VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

pravdepodobne Skype vir, zahlcuje sít, vypíná touchpad...

https://forum.viry.cz:443/viewtopic.php?t=124992

Stránka 1 z 1

pravdepodobne Skype vir, zahlcuje sít, vypíná touchpad...

Napsal: 12 říj 2012 21:26
od vojtak
Logfile of random's system information tool 1.09 (written by random/random)
Run by Fanda at 2012-10-12 22:22:56
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 216 GB (47%) free of 456 GB
Total RAM: 8173 MB (73% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\system32\WLANExt.exe 30122352
\??\C:\Windows\system32\conhost.exe "-924579075142634132-67441354289121434-2017319603-1392550861-1251171163-1681392488
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
"C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
"C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
taskeng.exe {DB18F3DC-DD5E-4949-90E2-6945AC54FD6D}
"C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe" /AutoStart
"C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe"
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
"C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
C:\Windows\SysWOW64\DllHost.exe /Processid:{CB45D4CA-8A34-4EF1-9957-6134E5270E83}
WLIDSvcM.exe 3980
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Windows\SysWOW64\DllHost.exe /Processid:{78FD0120-D39C-45D8-A9BE-2B802B3C23E5}
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe" -Embedding
"C:\Program Files\Sony\VAIO Smart Network\VSNService.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-262c50b6-8654-4437-b0a7-6afd9ee6cfe0 -SystemEventPortName:HostProcess-c56a8279-03ea-4f6c-a317-f0c3c1f87c1f -IoCancelEventPortName:HostProcess-075fa865-51df-4710-a249-f3e05417de16 -NonStateChangingEventPortName:HostProcess-8983723e-e631-44c5-94dc-cf5836949d98 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:14e514a4-73c3-49c3-b7cb-b16a834442ec
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
/Device:000000a1
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1176 CREDAT:203009
"C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" /Start
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "&_" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\%C3 &_ Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata"
C:\Program Files\Sony\VAIO Care/listener.exe /silent /slot=0
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe"
"C:\Program Files\Sony\VAIO Power Management\SPMService.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\totalcmd\TOTALCMD.EXE"
"C:\Program Files\Sony\VAIO Care\VCSystemTray.exe" -create_disc
"C:\Program Files\Sony\VAIO Care\VCService.exe"
"C:\Program Files\Sony\VAIO Care\VCAgent.exe"
C:\Windows\System32\vds.exe
"C:\Program Files\Sony\VAIO Update Common\VUAgent.exe"
"C:\Windows\system32\wuauclt.exe"
C:\Windows\system32\wbem\wmiprvse.exe
wmiadap.exe /R /T
"C:\rsit\RSITx64.exe"
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933916120-3284996425-3280954921-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933916120-3284996425-3280954921-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Fanda\AppData\Roaming\Mozilla\Firefox\Profiles\l48s3111.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.265 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\Sony\Media Go\npmediago.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.265 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-07-04 978496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-19 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-07-05 51872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05 339872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-19 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05 339872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo - C:\Program Files (x86)\Yontoo\YontooIEClient.dll [2012-01-19 194848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-07-04 978496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05 339872]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-06-24 11855976]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-06-24 2226280]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-07-05 947360]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-07-05 797344]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-06-24 2531624]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"PrnStatusMX"=C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [2007-08-29 1238528]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Fanda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-06 116648]
"AdobeBridge"= []
"EA Core"=C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent []
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-11 3672384]
"Osmcmq"=C:\Users\Fanda\AppData\Roaming\Osmcmq.exe [2012-10-12 936448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-09-05 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-04-30 284440]
"Dolby Home Theater v4"=C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2011-05-02 500736]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-04-25 336384]
"ISBMgr.exe"=C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2011-05-31 2801288]
"PMBVolumeWatcher"=C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [2011-03-15 650080]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-09-05 937920]
""= []
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2011-09-05 36760]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2011-09-05 2904984]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2012-08-29 1996200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 2 months======

2012-10-12 22:22:56 ----D---- C:\Program Files\trend micro
2012-10-12 22:21:47 ----D---- C:\rsit
2012-10-12 21:54:26 ----SHD---- C:\Config.Msi
2012-10-12 20:52:50 ----A---- C:\Users\Fanda\AppData\Roaming\4960.exe
2012-10-12 20:34:46 ----A---- C:\Users\Fanda\AppData\Roaming\BEFB.exe
2012-10-12 20:34:44 ----A---- C:\Users\Fanda\AppData\Roaming\Osmcmq.exe
2012-10-12 18:41:08 ----A---- C:\Users\Fanda\AppData\Roaming\98E9.exe
2012-10-12 18:41:05 ----A---- C:\Users\Fanda\AppData\Roaming\8D64.exe
2012-10-12 17:52:32 ----A---- C:\Users\Fanda\AppData\Roaming\1CB5.exe
2012-10-12 17:52:14 ----A---- C:\Users\Fanda\AppData\Roaming\D3D2.exe
2012-10-12 17:27:22 ----A---- C:\Users\Fanda\AppData\Roaming\118C.exe
2012-10-12 17:27:20 ----A---- C:\Users\Fanda\AppData\Roaming\9FC.exe
2012-10-12 17:03:47 ----A---- C:\Users\Fanda\AppData\Roaming\7A4A.exe
2012-10-12 17:03:47 ----A---- C:\Users\Fanda\AppData\Roaming\7A39.exe
2012-10-12 16:48:51 ----A---- C:\Users\Fanda\AppData\Roaming\CF79.exe
2012-10-12 15:17:15 ----A---- C:\Users\Fanda\AppData\Roaming\F222.exe
2012-10-12 15:17:11 ----A---- C:\Users\Fanda\AppData\Roaming\E372.exe
2012-10-12 14:26:51 ----A---- C:\Users\Fanda\AppData\Roaming\CEA8.exe
2012-10-12 14:18:07 ----A---- C:\Users\Fanda\AppData\Roaming\CD02.exe
2012-10-12 14:18:05 ----A---- C:\Users\Fanda\AppData\Roaming\C785.exe
2012-10-12 14:05:55 ----A---- C:\Users\Fanda\AppData\Roaming\A229.exe
2012-10-12 14:05:16 ----A---- C:\Users\Fanda\AppData\Roaming\9EF.exe
2012-10-12 13:46:35 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2012-10-08 17:54:17 ----D---- C:\Program Files (x86)\Microsoft Games
2012-10-07 23:06:26 ----D---- C:\Program Files (x86)\dEAD iSLAND
2012-10-07 19:48:32 ----SHD---- C:\found.000
2012-10-06 19:01:09 ----A---- C:\Users\Fanda\AppData\Roaming\A7F0.exe
2012-10-06 18:38:19 ----A---- C:\Users\Fanda\AppData\Roaming\C232.exe
2012-10-06 17:51:54 ----A---- C:\Users\Fanda\AppData\Roaming\4219.exe
2012-10-06 17:47:11 ----A---- C:\Windows\system32\drivers\aswSP.sys
2012-10-06 17:47:11 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2012-10-06 17:47:10 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2012-10-06 17:47:09 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2012-10-06 17:47:08 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2012-10-06 17:47:07 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2012-10-06 17:47:04 ----A---- C:\Windows\system32\aswBoot.exe
2012-10-06 17:46:35 ----A---- C:\Windows\avastSS.scr
2012-10-06 17:46:33 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2012-10-06 17:46:21 ----D---- C:\ProgramData\AVAST Software
2012-10-06 17:46:21 ----D---- C:\Program Files\AVAST Software
2012-10-06 17:32:44 ----A---- C:\Users\Fanda\AppData\Roaming\B66C.exe
2012-09-29 19:54:19 ----A---- C:\Windows\system32\OxpsConverter.exe
2012-09-24 20:37:37 ----D---- C:\Program Files\Ubisoft
2012-09-24 03:01:37 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-09-24 03:01:37 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-09-24 03:01:37 ----A---- C:\Windows\system32\mshtmled.dll
2012-09-24 03:01:36 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-09-24 03:01:36 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-09-24 03:01:36 ----A---- C:\Windows\system32\ieUnatt.exe
2012-09-24 03:01:36 ----A---- C:\Windows\system32\ieui.dll
2012-09-24 03:01:35 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-09-24 03:01:35 ----A---- C:\Windows\SYSWOW64\url.dll
2012-09-24 03:01:35 ----A---- C:\Windows\system32\url.dll
2012-09-24 03:01:33 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-09-24 03:01:33 ----A---- C:\Windows\system32\urlmon.dll
2012-09-24 03:01:33 ----A---- C:\Windows\system32\msfeeds.dll
2012-09-24 03:01:33 ----A---- C:\Windows\system32\jscript9.dll
2012-09-24 03:01:32 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-09-24 03:01:31 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-09-24 03:01:31 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-09-24 03:01:31 ----A---- C:\Windows\system32\wininet.dll
2012-09-24 03:01:31 ----A---- C:\Windows\system32\vbscript.dll
2012-09-24 03:01:31 ----A---- C:\Windows\system32\jsproxy.dll
2012-09-24 03:01:30 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-09-24 03:01:30 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-09-24 03:01:30 ----A---- C:\Windows\system32\jscript.dll
2012-09-24 03:01:30 ----A---- C:\Windows\system32\iertutil.dll
2012-09-24 03:01:29 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-09-24 03:01:28 ----A---- C:\Windows\system32\mshtml.dll
2012-09-24 03:01:27 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-09-24 03:01:27 ----A---- C:\Windows\system32\ieframe.dll
2012-09-23 22:39:19 ----D---- C:\Games
2012-09-23 22:39:08 ----D---- C:\Users\Fanda\AppData\Roaming\Dark Pathogen Studios
2012-09-23 22:00:42 ----D---- C:\Program Files (x86)\Giants
2012-09-23 21:12:29 ----D---- C:\Program Files (x86)\EA Sports
2012-09-14 19:04:32 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
2012-09-14 19:04:32 ----A---- C:\Windows\system32\drivers\ndis.sys
2012-09-14 19:04:31 ----A---- C:\Windows\system32\d3d10level9.dll
2012-09-14 19:04:30 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2012-09-14 19:04:29 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-09-14 19:04:29 ----A---- C:\Windows\system32\drivers\netio.sys
2012-09-14 19:04:29 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-09-13 21:01:54 ----D---- C:\ProgramData\Ubisoft
2012-09-05 21:23:36 ----D---- C:\Program Files (x86)\THQ
2012-09-03 16:00:17 ----D---- C:\Windows\SYSWOW64\AGEIA
2012-09-03 16:00:17 ----D---- C:\Program Files (x86)\AGEIA Technologies
2012-09-03 15:32:55 ----D---- C:\Program Files (x86)\2K Games
2012-09-03 15:21:59 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2012-09-03 15:21:59 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2012-09-03 15:21:59 ----A---- C:\Windows\system32\XAudio2_6.dll
2012-09-03 15:21:59 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2012-09-03 15:21:58 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2012-09-03 15:21:58 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2012-09-03 15:21:58 ----A---- C:\Windows\system32\xactengine3_6.dll
2012-09-03 15:21:58 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2012-09-03 15:21:57 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2012-09-03 15:21:57 ----A---- C:\Windows\system32\XAudio2_5.dll
2012-09-03 15:21:57 ----A---- C:\Windows\system32\xactengine3_5.dll
2012-09-03 15:21:56 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2012-09-03 15:21:56 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2012-09-03 15:21:56 ----A---- C:\Windows\system32\d3dcsx_42.dll
2012-09-03 15:21:56 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2012-09-03 15:21:55 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2012-09-03 15:21:55 ----A---- C:\Windows\system32\d3dx11_42.dll
2012-09-03 15:21:52 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2012-09-03 15:21:52 ----A---- C:\Windows\system32\D3DX9_41.dll
2012-09-03 15:21:52 ----A---- C:\Windows\system32\d3dx10_41.dll
2012-09-03 15:21:52 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2012-09-03 15:21:51 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2012-09-03 15:21:51 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2012-09-03 15:21:51 ----A---- C:\Windows\system32\XAudio2_4.dll
2012-09-03 15:21:51 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2012-09-03 15:21:51 ----A---- C:\Windows\system32\xactengine3_4.dll
2012-09-03 15:21:50 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2012-09-03 15:21:50 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2012-09-03 15:21:50 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2012-09-03 15:21:50 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2012-09-03 15:21:49 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2012-09-03 15:21:49 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2012-09-03 15:21:49 ----A---- C:\Windows\system32\D3DX9_40.dll
2012-09-03 15:21:49 ----A---- C:\Windows\system32\d3dx10_40.dll
2012-09-03 15:21:48 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2012-09-03 15:21:48 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2012-09-03 15:21:48 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2012-09-03 15:21:48 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2012-09-03 15:21:48 ----A---- C:\Windows\system32\XAudio2_3.dll
2012-09-03 15:21:48 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2012-09-03 15:21:48 ----A---- C:\Windows\system32\xactengine3_3.dll
2012-09-03 15:21:48 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2012-09-03 15:21:47 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2012-09-03 15:21:47 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2012-09-03 15:21:47 ----A---- C:\Windows\system32\XAudio2_2.dll
2012-09-03 15:21:47 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2012-09-03 15:21:46 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2012-09-03 15:21:46 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2012-09-03 15:21:46 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2012-09-03 15:21:46 ----A---- C:\Windows\system32\xactengine3_2.dll
2012-09-03 15:21:46 ----A---- C:\Windows\system32\d3dx10_39.dll
2012-09-03 15:21:46 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2012-09-03 15:21:45 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2012-09-03 15:21:45 ----A---- C:\Windows\system32\D3DX9_39.dll
2012-09-03 15:21:44 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2012-09-03 15:21:44 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2012-09-03 15:21:44 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2012-09-03 15:21:44 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2012-09-03 15:21:44 ----A---- C:\Windows\system32\XAudio2_1.dll
2012-09-03 15:21:44 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2012-09-03 15:21:44 ----A---- C:\Windows\system32\xactengine3_1.dll
2012-09-03 15:21:44 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2012-09-03 15:21:43 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2012-09-03 15:21:43 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2012-09-03 15:21:43 ----A---- C:\Windows\system32\d3dx10_38.dll
2012-09-03 15:21:43 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2012-09-03 15:21:42 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2012-09-03 15:21:42 ----A---- C:\Windows\system32\D3DX9_38.dll
2012-09-03 15:21:41 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2012-09-03 15:21:41 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2012-09-03 15:21:41 ----A---- C:\Windows\system32\XAudio2_0.dll
2012-09-03 15:21:41 ----A---- C:\Windows\system32\xactengine3_0.dll
2012-09-03 15:21:40 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2012-09-03 15:21:40 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2012-09-03 15:21:40 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2012-09-03 15:21:40 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2012-09-03 15:21:40 ----A---- C:\Windows\system32\d3dx10_37.dll
2012-09-03 15:21:40 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2012-09-03 15:21:39 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2012-09-03 15:21:39 ----A---- C:\Windows\system32\D3DX9_37.dll
2012-09-03 15:21:38 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2012-09-03 15:21:38 ----A---- C:\Windows\system32\xactengine2_10.dll
2012-09-03 15:21:37 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2012-09-03 15:21:37 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2012-09-03 15:21:37 ----A---- C:\Windows\system32\d3dx10_36.dll
2012-09-03 15:21:37 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2012-09-03 15:21:36 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2012-09-03 15:21:36 ----A---- C:\Windows\system32\d3dx9_36.dll
2012-09-03 15:21:35 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2012-09-03 15:21:35 ----A---- C:\Windows\system32\xactengine2_9.dll
2012-09-03 15:21:34 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2012-09-03 15:21:34 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2012-09-03 15:21:34 ----A---- C:\Windows\system32\d3dx10_35.dll
2012-09-03 15:21:34 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2012-09-03 15:21:32 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2012-09-03 15:21:32 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2012-09-03 15:21:32 ----A---- C:\Windows\system32\xactengine2_8.dll
2012-09-03 15:21:32 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2012-09-03 15:21:31 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2012-09-03 15:21:31 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2012-09-03 15:21:31 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2012-09-03 15:21:31 ----A---- C:\Windows\system32\d3dx9_34.dll
2012-09-03 15:21:31 ----A---- C:\Windows\system32\d3dx10_34.dll
2012-09-03 15:21:31 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2012-09-03 15:21:30 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2012-09-03 15:21:30 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2012-09-03 15:21:30 ----A---- C:\Windows\system32\xinput1_3.dll
2012-09-03 15:21:30 ----A---- C:\Windows\system32\xactengine2_7.dll
2012-09-03 15:21:29 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2012-09-03 15:21:29 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2012-09-03 15:21:29 ----A---- C:\Windows\system32\d3dx10_33.dll
2012-09-03 15:21:29 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2012-09-03 15:21:28 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2012-09-03 15:21:28 ----A---- C:\Windows\system32\d3dx9_33.dll
2012-09-03 15:21:27 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2012-09-03 15:21:27 ----A---- C:\Windows\system32\xactengine2_6.dll
2012-09-03 15:21:26 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2012-09-03 15:21:26 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2012-09-03 15:21:26 ----A---- C:\Windows\system32\xactengine2_5.dll
2012-09-03 15:21:26 ----A---- C:\Windows\system32\d3dx10.dll
2012-09-03 15:21:24 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2012-09-03 15:21:24 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2012-09-03 15:21:24 ----A---- C:\Windows\system32\xactengine2_4.dll
2012-09-03 15:21:24 ----A---- C:\Windows\system32\x3daudio1_1.dll
2012-09-03 15:21:22 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2012-09-03 15:21:22 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2012-09-03 15:21:22 ----A---- C:\Windows\system32\xinput1_2.dll
2012-09-03 15:21:22 ----A---- C:\Windows\system32\xactengine2_3.dll
2012-09-03 15:21:21 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2012-09-03 15:21:21 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2012-09-03 15:21:21 ----A---- C:\Windows\system32\xinput1_1.dll
2012-09-03 15:21:21 ----A---- C:\Windows\system32\xactengine2_2.dll
2012-09-03 15:21:20 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2012-09-03 15:21:20 ----A---- C:\Windows\system32\xactengine2_1.dll
2012-09-03 15:21:11 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2012-09-03 15:21:11 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2012-09-03 15:21:11 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2012-09-03 15:21:11 ----A---- C:\Windows\system32\xactengine2_0.dll
2012-09-03 15:21:11 ----A---- C:\Windows\system32\x3daudio1_0.dll
2012-09-03 15:21:11 ----A---- C:\Windows\system32\d3dx9_29.dll
2012-09-03 15:21:10 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2012-09-03 15:21:10 ----A---- C:\Windows\system32\d3dx9_28.dll
2012-09-03 15:21:08 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2012-09-03 15:21:08 ----A---- C:\Windows\system32\d3dx9_26.dll
2012-09-03 15:21:06 ----A---- C:\Windows\system32\d3dx9_25.dll
2012-09-03 15:21:05 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2012-09-03 15:21:05 ----A---- C:\Windows\system32\d3dx9_24.dll
2012-09-03 15:17:52 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-09-03 15:17:48 ----D---- C:\Users\Fanda\AppData\Roaming\DAEMON Tools Lite
2012-09-03 15:17:43 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2012-09-03 15:17:21 ----D---- C:\ProgramData\DAEMON Tools Lite
2012-09-02 22:14:04 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2012-09-02 22:14:04 ----A---- C:\Windows\system32\d3dx9_27.dll
2012-09-02 20:32:49 ----D---- C:\Program Files (x86)\Robot Entertainment
2012-09-02 18:40:04 ----D---- C:\Program Files (x86)\BioWare
2012-08-24 22:15:29 ----D---- C:\Users\Fanda\AppData\Roaming\PACE Anti-Piracy
2012-08-24 22:15:29 ----D---- C:\ProgramData\PACE Anti-Piracy
2012-08-24 22:11:49 ----D---- C:\Users\Fanda\AppData\Roaming\GHISLER
2012-08-24 22:11:49 ----D---- C:\totalcmd
2012-08-24 19:11:44 ----D---- C:\ProgramData\ALM
2012-08-24 18:53:09 ----D---- C:\Program Files (x86)\My Company Name
2012-08-24 18:50:54 ----D---- C:\adobeTemp
2012-08-24 18:05:09 ----D---- C:\adobe
2012-08-17 10:10:31 ----A---- C:\Windows\system32\drivers\bthport.sys
2012-08-15 21:39:23 ----A---- C:\Windows\system32\localspl.dll
2012-08-15 21:39:03 ----A---- C:\Windows\SYSWOW64\srclient.dll
2012-08-15 21:39:03 ----A---- C:\Windows\system32\srcore.dll
2012-08-15 21:39:02 ----A---- C:\Windows\system32\browser.dll
2012-08-15 21:39:02 ----A---- C:\Windows\system32\browcli.dll
2012-08-15 21:39:01 ----A---- C:\Windows\SYSWOW64\netapi32.dll
2012-08-15 21:39:01 ----A---- C:\Windows\SYSWOW64\browcli.dll
2012-08-15 21:39:01 ----A---- C:\Windows\system32\netapi32.dll
2012-08-15 21:38:59 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2012-08-15 21:38:59 ----A---- C:\Windows\system32\win32spl.dll
2012-08-15 21:38:59 ----A---- C:\Windows\system32\spoolsv.exe
2012-08-15 21:38:59 ----A---- C:\Windows\splwow64.exe
2012-08-15 21:38:53 ----A---- C:\Windows\system32\win32k.sys
2012-08-15 21:28:35 ----D---- C:\ProgramData\Electronic Arts
2012-08-15 21:27:18 ----D---- C:\Program Files (x86)\Microsoft WSE
2012-08-15 21:26:30 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2012-08-15 21:26:30 ----A---- C:\Windows\system32\d3dx9_31.dll
2012-08-15 21:07:29 ----D---- C:\Program Files (x86)\Electronic Arts
2012-08-14 09:11:14 ----A---- C:\Windows\system32\frapsv64.dll
2012-08-14 09:11:12 ----A---- C:\Windows\SYSWOW64\frapsvid.dll

======List of files/folders modified in the last 2 months======

2012-10-12 22:22:56 ----RD---- C:\Program Files
2012-10-12 22:22:56 ----D---- C:\Windows\Temp
2012-10-12 22:20:38 ----D---- C:\Windows\System32
2012-10-12 22:20:38 ----D---- C:\Windows\inf
2012-10-12 22:20:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-10-12 22:18:17 ----A---- C:\Windows\SYSWOW64\log.txt
2012-10-12 22:16:47 ----D---- C:\Windows\system32\config
2012-10-12 22:16:22 ----D---- C:\Windows\Prefetch
2012-10-12 22:12:34 ----RSD---- C:\Windows\Fonts
2012-10-12 22:11:57 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-10-12 22:11:36 ----SHD---- C:\System Volume Information
2012-10-12 22:09:18 ----SHD---- C:\Windows\Installer
2012-10-12 22:09:16 ----RD---- C:\Program Files (x86)
2012-10-12 22:09:16 ----D---- C:\ProgramData\Skype
2012-10-12 22:09:16 ----D---- C:\Program Files (x86)\Common Files
2012-10-12 22:09:13 ----D---- C:\Users\Fanda\AppData\Roaming\Skype
2012-10-12 22:06:53 ----HD---- C:\ProgramData
2012-10-12 21:54:54 ----SD---- C:\ProgramData\Microsoft
2012-10-12 21:54:54 ----D---- C:\Program Files (x86)\Microsoft
2012-10-12 14:07:21 ----D---- C:\Windows\system32\catroot
2012-10-12 14:07:17 ----D---- C:\Windows\system32\catroot2
2012-10-08 17:56:03 ----RSD---- C:\Windows\assembly
2012-10-08 17:55:50 ----D---- C:\Windows\winsxs
2012-10-07 23:04:59 ----D---- C:\ProgramData\McAfee
2012-10-07 23:01:24 ----DC---- C:\Windows\system32\DRVSTORE
2012-10-07 23:00:56 ----D---- C:\Windows
2012-10-07 22:54:37 ----D---- C:\Program Files\Common Files
2012-10-07 22:51:29 ----D---- C:\Windows\system32\drivers
2012-10-07 22:51:24 ----D---- C:\Windows\system32\DriverStore
2012-10-07 22:51:23 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-10-07 10:55:27 ----D---- C:\Windows\rescache
2012-10-06 20:02:04 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-06 17:47:07 ----D---- C:\Windows\SysWOW64
2012-10-03 17:32:22 ----D---- C:\Users\Fanda\AppData\Roaming\.minecraft
2012-09-24 03:18:06 ----D---- C:\Windows\SYSWOW64\migration
2012-09-24 03:18:06 ----D---- C:\Windows\system32\migration
2012-09-24 03:18:06 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-24 03:18:05 ----D---- C:\Program Files\Internet Explorer
2012-09-03 15:20:37 ----D---- C:\Windows\Logs
2012-09-02 22:14:06 ----D---- C:\Windows\Microsoft.NET
2012-08-28 22:41:33 ----HD---- C:\ProgramData\ArcSoft
2012-08-28 21:28:34 ----D---- C:\Users\Fanda\AppData\Roaming\ArcSoft
2012-08-24 19:57:24 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2012-08-24 19:56:25 ----D---- C:\Users\Fanda\AppData\Roaming\Adobe
2012-08-24 19:24:40 ----D---- C:\ProgramData\Adobe
2012-08-24 19:16:57 ----D---- C:\Program Files\Common Files\Adobe
2012-08-24 19:16:57 ----D---- C:\Program Files\Adobe
2012-08-24 19:09:49 ----D---- C:\Program Files (x86)\Adobe
2012-08-22 00:00:19 ----D---- C:\Users\Fanda\AppData\Roaming\skypePM
2012-08-21 11:50:24 ----D---- C:\Windows\system32\drivers\UMDF
2012-08-15 21:27:19 ----SD---- C:\Users\Fanda\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2011-06-30 557848]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 31064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 600920]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 288088]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 45400]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-03 283200]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 22360]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 64856]
R2 rimspci;rimspci; C:\Windows\system32\drivers\rimssne64.sys [2011-06-24 102400]
R2 risdsnpe;risdsnpe; C:\Windows\system32\drivers\risdsnxc64.sys [2011-06-24 98816]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-08-12 9085952]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-08-12 299520]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-21 2753536]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\drivers\btath_bus.sys [2011-07-05 30368]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-06-24 2886888]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-06-24 76912]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2011-06-24 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2011-07-22 231328]
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\drivers\SFEP.sys [2010-04-26 12032]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\drivers\SynTP.sys [2011-06-24 1404464]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-07-05 36000]
S3 ATHDFU;Atheros Valkyrie USB BootROM; C:\Windows\System32\Drivers\AthDfu.sys [2011-07-05 51872]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-07-05 330400]
S3 btath_avdt;Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2011-07-05 110240]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\drivers\btath_hcrp.sys [2011-07-05 167072]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-07-05 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\drivers\btath_rcp.sys [2011-07-05 280992]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-07-05 496800]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\Windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9; C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-08-12 203776]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-07-05 138400]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-07-05 98976]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-06-24 326424]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
R2 SampleCollector;VAIO Care Performance Service; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-07-22 259512]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 uCamMonitor;CamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-06-24 2656536]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe [2011-07-07 66696]
R2 VAIO Power Management;VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-05-31 552584]
R2 VSNService;VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-07-15 969352]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 VCService;VCService; C:\Program Files\Sony\VAIO Care\VCService.exe [2011-08-12 54408]
R3 VUAgent;VUAgent; C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-06-30 1380480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-19 44376]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-02 114144]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 SOHCImp;VAIO Content Importer; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
S3 SOHDs;VAIO Device Searcher; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
S3 SpfService;VAIO Entertainment Common Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 VCFw;VAIO Content Folder Watcher; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager; C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-09 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Re: pravdepodobne Skype vir, zahlcuje sít, vypíná touchpad..

Napsal: 12 říj 2012 21:50
od Rudy
Poprosím o log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: pravdepodobne Skype vir, zahlcuje sít, vypíná touchpad..

Napsal: 12 říj 2012 22:36
od vojtak
ComboFix 12-10-12.01 - Fanda 12.10.2012 23:00:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8173.6243 [GMT 2:00]
Spuštěný z: c:\users\Fanda\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fanda\AppData\Roaming\118C.exe
c:\users\Fanda\AppData\Roaming\1CB5.exe
c:\users\Fanda\AppData\Roaming\4219.exe
c:\users\Fanda\AppData\Roaming\4960.exe
c:\users\Fanda\AppData\Roaming\7A39.exe
c:\users\Fanda\AppData\Roaming\7A4A.exe
c:\users\Fanda\AppData\Roaming\8D64.exe
c:\users\Fanda\AppData\Roaming\98E9.exe
c:\users\Fanda\AppData\Roaming\9EF.exe
c:\users\Fanda\AppData\Roaming\9FC.exe
c:\users\Fanda\AppData\Roaming\A229.exe
c:\users\Fanda\AppData\Roaming\A7F0.exe
c:\users\Fanda\AppData\Roaming\B66C.exe
c:\users\Fanda\AppData\Roaming\BEFB.exe
c:\users\Fanda\AppData\Roaming\C232.exe
c:\users\Fanda\AppData\Roaming\C785.exe
c:\users\Fanda\AppData\Roaming\CD02.exe
c:\users\Fanda\AppData\Roaming\CEA8.exe
c:\users\Fanda\AppData\Roaming\CF79.exe
c:\users\Fanda\AppData\Roaming\D3D2.exe
c:\users\Fanda\AppData\Roaming\E372.exe
c:\users\Fanda\AppData\Roaming\F222.exe
c:\users\Fanda\AppData\Roaming\Osmcmq.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-12 do 2012-10-12 )))))))))))))))))))))))))))))))
.
.
2012-10-12 21:12 . 2012-10-12 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-12 20:36 . 2012-10-12 20:45 -------- d-----w- C:\data
2012-10-12 20:35 . 2012-10-12 20:36 -------- d-----w- C:\filmy
2012-10-12 20:27 . 2012-10-12 20:28 -------- d-----w- C:\programy
2012-10-12 20:22 . 2012-10-12 20:22 -------- d-----w- c:\program files\trend micro
2012-10-12 20:21 . 2012-10-12 20:22 -------- d-----w- C:\rsit
2012-10-12 11:46 . 2012-10-12 11:46 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-10-08 15:54 . 2012-10-08 15:54 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-10-07 21:06 . 2012-10-07 21:06 -------- d-----w- c:\program files (x86)\dEAD iSLAND
2012-10-07 17:48 . 2012-10-07 17:48 -------- d-----w- C:\found.000
2012-10-06 15:47 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-06 15:47 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-06 15:47 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-06 15:47 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-06 15:47 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-06 15:47 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-06 15:47 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-06 15:46 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2012-10-06 15:46 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-06 15:46 . 2012-10-06 15:46 -------- d-----w- c:\programdata\AVAST Software
2012-10-06 15:46 . 2012-10-06 15:46 -------- d-----w- c:\program files\AVAST Software
2012-10-02 20:38 . 2012-10-02 20:38 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-29 17:54 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 18:37 . 2012-09-24 18:37 -------- d-----w- c:\program files\Ubisoft
2012-09-23 20:39 . 2012-10-12 20:06 -------- d-----w- C:\Games
2012-09-23 20:39 . 2012-09-24 18:16 -------- d-----w- c:\users\Fanda\AppData\Roaming\Dark Pathogen Studios
2012-09-23 20:00 . 2012-09-23 20:03 -------- d-----w- c:\program files (x86)\Giants
2012-09-18 20:29 . 2012-09-20 05:38 -------- d-----w- c:\users\Fanda\AppData\Local\Microsoft Games
2012-09-14 17:04 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-14 17:04 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-14 17:04 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-14 17:04 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-14 17:04 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-14 17:04 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-14 17:04 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-13 19:05 . 2012-09-13 19:05 -------- d-----w- c:\users\Fanda\AppData\Local\Skyrim
2012-09-13 19:01 . 2012-09-13 19:01 -------- d-----w- c:\programdata\Ubisoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 13:17 . 2012-09-03 13:17 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-14 07:11 . 2012-08-14 07:11 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-08-14 07:11 . 2012-08-14 07:11 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-07-18 18:15 . 2012-08-15 19:38 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-01-19 00:09 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-05-02 500736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-25 336384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-05-31 2801288]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-09-05 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-07-05 36000]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2011-07-05 51872]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-07-05 330400]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-07-05 110240]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-07-05 167072]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-07-05 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-07-05 280992]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-07-05 496800]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-02 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-12 203776]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 64856]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-07-05 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-07-05 98976]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2011-06-24 102400]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys [2011-06-24 98816]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-07-22 259512]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-06-24 2656536]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-05-31 552584]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-07-15 969352]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-12 9085952]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-12 299520]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-07-05 30368]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-03 283200]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-06-24 76912]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2011-06-24 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-10 181248]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-08-12 54408]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-06-30 1380480]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-933916120-3284996425-3280954921-1000Core.job
- c:\users\Fanda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-06 17:45]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-933916120-3284996425-3280954921-1000UA.job
- c:\users\Fanda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-06 17:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-24 11855976]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-24 2226280]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-07-05 947360]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-07-05 797344]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1238528]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\users\Fanda\AppData\Roaming\Mozilla\Firefox\Profiles\l48s3111.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-Osmcmq - c:\users\Fanda\AppData\Roaming\Osmcmq.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-10-12 23:30:55
ComboFix-quarantined-files.txt 2012-10-12 21:30
.
Před spuštěním: Volných bajtů: 232 240 914 432
Po spuštění: Volných bajtů: 238 291 058 688
.
- - End Of File - - C6AA07CFBD359A33C8347EA358641983

Re: pravdepodobne Skype vir, zahlcuje sít, vypíná touchpad..

Napsal: 13 říj 2012 10:45
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Folder::
c:\program files (x86)\Yontoo

File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-933916120-3284996425-3280954921-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-933916120-3284996425-3280954921-1000UA.job

Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

Reboot::
Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: pravdepodobne Skype vir, zahlcuje sít, vypíná touchpad..

Napsal: 13 říj 2012 12:27
od vojtak
stále se stává to, že cca po minutě vypadne touchpad...

ComboFix 12-10-12.01 - Fanda 13.10.2012 12:22:53.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8173.6250 [GMT 2:00]
Spuštěný z: c:\users\Fanda\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Fanda\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-933916120-3284996425-3280954921-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-933916120-3284996425-3280954921-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Yontoo
c:\program files (x86)\Yontoo\YontooIEClient.dll
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-933916120-3284996425-3280954921-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-933916120-3284996425-3280954921-1000UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-13 do 2012-10-13 )))))))))))))))))))))))))))))))
.
.
2012-10-13 10:29 . 2012-10-13 10:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-12 20:36 . 2012-10-12 20:45 -------- d-----w- C:\data
2012-10-12 20:35 . 2012-10-12 20:36 -------- d-----w- C:\filmy
2012-10-12 20:27 . 2012-10-12 20:28 -------- d-----w- C:\programy
2012-10-12 20:22 . 2012-10-12 20:22 -------- d-----w- c:\program files\trend micro
2012-10-12 20:21 . 2012-10-12 20:22 -------- d-----w- C:\rsit
2012-10-12 12:09 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-12 12:09 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-12 12:09 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-12 12:09 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-12 12:09 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-12 12:09 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-12 11:46 . 2012-10-12 11:46 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-10-08 15:54 . 2012-10-08 15:54 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-10-07 21:06 . 2012-10-07 21:06 -------- d-----w- c:\program files (x86)\dEAD iSLAND
2012-10-07 17:48 . 2012-10-07 17:48 -------- d-----w- C:\found.000
2012-10-06 15:47 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-06 15:47 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-06 15:47 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-06 15:47 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-06 15:47 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-06 15:47 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-06 15:47 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-06 15:46 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2012-10-06 15:46 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-06 15:46 . 2012-10-06 15:46 -------- d-----w- c:\programdata\AVAST Software
2012-10-06 15:46 . 2012-10-06 15:46 -------- d-----w- c:\program files\AVAST Software
2012-10-02 20:38 . 2012-10-02 20:38 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-29 17:54 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 18:37 . 2012-09-24 18:37 -------- d-----w- c:\program files\Ubisoft
2012-09-23 20:39 . 2012-10-12 20:06 -------- d-----w- C:\Games
2012-09-23 20:39 . 2012-09-24 18:16 -------- d-----w- c:\users\Fanda\AppData\Roaming\Dark Pathogen Studios
2012-09-23 20:00 . 2012-09-23 20:03 -------- d-----w- c:\program files (x86)\Giants
2012-09-18 20:29 . 2012-09-20 05:38 -------- d-----w- c:\users\Fanda\AppData\Local\Microsoft Games
2012-09-14 17:04 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-14 17:04 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-14 17:04 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-14 17:04 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-14 17:04 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-14 17:04 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-14 17:04 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-13 19:05 . 2012-09-13 19:05 -------- d-----w- c:\users\Fanda\AppData\Local\Skyrim
2012-09-13 19:01 . 2012-09-13 19:01 -------- d-----w- c:\programdata\Ubisoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 13:17 . 2012-09-03 13:17 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-14 07:11 . 2012-08-14 07:11 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-08-14 07:11 . 2012-08-14 07:11 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-07-18 18:15 . 2012-08-15 19:38 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-05-02 500736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-25 336384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-05-31 2801288]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-09-05 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
2;2 SampleCollector;VAIO Care Performance Service [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-06-24 2656536]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-05-31 552584]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-07-05 36000]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2011-07-05 51872]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-07-05 330400]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-07-05 110240]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-07-05 167072]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-07-05 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-07-05 280992]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-07-05 496800]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-02 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-08-12 54408]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-06-30 1380480]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-12 203776]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 64856]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-07-05 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-07-05 98976]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2011-06-24 102400]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys [2011-06-24 98816]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-07-15 969352]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-12 9085952]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-12 299520]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-07-05 30368]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-03 283200]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-06-24 76912]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2011-06-24 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-10 181248]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-24 11855976]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-24 2226280]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-07-05 947360]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-07-05 797344]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1238528]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\users\Fanda\AppData\Roaming\Mozilla\Firefox\Profiles\l48s3111.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo\YontooIEClient.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgr.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Celkový čas: 2012-10-13 12:36:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-13 10:36
ComboFix2.txt 2012-10-12 21:31
.
Před spuštěním: Volných bajtů: 243 841 654 784
Po spuštění: Volných bajtů: 243 740 733 440
.
- - End Of File - - 2CA032E6A1B7EDA5268745C4F6A5153A

Re: pravdepodobne Skype vir, zahlcuje sít, vypíná touchpad..

Napsal: 13 říj 2012 12:39
od Rudy
Udělejte sken AVPTool: http://forum.viry.cz/viewtopic.php?f=29&t=58179 a dejte log.

Re: pravdepodobne Skype vir, zahlcuje sít, vypíná touchpad..

Napsal: 13 říj 2012 19:05
od vojtak
Status: Disinfected (events: 2)
13.10.2012 18:22:50 Disinfected Trojan program Trojan.Win32.Bublik.iza C:\Documents and Settings\Fanda\Downloads\skype_05102012_image.zip High
13.10.2012 18:22:50 Disinfected Trojan program Trojan.Win32.Bublik.iza C:\Documents and Settings\Fanda\Downloads\skype_05102012_image.zip/skype_05102012_image.exe High
Status: Deleted (events: 19)
13.10.2012 19:02:36 Deleted Trojan program Trojan-Ransom.Win32.PornoAsset.aklz C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\118C.exe.vir High
13.10.2012 19:02:39 Deleted Trojan program Trojan-Ransom.Win32.PornoAsset.aklz C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\1CB5.exe.vir High
13.10.2012 19:02:42 Deleted Trojan program Trojan-Spy.Win32.Zbot.fnjo C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\4219.exe.vir High
13.10.2012 19:02:42 Deleted Trojan program Trojan-Spy.Win32.Zbot.fnjo C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\4219.exe.vir//UPX High
13.10.2012 19:02:46 Deleted Trojan program Trojan-Ransom.Win32.PornoAsset.aklz C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\8D64.exe.vir High
13.10.2012 19:02:49 Deleted Trojan program Trojan-Ransom.Win32.PornoAsset.aklz C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\98E9.exe.vir High
13.10.2012 19:02:52 Deleted Trojan program Trojan-Ransom.Win32.PornoAsset.akhk C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\9EF.exe.vir High
13.10.2012 19:02:55 Deleted Trojan program Trojan-Ransom.Win32.PornoAsset.aklz C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\9FC.exe.vir High
13.10.2012 19:02:58 Deleted Trojan program Trojan-Ransom.Win32.PornoAsset.akhk C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\A229.exe.vir High
13.10.2012 19:03:00 Deleted Trojan program Trojan-Spy.Win32.Zbot.fnjo C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\B66C.exe.vir High
13.10.2012 19:03:00 Deleted Trojan program Trojan-Spy.Win32.Zbot.fnjo C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\B66C.exe.vir//UPX High
13.10.2012 19:03:03 Deleted Trojan program Trojan-Ransom.Win32.PornoAsset.aklz C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\BEFB.exe.vir High
13.10.2012 19:03:05 Deleted Trojan program Trojan-Ransom.Win32.PornoAsset.akhk C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\C785.exe.vir High
13.10.2012 19:03:08 Deleted Trojan program Trojan-Ransom.Win32.PornoAsset.akhk C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\CD02.exe.vir High
13.10.2012 19:03:11 Deleted Trojan program Trojan-Ransom.Win32.PornoAsset.akhk C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\CEA8.exe.vir High
13.10.2012 19:03:14 Deleted Trojan program Trojan-Ransom.Win32.PornoAsset.aklp C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\CF79.exe.vir High
13.10.2012 19:03:16 Deleted Trojan program Trojan-Ransom.Win32.PornoAsset.aklz C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\D3D2.exe.vir High
13.10.2012 19:03:19 Deleted Trojan program Trojan-Ransom.Win32.PornoAsset.aklp C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\F222.exe.vir High
13.10.2012 19:03:23 Deleted Trojan program Trojan.Win32.Bublik.iza C:\Qoobox\Quarantine\C\Users\Fanda\AppData\Roaming\Osmcmq.exe.vir High

Re: pravdepodobne Skype vir, zahlcuje sít, vypíná touchpad..

Napsal: 13 říj 2012 19:15
od Rudy
Vše smazáno, nebo vyléčeno. Nastala nějaká změna?

Re: pravdepodobne Skype vir, zahlcuje sít, vypíná touchpad..

Napsal: 13 říj 2012 19:30
od vojtak
furt mi ale nefunguje touchpad nevíte co stím může být ? :(

Re: pravdepodobne Skype vir, zahlcuje sít, vypíná touchpad..

Napsal: 13 říj 2012 19:59
od Rudy
Zkuste ho ve správci zařízení odebrat. Pak restartujte PC a nechte ho znovu načíst systémem. Někdy to pomůže.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz