17:16 . 2011-01-26 22:49 6301696 ----a-w- d:\windows\system32\atidxx32.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- d:\windows\system32\aticalrt.dll
2012-06-11 16:45 . 2011-01-26 22:28 5480448 ----a-w- d:\windows\system32\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- d:\windows\system32\aticalcl.dll
2012-06-11 16:43 . 2011-01-26 22:24 4729344 ----a-w- d:\windows\system32\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- d:\windows\system32\aticaldd.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- d:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- d:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- d:\windows\system32\atigktxx.dll
2012-06-11 16:25 . 2012-06-11 16:25 295936 ----a-w- d:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-01-26 22:12 42496 ----a-w- d:\windows\system32\atiuxpag.dll
2012-06-11 16:24 . 2011-01-26 22:12 32768 ----a-w- d:\windows\system32\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- d:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- d:\windows\system32\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- d:\windows\system32\amdpcom32.dll
2012-06-11 11:50 . 2012-06-11 11:50 159232 ----a-w- d:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- d:\windows\system32\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- d:\windows\system32\OVDecode.dll
2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- d:\windows\system32\amdocl.dll
2012-06-06 05:09 . 2012-07-11 19:19 1389568 ----a-w- d:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-11 19:19 1236992 ----a-w- d:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-23 09:50 53784 ----a-w- d:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 09:50 45080 ----a-w- d:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 09:50 35864 ----a-w- d:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 09:50 577048 ----a-w- d:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 09:50 1933848 ----a-w- d:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 09:50 2422272 ----a-w- d:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 09:50 88576 ----a-w- d:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 09:50 171904 ----a-w- d:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-23 09:50 33792 ----a-w- d:\windows\system32\wuapp.exe
2012-06-02 04:51 . 2012-07-11 19:19 67440 ----a-w- d:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51 . 2012-07-11 19:19 134000 ----a-w- d:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50 . 2012-07-11 19:19 369336 ----a-w- d:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-11 19:19 225280 ----a-w- d:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-11 19:19 219136 ----a-w- d:\windows\system32\ncrypt.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-01-05 16:19 120712 ----a-w- d:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\Steam\Steam.exe" [2012-08-04 1353080]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Microsoft® Windows System"="d:\users\MAjor\M-1-52-5782-8754-5245\winsam.exe" [2012-08-07 181248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Nikon Message Center 2"="d:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
.
d:\users\MAjor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
fliptoast.lnk - d:\program files\fliptoast\fliptoast.exe [N/A]
.
d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamePark klient 2.lnk - d:\program files\GamePark2\gpcl.exe [2012-3-25 409088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 HTCAND32;HTC Device Driver;d:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;d:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 MSICDSetup;MSICDSetup;E:\CDriver.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;d:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;d:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;d:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;d:\windows\system32\atiesrxx.exe [x]
S2 PassThru Service;Internet Pass-Through Service;d:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S3 amdkmdag;amdkmdag;d:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;d:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;d:\windows\system32\DRIVERS\l160x86.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;d:\windows\system32\drivers\AtihdW73.sys [x]
S3 pcouffin;VSO Software pcouffin;d:\windows\system32\Drivers\pcouffin.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-28 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 11:27]
.
2012-08-23 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1346858010-2952013356-17835165-1000Core.job
- d:\users\MAjor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-09 12:59]
.
2012-08-28 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1346858010-2952013356-17835165-1000UA.job
- d:\users\MAjor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-09 12:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://zonedirector.com/1/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - d:\users\MAjor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-RGSC - d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKLM-Run-WinampAgent - d:\program files\Winamp\winampa.exe
AddRemove-Android SDK Tools - d:\android\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1346858010-2952013356-17835165-1000\Software\SecuROM\License information*]
"datasecu"=hex:c5,dc,a9,41,d8,68,91,a6,81,66,b5,69,da,96,4a,27,d2,fb,81,d2,dc,
85,f4,26,03,44,c0,97,04,08,f6,98,d5,5b,c3,f0,2a,50,82,ed,6e,4c,30,f6,5e,e0,\
"rkeysecu"=hex:85,90,6b,50,f4,03,11,a7,58,da,c7,14,a1,92,26,9f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-08-28 22:20:23
ComboFix-quarantined-files.txt 2012-08-28 20:20
ComboFix2.txt 2012-01-25 20:04
.
Před spuštěním: Volných bajtů: 77 399 560 192
Po spuštění: Volných bajtů: 95 505 170 432
.
- - End Of File - - 0006A7F068098C5AF862A24E8ED25BB6
ComboFix 12-08-28.03 - MAjor 28.08.2012 22:12:27.2.2 - x86
Microsoft Windows 7 Ultimate N 6.1.7600.0.1250.420.1033.18.3327.2502 [GMT 2:00]
Spuštěný z: d:\users\MAjor\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\programdata\909E04A1C9.sys
d:\users\MAjor\AppData\Roaming\web2net.exe
d:\users\Public\smss.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-28 do 2012-08-28 )))))))))))))))))))))))))))))))
.
.
2012-08-28 20:18 . 2012-08-28 20:18 -------- d-----w- d:\users\Public\AppData\Local\temp
2012-08-28 20:18 . 2012-08-28 20:18 -------- d-----w- d:\users\Default\AppData\Local\temp
2012-08-28 19:47 . 2012-08-28 19:48 -------- d-----w- D:\f7b17801685886edf3fb175e7a38ea89
2012-08-28 19:47 . 2012-08-28 19:47 -------- d-----w- D:\6c434efb0b35380e5671558b84
2012-08-28 17:41 . 2012-08-28 17:44 -------- d-----w- d:\program files\trend micro
2012-08-28 17:41 . 2012-08-28 17:42 -------- d-----w- D:\rsit
2012-08-28 17:23 . 2012-08-28 17:23 56200 ----a-w- d:\programdata\Microsoft\Windows Defender\Definition Updates\{DE27356C-E709-43C7-8810-8918065EBB2B}\offreg.dll
2012-08-16 13:49 . 2012-08-16 13:49 -------- d-----w- d:\users\MAjor\AppData\Local\FLT
2012-08-16 13:49 . 2012-08-16 13:49 -------- d-----w- d:\programdata\Codemasters
2012-08-16 13:48 . 2012-08-16 13:48 444952 ----a-w- d:\windows\system32\wrap_oal.dll
2012-08-16 13:48 . 2012-08-16 13:48 109080 ----a-w- d:\windows\system32\OpenAL32.dll
2012-08-16 13:48 . 2012-08-16 13:48 -------- d-----w- d:\program files\OpenAL
2012-08-16 13:48 . 2011-09-05 18:57 1306624 ----a-w- d:\windows\system32\rapture3d_oal.dll
2012-08-16 13:48 . 2010-09-22 12:12 19087360 ----a-w- d:\windows\system32\mkl_blueripple.dll
2012-08-16 13:48 . 2012-08-16 13:48 -------- d-----w- d:\program files\BRS
2012-08-16 13:48 . 2012-08-16 13:48 -------- d--h--w- d:\windows\msdownld.tmp
2012-08-16 13:36 . 2012-08-16 16:47 -------- d-----w- d:\program files\Codemasters
2012-08-15 08:48 . 2012-07-18 17:10 2344448 ----a-w- d:\windows\system32\win32k.sys
2012-08-15 08:48 . 2012-07-04 21:23 41472 ----a-w- d:\windows\system32\browcli.dll
2012-08-15 08:48 . 2012-07-04 21:23 102912 ----a-w- d:\windows\system32\browser.dll
2012-08-15 08:48 . 2012-05-14 04:37 768512 ----a-w- d:\windows\system32\localspl.dll
2012-08-14 16:38 . 2012-08-14 16:38 -------- d-----w- d:\users\MAjor\AppData\Roaming\com.amsoft.Autoskola-user.F7413B326E7EE190C62FFECB0195DD73C683900A.1
2012-08-14 16:38 . 2012-08-14 16:38 -------- d-----w- d:\program files\Autoškola testy
2012-08-09 13:16 . 2012-08-16 11:27 70344 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-09 13:16 . 2012-08-16 11:27 426184 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-08-09 13:08 . 2012-08-09 13:08 -------- d-----w- d:\users\MAjor\AppData\Local\Opera
2012-08-09 13:08 . 2012-08-09 13:08 -------- d-----w- d:\program files\Opera
2012-08-09 11:06 . 2012-08-09 11:06 -------- d-----w- d:\programdata\ATI
2012-08-09 11:06 . 2012-08-09 11:06 -------- d-----w- d:\program files\AMD AVT
2012-08-09 11:06 . 2012-08-09 11:06 -------- d-----w- d:\program files\AMD APP
2012-08-07 19:36 . 2012-08-07 19:36 -------- d-sh--r- d:\users\MAjor\M-1-52-5782-8754-5245
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 17:25 . 2011-12-05 04:48 139448 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2012-08-24 17:24 . 2011-12-05 05:29 282472 ----a-w- d:\windows\system32\PnkBstrB.xtr
2012-08-24 17:24 . 2011-12-05 04:47 282472 ----a-w- d:\windows\system32\PnkBstrB.exe
2012-08-24 17:23 . 2011-12-05 04:47 103736 ----a-w- d:\windows\system32\PnkBstrB.ex0
2012-07-05 20:06 . 2012-04-09 19:29 772544 ----a-w- d:\windows\system32\npdeployJava1.dll
2012-07-05 20:06 . 2012-04-09 19:29 687544 ----a-w- d:\windows\system32\deployJava1.dll
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- d:\windows\system32\msxml4.dll
2012-06-11 18:58 . 2012-06-11 18:58 8733696 ----a-w- d:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 58880 ----a-w- d:\windows\system32\coinst_8.98.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- d:\windows\system32\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- d:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2011-01-26 23:00 924160 ----a-w- d:\windows\system32\aticfx32.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- d:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 468992 ----a-w- d:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 217600 ----a-w- d:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 163840 ----a-w- d:\windows\system32\atitmmxx.dll
2012-06-11 17:17 . 2012-06-11 17:17 20992 ----a-w- d:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- d:\windows\system32\ati2edxx.dll
2012-06-11 17:16 . 2011-01-26 22:49 6301696 ----a-w- d:\windows\system32\atidxx32.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- d:\windows\system32\aticalrt.dll
2012-06-11 16:45 . 2011-01-26 22:28 5480448 ----a-w- d:\windows\system32\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- d:\windows\system32\aticalcl.dll
2012-06-11 16:43 . 2011-01-26 22:24 4729344 ----a-w- d:\windows\system32\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- d:\windows\system32\aticaldd.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- d:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- d:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- d:\windows\system32\atigktxx.dll
2012-06-11 16:25 . 2012-06-11 16:25 295936 ----a-w- d:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-01-26 22:12 42496 ----a-w- d:\windows\system32\atiuxpag.dll
2012-06-11 16:24 . 2011-01-26 22:12 32768 ----a-w- d:\windows\system32\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- d:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- d:\windows\system32\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- d:\windows\system32\amdpcom32.dll
2012-06-11 11:50 . 2012-06-11 11:50 159232 ----a-w- d:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- d:\windows\system32\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- d:\windows\system32\OVDecode.dll
2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- d:\windows\system32\amdocl.dll
2012-06-06 05:09 . 2012-07-11 19:19 1389568 ----a-w- d:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-11 19:19 1236992 ----a-w- d:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-23 09:50 53784 ----a-w- d:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 09:50 45080 ----a-w- d:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 09:50 35864 ----a-w- d:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 09:50 577048 ----a-w- d:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 09:50 1933848 ----a-w- d:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 09:50 2422272 ----a-w- d:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 09:50 88576 ----a-w- d:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 09:50 171904 ----a-w- d:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-23 09:50 33792 ----a-w- d:\windows\system32\wuapp.exe
2012-06-02 04:51 . 2012-07-11 19:19 67440 ----a-w- d:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51 . 2012-07-11 19:19 134000 ----a-w- d:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50 . 2012-07-11 19:19 369336 ----a-w- d:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-11 19:19 225280 ----a-w- d:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-11 19:19 219136 ----a-w- d:\windows\system32\ncrypt.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-01-05 16:19 120712 ----a-w- d:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\Steam\Steam.exe" [2012-08-04 1353080]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Microsoft® Windows System"="d:\users\MAjor\M-1-52-5782-8754-5245\winsam.exe" [2012-08-07 181248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Nikon Message Center 2"="d:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
.
d:\users\MAjor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
fliptoast.lnk - d:\program files\fliptoast\fliptoast.exe [N/A]
.
d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamePark klient 2.lnk - d:\program files\GamePark2\gpcl.exe [2012-3-25 409088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 HTCAND32;HTC Device Driver;d:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;d:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 MSICDSetup;MSICDSetup;E:\CDriver.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;d:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;d:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;d:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;d:\windows\system32\atiesrxx.exe [x]
S2 PassThru Service;Internet Pass-Through Service;d:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S3 amdkmdag;amdkmdag;d:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;d:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;d:\windows\system32\DRIVERS\l160x86.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;d:\windows\system32\drivers\AtihdW73.sys [x]
S3 pcouffin;VSO Software pcouffin;d:\windows\system32\Drivers\pcouffin.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-28 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 11:27]
.
2012-08-23 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1346858010-2952013356-17835165-1000Core.job
- d:\users\MAjor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-09 12:59]
.
2012-08-28 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1346858010-2952013356-17835165-1000UA.job
- d:\users\MAjor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-09 12:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://zonedirector.com/1/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - d:\users\MAjor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-RGSC - d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKLM-Run-WinampAgent - d:\program files\Winamp\winampa.exe
AddRemove-Android SDK Tools - d:\android\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1346858010-2952013356-17835165-1000\Software\SecuROM\License information*]
"datasecu"=hex:c5,dc,a9,41,d8,68,91,a6,81,66,b5,69,da,96,4a,27,d2,fb,81,d2,dc,
85,f4,26,03,44,c0,97,04,08,f6,98,d5,5b,c3,f0,2a,50,82,ed,6e,4c,30,f6,5e,e0,\
"rkeysecu"=hex:85,90,6b,50,f4,03,11,a7,58,da,c7,14,a1,92,26,9f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-08-28 22:20:23
ComboFix-quarantined-files.txt 2012-08-28 20:20
ComboFix2.txt 2012-01-25 20:04
.
Před spuštěním: Volných bajtů: 77 399 560 192
Po spuštění: Volných bajtů: 95 505 170 432
.
- - End Of File - - 0006A7F068098C5AF862A24E8ED25BB6
Re: Prosím o kontrolu logu(FBchat mi odesílá samovolně zpráv
Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte jej na plochu
- Do okna vlozte skript nize
Kód: Vybrat vše
:dir d:\users\MAjor\M-1-52-5782-8754-5245 /sub D:\f7b17801685886edf3fb175e7a38ea89 D:\6c434efb0b35380e5671558b84- Kliknete na Look
- Tlacitko Look se zmeni na Scanning a zsedne
- Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
- Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu(FBchat mi odesílá samovolně zpráv
SystemLook 30.07.11 by jpshortstuff
Log created at 17:57 on 29/08/2012 by MAjor
Administrator - Elevation successful
========== dir ==========
d:\users\MAjor\M-1-52-5782-8754-5245 - Parameters: "/sub"
---Files---
winsam.exe -r-hs-- 181248 bytes [19:36 07/08/2012] [19:36 07/08/2012]
No folders found.
D:\f7b17801685886edf3fb175e7a38ea89 - Unable to find folder.
D:\6c434efb0b35380e5671558b84 - Unable to find folder.
-= EOF =-
Log created at 17:57 on 29/08/2012 by MAjor
Administrator - Elevation successful
========== dir ==========
d:\users\MAjor\M-1-52-5782-8754-5245 - Parameters: "/sub"
---Files---
winsam.exe -r-hs-- 181248 bytes [19:36 07/08/2012] [19:36 07/08/2012]
No folders found.
D:\f7b17801685886edf3fb175e7a38ea89 - Unable to find folder.
D:\6c434efb0b35380e5671558b84 - Unable to find folder.
-= EOF =-
Re: Prosím o kontrolu logu(FBchat mi odesílá samovolně zpráv
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Collect:: d:\users\MAjor\M-1-52-5782-8754-5245\winsam.exe Folder:: d:\users\MAjor\M-1-52-5782-8754-5245 RegLock:: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] RegNull:: [HKEY_USERS\S-1-5-21-1346858010-2952013356-17835165-1000\Software\SecuROM\License information*] DDS:: uStart Page = hxxp://zonedirector.com/1/ Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"=- "DAEMON Tools Lite"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"=- "Adobe ARM"=- "QuickTime Task"=- "Nikon Message Center 2"=- "GrooveMonitor"=- "SunJavaUpdateSched"=- File:: d:\users\MAjor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk ClearJavaCache:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu(FBchat mi odesílá samovolně zpráv
LOG mi zmizl. Ale dobrá zpráva je že už sem bez problémů(chat). Takže již nemusíme pokračovat ,jestli je to možné...
díky za pomoc
díky za pomoc
Přispějete na provoz fóra?