VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Zamrzávání PC - Mediafire virus

https://forum.viry.cz:443/viewtopic.php?t=127976

Stránka 1 z 2

Zamrzávání PC - Mediafire virus

Napsal: 09 úno 2013 16:06
od iEze
Ahoj

Před několika dny se podařilo jednomu rodinému příslušníkovi stáhnout do pc virus přes skype odkaz na mediafire.
Hned se mu vypla myš i klávesnice a microsoft essentials security hlásilo asi 7 virů. Jak to přestalo, naskakoval po biosu "Reboot and Select Proper boot device". Po několikadenní opravě se nám podařilo dostat zpět do win7, stáhli jsme Aviru (Avast nešel nainstalovat) a Malwarebytes, ten nám našel toto:
Nalezené soubory: 17
D:\Documents and Settings\All Users\Data aplikací\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\29A73ACD\3E688669\stb0.dll (Adware.DoubleD) -> Přesun do karantény a smazání se zdařilo.
D:\Documents and Settings\All Users\Data aplikací\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\36F1A852\3E688669\MyDll.dll (Adware.DoubleD.Gen) -> Přesun do karantény a smazání se zdařilo.
D:\Documents and Settings\All Users\Data aplikací\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\4F73E13A\3E688669\stbapp.dll (Adware.DoubleD.Gen) -> Přesun do karantény a smazání se zdařilo.
D:\Documents and Settings\All Users\Data aplikací\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\50EF6DF6\3E688669\Riched20Smiley.dll (Adware.DoubleD) -> Přesun do karantény a smazání se zdařilo.
D:\Documents and Settings\All Users\Data aplikací\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\6216A4BD\3E688669\stbYahoo8.dll (Adware.DoubleD.Gen) -> Přesun do karantény a smazání se zdařilo.
D:\Documents and Settings\All Users\Data aplikací\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\628759C1\3E688669\stbOLEX.dll (Adware.DoubleD.Gen) -> Přesun do karantény a smazání se zdařilo.
D:\Documents and Settings\All Users\Data aplikací\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\A26F7F7\3E688669\stbOL.dll (Adware.DoubleD.Gen) -> Přesun do karantény a smazání se zdařilo.
D:\Documents and Settings\All Users\Data aplikací\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\A53562F1\3E688669\AIMActiveXDLL.dll (Adware.DoubleD.Gen) -> Přesun do karantény a smazání se zdařilo.
D:\Documents and Settings\All Users\Data aplikací\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\B3AC8875\3E688669\stbMsn.dll (Adware.DoubleD.Gen) -> Přesun do karantény a smazání se zdařilo.
D:\Documents and Settings\All Users\Data aplikací\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\C3C6C2CD\3E688669\stbIE.dll (Adware.DoubleD.Gen) -> Přesun do karantény a smazání se zdařilo.
D:\Documents and Settings\All Users\Data aplikací\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\C41B8701\3E688669\stbAol.dll (Adware.DoubleD.Gen) -> Přesun do karantény a smazání se zdařilo.
D:\Documents and Settings\All Users\Data aplikací\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\C90EEF64\3E688669\AxGifAnimator.dll (Adware.DoubleD) -> Přesun do karantény a smazání se zdařilo.
D:\Documents and Settings\All Users\Data aplikací\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\D5797E3B\3E688669\stbYahoo9.dll (Adware.DoubleD.Gen) -> Přesun do karantény a smazání se zdařilo.
D:\Documents and Settings\All Users\Data aplikací\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\EB91CE86\3E688669\stbdl.exe (Adware.DoubleD) -> Přesun do karantény a smazání se zdařilo.
D:\Documents and Settings\All Users\Data aplikací\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\mFileBagIDE.dll\bag\setup.exe (Adware.DoubleD) -> Přesun do karantény a smazání se zdařilo.
D:\Documents and Settings\All Users\Data aplikací\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\mFileBagIDE.dll\bag\SSD.exe (Adware.DoubleD) -> Přesun do karantény a smazání se zdařilo.
D:\Documents and Settings\All Users\Data aplikací\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\mFileBagIDE.dll\bag\stbsh.dll (Adware.DoubleD) -> Přesun do karantény a smazání se zdařilo.
Hlavní problém je ten, že pc působi zasekaněji a hry se po 5-15 minutách zaseknou. (Musí se restartovat přes tlačítko a většinou se to zastaví na motherboardu před biosem-musíme čekat asi 15 minut.)
Počítač vyčištěn od prachu, problém přetrvává, prosím o pomoc.

Přikládám RSIT Log, který píše "AutoIt Error Line-1: Error:Variable used without being declared."

Logfile of random's system information tool 1.06 (written by random/random)
Run by AMD at 2013-02-09 15:56:14
Microsoft Windows 7 Home Premium
System drive C: has 114 GB (76%) free of 150 GB
Total RAM: 2047 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:15, on 9.2.2013
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\AMD\Desktop\RSIT.exe
C:\Program Files\trend micro\AMD.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 4836 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-06 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-06 170912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2010-05-24 1683360]
"PAC7302_Monitor"=C:\Windows\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-12-04 384800]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-12-10 2254768]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-01-08 18705664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shutTask]
C:\Program Files\IR\shutTask.exe [2010-01-05 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2013-02-09 15:50:40 ----D---- C:\rsit
2013-02-09 15:50:40 ----D---- C:\Program Files\trend micro
2013-02-09 15:34:09 ----D---- C:\Program Files\CPUID
2013-02-09 12:19:24 ----A---- C:\Windows\ntbtlog.txt
2013-02-09 10:30:57 ----D---- C:\Program Files\SpeedFan
2013-02-09 10:27:56 ----SHD---- C:\found.007
2013-02-08 23:49:30 ----D---- C:\Users\AMD\AppData\Roaming\Malwarebytes
2013-02-08 23:48:55 ----D---- C:\ProgramData\Malwarebytes
2013-02-08 23:48:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-02-08 23:00:20 ----SD---- C:\found.006
2013-02-06 18:13:09 ----A---- C:\Windows\system32\javaws.exe
2013-02-06 18:12:48 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-02-06 18:12:48 ----A---- C:\Windows\system32\javaw.exe
2013-02-06 18:12:48 ----A---- C:\Windows\system32\java.exe
2013-02-06 18:12:33 ----D---- C:\Program Files\Java
2013-01-29 19:29:49 ----D---- C:\Program Files\LogMeIn Hamachi
2013-01-29 16:55:34 ----SD---- C:\found.005
2013-01-27 20:54:19 ----SD---- C:\found.004
2013-01-27 19:10:22 ----D---- C:\Users\AMD\AppData\Roaming\ATI
2013-01-27 19:10:22 ----D---- C:\ProgramData\ATI
2013-01-27 19:07:56 ----D---- C:\Program Files\ATI Technologies
2013-01-27 19:07:53 ----D---- C:\Program Files\ATI
2013-01-27 19:07:13 ----D---- C:\ATI
2013-01-27 18:58:14 ----D---- C:\Users\AMD\AppData\Roaming\GetRightToGo
2013-01-27 18:41:56 ----D---- C:\Users\AMD\AppData\Roaming\Avira
2013-01-27 18:39:13 ----D---- C:\Program Files\CCleaner
2013-01-27 18:36:52 ----D---- C:\ProgramData\Avira
2013-01-27 18:36:52 ----D---- C:\Program Files\Avira
2013-01-27 18:24:55 ----D---- C:\ProgramData\Package Cache
2013-01-27 18:03:19 ----D---- C:\ProgramData\AVAST Software
2013-01-27 18:03:19 ----D---- C:\Program Files\AVAST Software
2013-01-27 17:31:54 ----SD---- C:\found.003
2013-01-26 15:16:30 ----D---- C:\Program Files\Valve
2013-01-26 14:50:11 ----D---- C:\Users\AMD\AppData\Roaming\WinRAR
2013-01-26 14:50:07 ----D---- C:\Program Files\WinRAR
2013-01-26 11:40:52 ----A---- C:\Windows\system32\XAudio2_7.dll
2013-01-26 11:40:52 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2013-01-26 11:40:52 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2013-01-26 11:40:51 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2013-01-26 11:40:51 ----A---- C:\Windows\system32\D3DX9_43.dll
2013-01-26 11:40:51 ----A---- C:\Windows\system32\d3dx11_43.dll
2013-01-26 11:40:49 ----A---- C:\Windows\system32\xinput1_3.dll
2013-01-25 23:23:58 ----D---- C:\ProgramData\TmForever
2013-01-25 23:23:55 ----A---- C:\Windows\system32\xinput1_1.dll
2013-01-25 23:23:55 ----A---- C:\Windows\system32\xactengine2_2.dll
2013-01-25 23:23:55 ----A---- C:\Windows\system32\xactengine2_1.dll
2013-01-25 23:23:47 ----A---- C:\Windows\system32\d3dx9_30.dll
2013-01-25 23:23:45 ----A---- C:\Windows\system32\xactengine2_0.dll
2013-01-25 23:23:45 ----A---- C:\Windows\system32\x3daudio1_0.dll
2013-01-25 23:23:45 ----A---- C:\Windows\system32\d3dx9_29.dll
2013-01-25 23:23:45 ----A---- C:\Windows\system32\d3dx9_28.dll
2013-01-25 23:23:45 ----A---- C:\Windows\system32\d3dx9_27.dll
2013-01-25 23:23:44 ----A---- C:\Windows\system32\d3dx9_26.dll
2013-01-25 23:23:44 ----A---- C:\Windows\system32\d3dx9_25.dll
2013-01-25 23:23:44 ----A---- C:\Windows\system32\d3dx9_24.dll
2013-01-25 23:22:10 ----D---- C:\Program Files\TmNationsForever
2013-01-25 23:03:35 ----D---- C:\Fraps
2013-01-25 20:19:24 ----D---- C:\Program Files\TrackMania Nations ESWC
2013-01-25 20:13:29 ----D---- C:\Users\AMD\AppData\Roaming\LolClient
2013-01-25 19:48:15 ----D---- C:\Program Files\Common Files\Steam
2013-01-25 19:39:43 ----A---- C:\Windows\system32\XAudio2_2.dll
2013-01-25 19:39:43 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2013-01-25 19:39:43 ----A---- C:\Windows\system32\D3DX9_39.dll
2013-01-25 19:39:43 ----A---- C:\Windows\system32\d3dx10_39.dll
2013-01-25 19:39:43 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2013-01-25 19:35:39 ----D---- C:\Riot Games
2013-01-25 18:47:14 ----A---- C:\Windows\system32\CoInst_071029.dll
2013-01-25 18:47:13 ----A---- C:\Windows\98Setup.exe
2013-01-25 18:47:11 ----D---- C:\Program Files\ANC
2013-01-25 18:47:11 ----A---- C:\Windows\system32\SP7302.ini
2013-01-25 18:47:10 ----D---- C:\Windows\PixArt
2013-01-25 18:47:10 ----D---- C:\Program Files\Common Files\PAC7302
2013-01-25 18:47:10 ----A---- C:\Windows\system32\P7302USD.dll
2013-01-25 18:40:37 ----D---- C:\Program Files\Pando Networks
2013-01-25 18:31:47 ----D---- C:\ProgramData\Sun
2013-01-25 18:31:46 ----D---- C:\Program Files\Common Files\Java
2013-01-25 18:31:42 ----A---- C:\Windows\system32\npDeployJava1.dll
2013-01-25 18:31:42 ----A---- C:\Windows\system32\deployJava1.dll
2013-01-25 18:29:30 ----D---- C:\Users\AMD\AppData\Roaming\.minecraft
2013-01-25 18:18:22 ----D---- C:\Users\AMD\AppData\Roaming\Skype
2013-01-25 18:18:17 ----D---- C:\Program Files\Common Files\Skype
2013-01-25 18:18:15 ----RD---- C:\Program Files\Skype
2013-01-25 18:18:12 ----D---- C:\ProgramData\Skype
2013-01-25 18:04:34 ----D---- C:\Program Files\Google

======List of files/folders modified in the last 1 months======

2013-02-09 15:56:14 ----D---- C:\Windows\Temp
2013-02-09 15:50:40 ----D---- C:\Program Files
2013-02-09 15:34:10 ----D---- C:\Windows\System32
2013-02-09 15:29:43 ----AD---- C:\Windows\system32\drivers
2013-02-09 15:29:03 ----SHD---- C:\System Volume Information
2013-02-09 15:25:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-02-09 12:29:04 ----D---- C:\Windows\inf
2013-02-09 12:19:24 ----D---- C:\Windows
2013-02-09 12:03:59 ----SHD---- C:\Windows\Installer
2013-02-09 12:01:28 ----D---- C:\Windows\system32\catroot2
2013-02-09 07:57:15 ----D---- C:\Windows\system32\config
2013-02-09 07:57:14 ----D---- C:\Windows\system32\Msdtc
2013-02-09 00:40:15 ----D---- C:\Windows\Microsoft.NET
2013-02-08 23:48:55 ----D---- C:\ProgramData
2013-02-08 23:05:12 ----D---- C:\Windows\SoftwareDistribution
2013-01-29 17:01:58 ----D---- C:\Windows\debug
2013-01-28 20:38:49 ----D---- C:\Windows\Prefetch
2013-01-28 18:32:52 ----SD---- C:\Users\AMD\AppData\Roaming\Microsoft
2013-01-28 16:49:34 ----SD---- C:\ProgramData\Microsoft
2013-01-27 20:52:32 ----D---- C:\Windows\system32\catroot
2013-01-27 19:10:15 ----RSD---- C:\Windows\assembly
2013-01-27 19:08:39 ----D---- C:\Windows\system32\DriverStore
2013-01-27 19:06:51 ----D---- C:\Windows\Tasks
2013-01-27 19:06:51 ----D---- C:\Windows\system32\Tasks
2013-01-27 18:44:58 ----D---- C:\Windows\system32\LogFiles
2013-01-27 18:41:31 ----D---- C:\Users\AMD\AppData\Roaming\Media Player Classic
2013-01-27 18:41:30 ----D---- C:\Windows\Panther
2013-01-27 18:41:29 ----D---- C:\Windows\Minidump
2013-01-27 18:41:29 ----D---- C:\Windows\Logs
2013-01-27 18:09:35 ----HD---- C:\Windows\system32\GroupPolicy
2013-01-27 16:54:27 ----D---- C:\Program Files\InstallShield Installation Information
2013-01-27 16:53:34 ----D---- C:\ProgramData\CyberLink
2013-01-27 16:51:28 ----D---- C:\Program Files\Common Files
2013-01-27 15:52:53 ----D---- C:\Windows\system32\wfp
2013-01-27 15:52:53 ----D---- C:\Windows\system32\wbem
2013-01-27 15:52:51 ----D---- C:\Windows\registration
2013-01-26 14:42:09 ----D---- C:\Program Files\Common Files\ArcSoft
2013-01-26 14:10:11 ----A---- C:\Windows\win.ini
2013-01-26 13:07:24 ----D---- C:\Program Files\Winamp
2013-01-25 20:13:25 ----D---- C:\Users\AMD\AppData\Roaming\Adobe
2013-01-25 18:53:52 ----D---- C:\Windows\twain_32
2013-01-25 18:46:54 ----D---- C:\Program Files\Common Files\InstallShield

Re: Zamrzávání PC - Mediafire virus

Napsal: 09 úno 2013 17:03
od vyosek
Zdravim :)

:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: Zamrzávání PC - Mediafire virus

Napsal: 09 úno 2013 20:24
od iEze
Rkill

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/09/2013 07:48:47 PM in x86 mode.
Windows Version: Windows 7 Home Premium

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 02/09/2013 07:49:03 PM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)



ComboFix

ComboFix 13-02-07.02 - AMD 09.02.2013 20:05:28.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2047.1431 [GMT 1:00]
Spuštěný z: c:\users\AMD\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\AMD\46357865364647353
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\AF15BDAEX.dll
.
c:\windows\ehome\McrMgr.exe . . . je infikován!!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-09 do 2013-02-09 )))))))))))))))))))))))))))))))
.
.
2013-02-09 19:15 . 2013-02-09 19:16 -------- d-----w- c:\users\AMD\AppData\Local\temp
2013-02-09 14:50 . 2013-02-09 15:04 -------- d-----w- c:\program files\trend micro
2013-02-09 14:50 . 2013-02-09 14:50 -------- d-----w- C:\rsit
2013-02-09 14:34 . 2012-02-14 11:49 114176 ----a-w- c:\windows\system32\PCWizard.cpl
2013-02-09 14:34 . 2013-02-09 14:34 -------- d-----w- c:\program files\CPUID
2013-02-09 09:30 . 2013-02-09 09:54 -------- d-----w- c:\program files\SpeedFan
2013-02-09 09:27 . 2013-02-09 09:27 -------- d-----w- C:\found.007
2013-02-08 22:49 . 2013-02-08 22:49 -------- d-----w- c:\users\AMD\AppData\Roaming\Malwarebytes
2013-02-08 22:48 . 2013-02-08 22:48 -------- d-----w- c:\programdata\Malwarebytes
2013-02-08 22:48 . 2013-02-08 22:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-08 22:48 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-08 22:00 . 2013-02-08 22:00 -------- d-----w- C:\found.006
2013-02-06 17:57 . 2013-02-06 17:57 -------- d-----w- c:\users\AMD\AppData\Local\ElevatedDiagnostics
2013-02-06 17:12 . 2013-02-06 17:12 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-06 17:12 . 2013-02-09 11:03 -------- d-----w- c:\program files\Java
2013-01-29 18:30 . 2013-02-09 18:26 -------- d-----w- c:\users\AMD\AppData\Local\LogMeIn Hamachi
2013-01-29 18:29 . 2013-01-29 18:29 -------- d-----w- c:\program files\LogMeIn Hamachi
2013-01-29 15:55 . 2013-01-29 15:55 -------- d-----w- C:\found.005
2013-01-27 19:54 . 2013-01-27 19:54 -------- d-----w- C:\found.004
2013-01-27 18:10 . 2013-01-27 18:10 -------- d-----w- c:\users\AMD\AppData\Roaming\ATI
2013-01-27 18:10 . 2013-01-27 18:10 -------- d-----w- c:\users\AMD\AppData\Local\ATI
2013-01-27 18:10 . 2013-01-27 18:10 -------- d-----w- c:\programdata\ATI
2013-01-27 18:07 . 2013-01-27 18:10 -------- d-----w- c:\program files\ATI Technologies
2013-01-27 18:07 . 2013-01-27 18:07 -------- d-----w- c:\program files\ATI
2013-01-27 18:07 . 2013-01-27 18:07 -------- d-----w- C:\ATI
2013-01-27 17:58 . 2013-01-27 17:59 -------- d-----w- c:\users\AMD\AppData\Roaming\GetRightToGo
2013-01-27 17:41 . 2013-01-27 17:41 -------- d-----w- c:\users\AMD\AppData\Roaming\Avira
2013-01-27 17:39 . 2013-01-27 17:43 -------- d-----w- c:\program files\CCleaner
2013-01-27 17:36 . 2013-01-27 17:36 -------- d-----w- c:\programdata\Avira
2013-01-27 17:36 . 2013-01-27 17:36 -------- d-----w- c:\program files\Avira
2013-01-27 17:36 . 2012-11-27 09:01 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-01-27 17:36 . 2012-11-22 14:51 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-01-27 17:36 . 2012-11-22 14:50 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-01-27 17:24 . 2013-01-27 17:25 -------- d-----w- c:\programdata\Package Cache
2013-01-27 17:03 . 2013-01-27 17:34 -------- d-----w- c:\programdata\AVAST Software
2013-01-27 17:03 . 2013-01-27 17:18 -------- d-----w- c:\program files\AVAST Software
2013-01-27 16:31 . 2013-01-27 16:31 -------- d-----w- C:\found.003
2013-01-26 14:16 . 2013-01-26 14:29 -------- d-----w- c:\program files\Valve
2013-01-26 10:40 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-01-26 10:40 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-01-26 10:40 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-01-26 10:40 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-01-26 10:40 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-01-26 10:40 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2013-01-26 10:40 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2013-01-25 22:03 . 2013-01-25 22:03 -------- d-----w- C:\Fraps
2013-01-25 19:19 . 2013-01-25 19:25 -------- d-----w- c:\program files\TrackMania Nations ESWC
2013-01-25 19:13 . 2013-01-25 19:13 -------- d-----w- c:\users\AMD\AppData\Roaming\LolClient
2013-01-25 18:48 . 2013-01-26 12:03 -------- d-----w- c:\program files\Common Files\Steam
2013-01-25 18:39 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2013-01-25 18:39 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2013-01-25 18:39 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2013-01-25 18:39 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2013-01-25 18:39 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2013-01-25 18:35 . 2013-01-25 18:35 -------- d-----w- C:\Riot Games
2013-01-25 17:47 . 2007-11-08 09:29 458752 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2013-01-25 17:47 . 2007-11-02 10:07 6656 ----a-w- c:\windows\system32\CoInst_071029.dll
2013-01-25 17:47 . 2000-06-08 16:00 119568 ----a-w- c:\windows\system32\KSPR9dd4.rra
2013-01-25 17:47 . 2004-11-22 12:37 40960 ----a-w- c:\windows\98Setup.exe
2013-01-25 17:47 . 2013-01-25 17:47 -------- d-----w- c:\program files\ANC
2013-01-25 17:47 . 2007-10-30 16:48 129024 ----a-w- c:\windows\system32\SP7302.ax
2013-01-25 17:47 . 2013-01-25 17:47 -------- d-----w- c:\program files\Common Files\PAC7302
2013-01-25 17:47 . 2013-01-25 17:47 -------- d-----w- c:\windows\PixArt
2013-01-25 17:47 . 2006-10-12 10:57 14336 ----a-w- c:\windows\system32\P7302USD.dll
2013-01-25 17:46 . 2005-11-13 22:22 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2013-01-25 17:46 . 2005-11-13 22:22 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2013-01-25 17:46 . 2005-11-13 22:21 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2013-01-25 17:46 . 2005-11-13 22:20 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2013-01-25 17:46 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-01-25 17:46 . 2005-11-13 22:16 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-01-25 17:46 . 2013-01-25 17:46 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2013-01-25 17:46 . 2013-01-25 17:46 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2013-01-25 17:40 . 2013-01-27 17:00 -------- d-----w- c:\program files\Pando Networks
2013-01-25 17:40 . 2013-01-25 17:40 -------- d-----w- c:\users\AMD\.swt
2013-01-25 17:31 . 2013-01-25 17:31 -------- d-----w- c:\program files\Common Files\Java
2013-01-25 17:31 . 2013-02-06 17:12 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-25 17:31 . 2013-02-06 17:12 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-25 17:29 . 2013-02-09 12:37 -------- d-----w- c:\users\AMD\AppData\Roaming\.minecraft
2013-01-25 17:18 . 2013-02-09 19:01 -------- d-----w- c:\users\AMD\AppData\Roaming\Skype
2013-01-25 17:18 . 2013-01-25 17:18 -------- d-----w- c:\program files\Common Files\Skype
2013-01-25 17:18 . 2013-01-25 17:18 -------- d-----r- c:\program files\Skype
2013-01-25 17:18 . 2013-01-25 17:18 -------- d-----w- c:\programdata\Skype
2013-01-25 17:04 . 2013-01-27 17:07 -------- d-----w- c:\users\AMD\AppData\Local\Google
2013-01-25 17:04 . 2013-01-27 17:07 -------- d-----w- c:\program files\Google
2013-01-25 17:04 . 2013-01-25 17:04 -------- d-----w- c:\users\AMD\AppData\Local\Apps
2013-01-25 17:04 . 2013-01-25 17:04 -------- d-----w- c:\users\AMD\AppData\Local\Deployment
2013-01-25 17:01 . 2013-01-25 17:01 -------- d-----w- c:\users\AMD\AppData\Local\ArcSoft
2013-01-25 16:59 . 2013-01-25 16:59 -------- d-----w- c:\users\AMD\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 1683360]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shutTask]
2010-01-05 12:01 110592 ----a-w- c:\program files\IR\shutTask.exe
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 cpuz135;cpuz135;c:\program files\CPUID\PC Wizard 2012\pcwiz_x32.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 netr28u;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-06 17:09 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-25 17:04]
.
2013-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-25 17:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-02-09 20:19:55
ComboFix-quarantined-files.txt 2013-02-09 19:19
.
Před spuštěním: Volných bajtů: 120 170 041 344
Po spuštění: Volných bajtů: 120 086 003 712
.
- - End Of File - - 4CADDA6D9EAE952EAE508A2644E66F6E

Re: Zamrzávání PC - Mediafire virus

Napsal: 09 úno 2013 23:11
od vyosek
:arrow: Stahnete Host permissions http://www.bleepingcomputer.com/download/hosts-permbat/
  • Ulozte na plochu a spustte
  • Probehne oprava, objevi se hlaska o uspesne resetu prav k hosts souboru
  • Stisknete libovolnou klavesu k ukonceni
:arrow: Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/
  • c:\windows\ehome\McrMgr.exe
  • Kliknete na Choose file
  • Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
  • Kliknete na Scan It
  • Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
    Obrázek
  • Vysledek analyzy sem vlozte (jako odkaz)
:arrow: Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte jej na plochu
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    :filefind
McrMgr.exe
  • Kliknete na Look
  • Tlacitko Look se zmeni na Scanning a zsedne
  • Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
  • Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

Re: Zamrzávání PC - Mediafire virus

Napsal: 10 úno 2013 13:14
od iEze
VirusTotal

SystemLook
SystemLook 30.07.11 by jpshortstuff
Log created at 13:12 on 10/02/2013 by AMD
Administrator - Elevation successful

========== filefind ==========

Searching for "McrMgr.exe"
C:\Windows\ehome\McrMgr.exe --a---- 313344 bytes [00:41 14/07/2009] [01:14 14/07/2009] 5C89284ACCB74B50928D623A17ABEB01
C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.1.7600.16385_none_34003e8d3b4dc79c\McrMgr.exe --a---- 313344 bytes [00:41 14/07/2009] [01:14 14/07/2009] 5C89284ACCB74B50928D623A17ABEB01

-= EOF =-

Re: Zamrzávání PC - Mediafire virus

Napsal: 10 úno 2013 17:21
od vyosek
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Folder::
C:\found.007
C:\found.006
C:\found.005
C:\found.004
C:\found.003

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"=-
"SunJavaUpdateSched"=-

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

RegLock::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\PCW\Security]

Restore::
c:\windows\ehome\McrMgr.exe

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Zamrzávání PC - Mediafire virus

Napsal: 10 úno 2013 18:04
od iEze
Po restartu se to seklo, píše to:

"téměř hotovo..toto okno se za malou chvíli zavře.."

Pc čas se sekl na 17:50.

Re: Zamrzávání PC - Mediafire virus

Napsal: 10 úno 2013 18:06
od vyosek
Dejte mu jeste 15 minut, pote jej restartujte rucne

Re: Zamrzávání PC - Mediafire virus

Napsal: 10 úno 2013 18:21
od iEze
Pořád seklé, po restartu se to zastavilo na motherboardu. (Takže musím počkat 10 minut než to zase projde.)

Re: Zamrzávání PC - Mediafire virus

Napsal: 10 úno 2013 18:41
od vyosek
Pokud by nahodou nechtel nabehnout, tak F8 a zvolit Posledni znama funckni konfigurace

Re: Zamrzávání PC - Mediafire virus

Napsal: 10 úno 2013 19:06
od iEze
F8 ani TAB nejde, jde jen DEL do BIOSU.

Každopádně už mu to načetlo, log bude do několika minut. :)

Re: Zamrzávání PC - Mediafire virus

Napsal: 10 úno 2013 20:04
od iEze
Omlouvám se za pozdní zprávu, to sekání bylo prý větší než obvykle.



ComboFix
ComboFix 13-02-07.02 - AMD 10.02.2013 17:37:41.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2047.1454 [GMT 1:00]
Spuštěný z: C:\Users\AMD\Desktop\ComboFix.exe
Použité ovládací přepínače :: C:\Users\AMD\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení

FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))


C:\found.003
C:\found.003\dir0000.chk\cs-CZ\Help_CValidator.H1D
C:\found.003\dir0000.chk\cs-CZ\Help_MKWD_AssetId.H1W
C:\found.003\dir0000.chk\cs-CZ\Help_MKWD_BestBet.H1W
C:\found.003\dir0000.chk\cs-CZ\Help_MTOC_help.H1H
C:\found.003\dir0000.chk\cs-CZ\Help_MValidator.H1D
C:\found.003\dir0000.chk\cs-CZ\Help_MValidator.Lck
C:\found.003\dir0000.chk\cs-CZ\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q
C:\found.003\dir0000.chk\cs-CZ_en-US\Help_CValidator.H1D
C:\found.003\dir0000.chk\cs-CZ_en-US\Help_MKWD_AssetId.H1W
C:\found.003\dir0000.chk\cs-CZ_en-US\Help_MKWD_BestBet.H1W
C:\found.003\dir0000.chk\cs-CZ_en-US\Help_MTOC_help.H1H
C:\found.003\dir0000.chk\cs-CZ_en-US\Help_MValidator.H1D
C:\found.003\dir0000.chk\cs-CZ_en-US\Help_MValidator.Lck
C:\found.003\dir0000.chk\en-US\Help_MKWD_AssetId.H1W
C:\found.003\dir0000.chk\en-US\Help_MKWD_BestBet.H1W
C:\found.003\dir0000.chk\en-US\Help_MTOC_help.H1H
C:\found.003\dir0000.chk\en-US\Help_MValidator.H1D
C:\found.003\dir0000.chk\en-US\Help_MValidator.Lck
C:\found.003\dir0001.chk\00010003.ci
C:\found.003\dir0001.chk\00010003.dir
C:\found.004
C:\found.004\file0000.chk
C:\found.005
C:\found.005\dir0000.chk\Trace2.fx
C:\found.005\dir0000.chk\Trace3.fx
C:\found.005\dir0000.chk\Trace4.fx
C:\found.005\dir0000.chk\Trace5.fx
C:\found.005\dir0000.chk\Trace6.fx
C:\found.005\dir0001.chk\diagerr.xml
C:\found.005\dir0001.chk\diagwrn.xml
C:\found.005\dir0002.chk\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab
C:\found.005\dir0002.chk\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab
C:\found.005\dir0002.chk\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
C:\found.005\dir0002.chk\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab
C:\found.005\dir0003.chk\.dat
C:\found.005\dir0003.chk\.dat.tmp
C:\found.005\file0000.chk
C:\found.005\file0001.chk
C:\found.006
C:\found.006\dir0000.chk\FontCache-S-1-5-21-3478492508-892579187-4149129625-1000-12288.dat
C:\found.006\dir0000.chk\FontCache-System.dat
C:\found.006\dir0000.chk\lastalive0.dat
C:\found.006\dir0000.chk\lastalive1.dat
C:\found.006\dir0000.chk\Microsoft\Windows\WindowsUpdate.log
C:\found.007
C:\found.007\dir0000.chk\iEze.dat
C:\found.007\dir0000.chk\MSMASTER_ZERO.dat
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

c:\windows\ehome\McrMgr.exe . . . je infikován!!


((((((((((((((((((((((((( Soubory vytvořené od 2013-01-10 do 2013-02-10 )))))))))))))))))))))))))))))))


2013-02-10 16:41:26 . 2013-02-10 16:43:03 -------- d-----w- C:\Users\AMD\AppData\Local\temp
2013-02-10 16:41:26 . 2013-02-10 16:41:26 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-02-10 15:05:17 . 2013-02-10 15:05:17 -------- d-----w- C:\found.010
2013-02-10 14:15:06 . 2013-02-10 14:15:06 -------- d-----w- C:\found.009
2013-02-10 11:52:31 . 2013-02-10 11:52:31 -------- d-----w- C:\Program Files\TeamViewer
2013-02-09 20:09:58 . 2013-02-09 20:09:58 -------- d-----w- C:\found.008
2013-02-09 14:50:40 . 2013-02-09 15:04:43 -------- d-----w- C:\Program Files\trend micro
2013-02-09 14:50:40 . 2013-02-09 14:50:40 -------- d-----w- C:\rsit
2013-02-09 14:34:10 . 2012-02-14 11:49:22 114176 ----a-w- C:\Windows\system32\PCWizard.cpl
2013-02-09 14:34:09 . 2013-02-09 14:34:09 -------- d-----w- C:\Program Files\CPUID
2013-02-09 09:30:57 . 2013-02-09 09:54:12 -------- d-----w- C:\Program Files\SpeedFan
2013-02-08 22:49:30 . 2013-02-08 22:49:30 -------- d-----w- C:\Users\AMD\AppData\Roaming\Malwarebytes
2013-02-08 22:48:55 . 2013-02-08 22:48:55 -------- d-----w- C:\ProgramData\Malwarebytes
2013-02-08 22:48:54 . 2013-02-08 22:48:56 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2013-02-08 22:48:54 . 2012-12-14 15:49:28 21104 ----a-w- C:\Windows\system32\drivers\mbam.sys
2013-02-06 17:57:39 . 2013-02-06 17:57:39 -------- d-----w- C:\Users\AMD\AppData\Local\ElevatedDiagnostics
2013-02-06 17:12:48 . 2013-02-06 17:12:35 94112 ----a-w- C:\Windows\system32\WindowsAccessBridge.dll
2013-02-06 17:12:33 . 2013-02-10 13:58:55 -------- d-----w- C:\Program Files\Java
2013-01-29 18:30:09 . 2013-02-10 16:42:53 -------- d-----w- C:\Users\AMD\AppData\Local\LogMeIn Hamachi
2013-01-29 18:29:49 . 2013-01-29 18:29:49 -------- d-----w- C:\Program Files\LogMeIn Hamachi
2013-01-27 18:10:22 . 2013-01-27 18:10:22 -------- d-----w- C:\Users\AMD\AppData\Roaming\ATI
2013-01-27 18:10:22 . 2013-01-27 18:10:22 -------- d-----w- C:\Users\AMD\AppData\Local\ATI
2013-01-27 18:10:22 . 2013-01-27 18:10:22 -------- d-----w- C:\ProgramData\ATI
2013-01-27 18:07:56 . 2013-01-27 18:10:01 -------- d-----w- C:\Program Files\ATI Technologies
2013-01-27 18:07:53 . 2013-01-27 18:07:53 -------- d-----w- C:\Program Files\ATI
2013-01-27 18:07:13 . 2013-01-27 18:07:13 -------- d-----w- C:\ATI
2013-01-27 17:58:14 . 2013-01-27 17:59:01 -------- d-----w- C:\Users\AMD\AppData\Roaming\GetRightToGo
2013-01-27 17:41:56 . 2013-01-27 17:41:56 -------- d-----w- C:\Users\AMD\AppData\Roaming\Avira
2013-01-27 17:39:13 . 2013-01-27 17:43:01 -------- d-----w- C:\Program Files\CCleaner
2013-01-27 17:36:52 . 2013-01-27 17:36:52 -------- d-----w- C:\ProgramData\Avira
2013-01-27 17:36:52 . 2013-01-27 17:36:52 -------- d-----w- C:\Program Files\Avira
2013-01-27 17:36:52 . 2012-11-27 09:01:26 83944 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2013-01-27 17:36:52 . 2012-11-22 14:51:11 36552 ----a-w- C:\Windows\system32\drivers\avkmgr.sys
2013-01-27 17:36:52 . 2012-11-22 14:50:53 134336 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2013-01-27 17:24:55 . 2013-01-27 17:25:08 -------- d-----w- C:\ProgramData\Package Cache
2013-01-27 17:03:19 . 2013-01-27 17:34:04 -------- d-----w- C:\ProgramData\AVAST Software
2013-01-27 17:03:19 . 2013-01-27 17:18:59 -------- d-----w- C:\Program Files\AVAST Software
2013-01-26 14:16:30 . 2013-01-26 14:29:26 -------- d-----w- C:\Program Files\Valve
2013-01-26 10:40:52 . 2010-06-02 03:55:30 74072 ----a-w- C:\Windows\system32\XAPOFX1_5.dll
2013-01-26 10:40:52 . 2010-06-02 03:55:30 527192 ----a-w- C:\Windows\system32\XAudio2_7.dll
2013-01-26 10:40:52 . 2010-05-26 10:41:02 2106216 ----a-w- C:\Windows\system32\D3DCompiler_43.dll
2013-01-26 10:40:51 . 2010-05-26 10:41:02 248672 ----a-w- C:\Windows\system32\d3dx11_43.dll
2013-01-26 10:40:51 . 2010-05-26 10:41:02 1998168 ----a-w- C:\Windows\system32\D3DX9_43.dll
2013-01-26 10:40:51 . 2010-02-04 09:01:14 22360 ----a-w- C:\Windows\system32\X3DAudio1_7.dll
2013-01-26 10:40:49 . 2007-04-04 17:53:42 81768 ----a-w- C:\Windows\system32\xinput1_3.dll
2013-01-25 22:03:35 . 2013-01-25 22:03:39 -------- d-----w- C:\Fraps
2013-01-25 19:19:24 . 2013-01-25 19:25:10 -------- d-----w- C:\Program Files\TrackMania Nations ESWC
2013-01-25 19:13:29 . 2013-01-25 19:13:29 -------- d-----w- C:\Users\AMD\AppData\Roaming\LolClient
2013-01-25 18:48:15 . 2013-01-26 12:03:59 -------- d-----w- C:\Program Files\Common Files\Steam
2013-01-25 18:39:43 . 2008-07-31 09:41:52 68616 ----a-w- C:\Windows\system32\XAPOFX1_1.dll
2013-01-25 18:39:43 . 2008-07-31 09:40:32 509448 ----a-w- C:\Windows\system32\XAudio2_2.dll
2013-01-25 18:39:43 . 2008-07-12 07:18:52 467984 ----a-w- C:\Windows\system32\d3dx10_39.dll
2013-01-25 18:39:43 . 2008-07-12 07:18:52 3851784 ----a-w- C:\Windows\system32\D3DX9_39.dll
2013-01-25 18:39:43 . 2008-07-12 07:18:52 1493528 ----a-w- C:\Windows\system32\D3DCompiler_39.dll
2013-01-25 18:35:39 . 2013-01-25 18:35:43 -------- d-----w- C:\Riot Games
2013-01-25 17:47:14 . 2007-11-08 09:29:52 458752 ----a-w- C:\Windows\system32\drivers\PAC7302.SYS
2013-01-25 17:47:14 . 2007-11-02 10:07:32 6656 ----a-w- C:\Windows\system32\CoInst_071029.dll
2013-01-25 17:47:14 . 2000-06-08 16:00:00 119568 ----a-w- C:\Windows\system32\KSPR9dd4.rra
2013-01-25 17:47:13 . 2004-11-22 12:37:38 40960 ----a-w- C:\Windows\98Setup.exe
2013-01-25 17:47:11 . 2013-01-25 17:47:11 -------- d-----w- C:\Program Files\ANC
2013-01-25 17:47:11 . 2007-10-30 16:48:42 129024 ----a-w- C:\Windows\system32\SP7302.ax
2013-01-25 17:47:10 . 2013-01-25 17:47:14 -------- d-----w- C:\Program Files\Common Files\PAC7302
2013-01-25 17:47:10 . 2013-01-25 17:47:10 -------- d-----w- C:\Windows\PixArt
2013-01-25 17:47:10 . 2006-10-12 10:57:32 14336 ----a-w- C:\Windows\system32\P7302USD.dll
2013-01-25 17:46:55 . 2005-11-13 22:22:40 757760 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2013-01-25 17:46:55 . 2005-11-13 22:22:04 69715 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2013-01-25 17:46:55 . 2005-11-13 22:21:04 274432 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2013-01-25 17:46:55 . 2005-11-13 22:20:24 204800 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2013-01-25 17:46:55 . 2005-11-13 22:19:18 5632 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-01-25 17:46:55 . 2005-11-13 22:16:20 32768 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-01-25 17:46:54 . 2013-01-25 17:46:54 331908 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2013-01-25 17:46:54 . 2013-01-25 17:46:54 200836 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2013-01-25 17:40:37 . 2013-01-27 17:00:09 -------- d-----w- C:\Program Files\Pando Networks
2013-01-25 17:40:31 . 2013-01-25 17:40:31 -------- d-----w- C:\Users\AMD\.swt
2013-01-25 17:31:46 . 2013-01-25 17:31:46 -------- d-----w- C:\Program Files\Common Files\Java
2013-01-25 17:31:42 . 2013-02-06 17:12:34 861088 ----a-w- C:\Windows\system32\npDeployJava1.dll
2013-01-25 17:31:42 . 2013-02-06 17:12:34 782240 ----a-w- C:\Windows\system32\deployJava1.dll
2013-01-25 17:29:30 . 2013-02-09 12:37:09 -------- d-----w- C:\Users\AMD\AppData\Roaming\.minecraft
2013-01-25 17:18:22 . 2013-02-10 16:34:53 -------- d-----w- C:\Users\AMD\AppData\Roaming\Skype
2013-01-25 17:18:17 . 2013-01-25 17:18:17 -------- d-----w- C:\Program Files\Common Files\Skype
2013-01-25 17:18:15 . 2013-01-25 17:18:17 -------- d-----r- C:\Program Files\Skype
2013-01-25 17:18:12 . 2013-01-25 17:18:21 -------- d-----w- C:\ProgramData\Skype
2013-01-25 17:04:34 . 2013-01-27 17:07:09 -------- d-----w- C:\Users\AMD\AppData\Local\Google
2013-01-25 17:04:34 . 2013-01-27 17:07:07 -------- d-----w- C:\Program Files\Google
2013-01-25 17:04:17 . 2013-01-25 17:04:17 -------- d-----w- C:\Users\AMD\AppData\Local\Apps
2013-01-25 17:04:16 . 2013-01-25 17:04:32 -------- d-----w- C:\Users\AMD\AppData\Local\Deployment
2013-01-25 17:01:33 . 2013-01-25 17:01:33 -------- d-----w- C:\Users\AMD\AppData\Local\ArcSoft
2013-01-25 16:59:39 . 2013-01-25 16:59:39 -------- d-----w- C:\Users\AMD\AppData\Local\Programs
.


(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))



(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))


*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50:28 556648 ----a-w- C:\Program Files\Google\Drive\googledrivesync32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50:28 556648 ----a-w- C:\Program Files\Google\Drive\googledrivesync32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50:28 556648 ----a-w- C:\Program Files\Google\Drive\googledrivesync32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50:28 556648 ----a-w- C:\Program Files\Google\Drive\googledrivesync32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 09:10:34 1683360]
"PAC7302_Monitor"="C:\Windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 10:01:16 319488]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 14:36:48 384800]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 22:32:54 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shutTask]
2010-01-05 12:01:38 110592 ----a-w- C:\Program Files\IR\shutTask.exe

R3 cpuz135;cpuz135;C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys [x]
R3 netr28u;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista;C:\Windows\system32\DRIVERS\netr28u.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [x]
S2 TeamViewer8;TeamViewer 8;C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys [x]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-06 17:09:20 1607120 ----a-w- C:\Program Files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe


------- Doplňkový sken -------

uStart Page = hxxp://www.seznam.cz/
TCP: DhcpNameServer = 192.168.0.1

- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-NVIDIA Drivers - C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe

Re: Zamrzávání PC - Mediafire virus

Napsal: 10 úno 2013 20:07
od vyosek
:arrow: CDI dle kolegy
MiliNess píše:Stáhni CrystalDiskInfo, v nabídce Úpravy zvol Kopírovat a obsah schránky sem vlož pomocí Ctrl+V.

Re: Zamrzávání PC - Mediafire virus

Napsal: 10 úno 2013 20:26
od iEze
Crystal Disk

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Home Premium Edition [6.1 Build 7600] (x86)
Date : 2013/02/10 20:26:01

-- Controller Map ----------------------------------------------------------
+ ATA Channel 0 (0) [ATA]
- LITE-ON DVDRW SHW-16H5S ATA Device
- ATA Channel 1 (1) [ATA]
+ NVIDIA nForce Serial ATA Controller [ATA]
- SAMSUNG HD502HJ SCSI Disk Device
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
- NVIDIA nForce Serial ATA Controller [ATA]
- Řadič NVIDIA nForce diskového pole RAID [SCSI]

-- Disk List ---------------------------------------------------------------
(1) SAMSUNG HD502HJ : 500,1 GB [0/3/1, sm]

----------------------------------------------------------------------------
(1) SAMSUNG HD502HJ
----------------------------------------------------------------------------
Model : SAMSUNG HD502HJ
Firmware : 1AJ10001
Serial Number : S20BJ9CZA23885
Disk Size : 500,1 GB (8,4/137,4/500,1)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 976771055
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : SATA/300
Power On Hours : 2495 hod.
Power On Count : 1007 krát
Temparature : 33 C (91 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : FEFEh [ON]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 000000000000 Počet chyb čtení
02 252 252 __0 000000000000 Průchodnost disku
03 _83 _82 _25 0000000014D3 Čas na roztočení ploten
04 100 100 __0 00000000035C Počet spuštění/zastavení
05 252 252 _10 000000000000 Počet přemapovaných sektorů
07 252 252 _51 000000000000 Počet chybných hledání
08 252 252 _15 000000000000 Čas potřebný na vyhledání
09 100 100 __0 0000000009BF Hodin v činnosti
0A 252 252 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 252 252 __0 000000000000 Počet pokusů o překalibrování
0C 100 100 __0 0000000003EF Počet cyklů zapnutí zařízení
BF 100 100 __0 000000000001 Počet udalostí zaznamenaných otřesovým senzorem
C0 252 252 __0 000000000000 Počet vypnutí disku
C2 _64 _56 __0 002D000E0021 Teplota
C3 100 100 __0 000000000000 Počet oprav chybného čtení
C4 252 252 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 252 252 __0 000000000000 Počet podezřelých sektorů
C6 252 252 __0 000000000000 Počet neopravitelných sektorů
C7 _56 __1 __0 000000005C70 Počet chyb v kontrolním součtu UltraDMA
C8 100 100 __0 0000000000E1 Počet chyb při zápisu sektorů
DF 252 252 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony
E1 100 100 __0 0000000003F0 Počet cyklů načítání/vymazání

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 5332 3042 4A39 435A 4132 3835 3835 2020 2020 2020
020: 0000 8000 0050 3141 4A31 3031 3031 5341 4D53 554E
030: 4720 4844 3530 3248 4A20 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 1706 1706 0000 004C 0040
080: 01FF 0028 746B 7F69 4123 BE41 BE41 4123 407F 0025
090: 0025 0000 FFFE 0000 FEFE 0000 0000 0000 0000 0000
100: 57EF 3A38 0000 0000 0000 4000 4000 0000 5002 4E92
110: 03A5 3F95 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 003F 003F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 62A5

Re: Zamrzávání PC - Mediafire virus

Napsal: 11 úno 2013 07:29
od vyosek
:arrow: Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
  • Ulozte nejlepe na Plochu a rozbalte
  • Spustte kliknutim na mbanr
  • Nyni postupne kliknete na Next a Update
  • Po dokonceni update (aktualizace) databaze kliknete opet na Next
  • Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
  • Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
  • Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
  • Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
  • PC bude restartovan
  • Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte
:arrow: Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222
  • Provedte aktualizaci
  • Provedte uplny sken - nic nemazte :!:
  • MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz