VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Nákaza - wuaudit.exe a rundll32.exe

https://forum.viry.cz:443/viewtopic.php?t=132407

Stránka 1 z 1

Nákaza - wuaudit.exe a rundll32.exe

Napsal: 28 srp 2013 18:43
od tejt
Dobrý den,
Prosím,mám takový problém.Pročítal jsem vaše řešení s minulých témat, ale moc se v tom nevyznám, proto vás žádám o radu.
Do PC mi nalítl nějaký nabořitel, a Avast mi to co 5 minut hlásí, ale neodstranil to ani online Eset, který prý dokáže nemožné.
Můžete ni s tím nějak pomoci:
Avast hlásí toto.
Objekt: C:\Users\xxx\AppData\Local\Temp\iswizard\wuaudit.exe
Proces: C:\Windows\System32\rundll32.exe

Přikládám Log dle návodu, který jsem zde našel. :

Logfile of random's system information tool 1.09 (written by random/random)
Run by xxx at 2013-08-28 19:14:18
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 8 GB (15%) free of 52 GB
Total RAM: 3070 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:14:33, on 28.8.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Users\xxx\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\xxx\Downloads\RSIT.exe
C:\Program Files\trend micro\xxx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3303217
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.apsolo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {5BFEFF94-6411-4B74-A947-4969134B24DE} - (no file)
R3 - URLSearchHook: (no name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Speed - {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\PROGRA~1\SECURE~1\IE\SPEEDD~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
O3 - Toolbar: (no name) - {5BFEFF94-6411-4B74-A947-4969134B24DE} - (no file)
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [SearchProtection] "C:\Users\xxx\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
O4 - HKCU\..\Run: [Advanced SystemCare Ultimate] "C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [ConduitFloatingPlugin_ghgmnfeamobhjmillnanbfhmkoeodooi] "C:\Windows\system32\Rundll32.exe" "C:\Program Files\Conduit\CT3303217\plugins\TBVerifier.dll",RunConduitFloatingPlugin ghgmnfeamobhjmillnanbfhmkoeodooi
O4 - HKCU\..\Run: [tsiVideo] rundll32.exe C:\Users\xxx\AppData\Local\Temp\\tsiVi432.dll,start
O4 - HKCU\..\Run: [T-Mobile CManager] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EB6F412-01C8-1B58-4AD6-4B242C0EE614}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{59CCCE1F-7DBA-45BC-B65C-6DE8A2A0C4B6}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{4EB6F412-01C8-1B58-4AD6-4B242C0EE614}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{4EB6F412-01C8-1B58-4AD6-4B242C0EE614}: NameServer = 93.153.117.1 93.153.117.33
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare Ultimate\ascsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AdvancedSystemCareAntivirus (ASCAntivirusSrv) - IOBit - C:\Program Files\IObit\Advanced SystemCare Ultimate\ascavsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Conduit - C:\Program Files\SearchProtect\bin\CltMngSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: SecureUpdate (SecureUpdateSvc) - Unknown owner - C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe

--
End of file - 9627 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AmiUpdXp.job
C:\Windows\tasks\Driver Booster Startup.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\RegClean Pro_DEFAULT.job
C:\Windows\tasks\RegClean Pro_UPDATES.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealNetworks Download and Record Plugin for Internet Explorer - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-03-06 540328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}]
AccelerateTab - C:\PROGRA~1\SECURE~1\IE\SPEEDD~1.DLL [2013-08-16 991056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-07-15 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]
Advanced SystemCare Browser Protection - C:\PROGRA~1\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL [2012-12-10 655744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-07-15 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]
{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
{5BFEFF94-6411-4B74-A947-4969134B24DE}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WrtMon.exe"=C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [2006-09-20 20480]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"IObit Malware Fighter"=C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [2013-08-16 1549120]
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2013-07-05 1303360]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2013-05-21 11947080]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtection"=C:\Users\xxx\AppData\Roaming\Search Protection\SearchProtection.EXE [2013-05-22 740712]
"Advanced SystemCare Ultimate"=C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCTray.exe [2012-11-07 512384]
"ConduitFloatingPlugin_ghgmnfeamobhjmillnanbfhmkoeodooi"=C:\Program Files\Conduit\CT3303217\plugins\TBVerifier.dll [1617-11-28 287008]
"tsiVideo"=C:\Users\xxx\AppData\Local\Temp\\tsiVi432.dll,start []
"T-Mobile CManager"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2012-07-14 1841264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\asc.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverbooster.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\groove.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infopath.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstore.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\offdiag.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ois.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realconverter.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realplay.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realtrimmer.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rnxproc.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartdefrag.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\suc10_uninstal.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\transformer.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unins000.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"msacm.lameacm"=lameACM.acm
"msacm.ac3acm"=ac3acm.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm
"VIDC.MLCY"=mlc.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.iv50"=ir50_32.dll
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux9"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux8"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"vidc.tscc"=C:\Windows\system32\tsccvid.dll
"vidc.tsc2"=C:\Windows\system32\tsc2_codec32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open -

======List of files/folders created in the last 1 month======

2013-08-28 19:14:18 ----D---- C:\rsit
2013-08-28 19:14:18 ----D---- C:\Program Files\trend micro
2013-08-28 12:23:40 ----D---- C:\ProgramData\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2013-08-28 11:42:33 ----D---- C:\Program Files\T-Mobile
2013-08-28 11:42:12 ----A---- C:\Windows\system32\drivers\mod7700.sys
2013-08-28 11:42:12 ----A---- C:\Windows\system32\drivers\ewusbwwan.sys
2013-08-28 11:42:12 ----A---- C:\Windows\system32\drivers\ewusbmdm.sys
2013-08-28 11:42:12 ----A---- C:\Windows\system32\drivers\ewdcsc.sys
2013-08-28 11:42:12 ----A---- C:\Windows\system32\drivers\ew_usbenumfilter.sys
2013-08-28 11:42:12 ----A---- C:\Windows\system32\drivers\ew_juwwanecm.sys
2013-08-28 11:42:12 ----A---- C:\Windows\system32\drivers\ew_juextctrl.sys
2013-08-28 11:42:12 ----A---- C:\Windows\system32\drivers\ew_jucdcecm.sys
2013-08-28 11:42:12 ----A---- C:\Windows\system32\drivers\ew_jucdcacm.sys
2013-08-28 11:42:12 ----A---- C:\Windows\system32\drivers\ew_jubusenum.sys
2013-08-28 11:42:12 ----A---- C:\Windows\system32\drivers\ew_hwusbdev.sys
2013-08-28 11:42:12 ----A---- C:\Windows\system32\drivers\ew_hwupgrade.sys
2013-08-27 13:47:37 ----D---- C:\Program Files\Freedom Download Manager
2013-08-27 12:41:50 ----D---- C:\Users\xxx\AppData\Roaming\GHISLER
2013-08-27 12:41:50 ----D---- C:\totalcmd
2013-08-25 12:58:23 ----D---- C:\Users\xxx\AppData\Roaming\PSpad
2013-08-25 11:00:27 ----D---- C:\ProgramData\IsolatedStorage
2013-08-25 11:00:26 ----D---- C:\Users\xxx\AppData\Roaming\IsolatedStorage
2013-08-25 10:59:11 ----D---- C:\Users\xxx\AppData\Roaming\Solvusoft
2013-08-25 10:59:08 ----A---- C:\Windows\system32\roboot.exe
2013-08-25 10:58:08 ----D---- C:\Spacekace
2013-08-22 10:39:05 ----D---- C:\Users\xxx\AppData\Roaming\TechSmith
2013-08-22 10:36:49 ----D---- C:\ProgramData\regid.1995-08.com.techsmith
2013-08-22 10:36:47 ----D---- C:\Program Files\QuickTime
2013-08-22 10:36:34 ----D---- C:\Program Files\Common Files\TechSmith Shared
2013-08-22 10:36:15 ----D---- C:\ProgramData\TechSmith
2013-08-22 10:36:15 ----D---- C:\Program Files\TechSmith
2013-08-21 21:20:43 ----D---- C:\Program Files\FreeTime
2013-08-21 20:56:23 ----D---- C:\ProgramData\Freemake
2013-08-21 20:55:56 ----D---- C:\Program Files\Freemake
2013-08-19 22:19:21 ----D---- C:\Users\xxx\AppData\Roaming\T-Mobile
2013-08-19 09:49:52 ----D---- C:\ProgramData\Gemfor
2013-08-19 09:45:29 ----A---- C:\Windows\system32\WdfCoInstaller01007.dll
2013-08-19 09:45:29 ----A---- C:\Windows\system32\drivers\WdfCoInstaller01007.dll
2013-08-19 09:45:08 ----D---- C:\Program Files\Huawei
2013-08-17 07:12:09 ----D---- C:\Users\xxx\AppData\Roaming\stetic
2013-08-17 07:11:59 ----D---- C:\Users\xxx\AppData\Roaming\MonoDevelop-Unity-2.8
2013-08-17 07:00:36 ----D---- C:\Program Files\qwined.org
2013-08-14 23:54:51 ----A---- C:\Windows\system32\jscript.dll
2013-08-14 23:54:49 ----A---- C:\Windows\system32\jsproxy.dll
2013-08-14 23:54:49 ----A---- C:\Windows\system32\jscript9.dll
2013-08-14 23:54:48 ----A---- C:\Windows\system32\ieui.dll
2013-08-14 23:54:48 ----A---- C:\Windows\system32\iesetup.dll
2013-08-14 23:54:47 ----A---- C:\Windows\system32\msfeeds.dll
2013-08-14 23:54:47 ----A---- C:\Windows\system32\iernonce.dll
2013-08-14 23:54:47 ----A---- C:\Windows\system32\ie4uinit.exe
2013-08-14 23:54:46 ----A---- C:\Windows\system32\urlmon.dll
2013-08-14 23:54:46 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 23:54:46 ----A---- C:\Windows\system32\iesysprep.dll
2013-08-14 23:54:45 ----A---- C:\Windows\system32\iertutil.dll
2013-08-14 23:54:43 ----A---- C:\Windows\system32\wininet.dll
2013-08-14 23:54:40 ----A---- C:\Windows\system32\ieframe.dll
2013-08-14 23:54:38 ----A---- C:\Windows\system32\mshtml.dll
2013-08-14 19:46:32 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2013-08-14 19:46:21 ----A---- C:\Windows\system32\rpcrt4.dll
2013-08-14 19:46:19 ----A---- C:\Windows\system32\wintrust.dll
2013-08-14 19:46:19 ----A---- C:\Windows\system32\cryptsvc.dll
2013-08-14 19:46:19 ----A---- C:\Windows\system32\cryptnet.dll
2013-08-14 19:46:19 ----A---- C:\Windows\system32\crypt32.dll
2013-08-14 19:46:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-08-14 19:46:14 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-08-14 19:46:14 ----A---- C:\Windows\system32\ntdll.dll
2013-08-14 19:46:04 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-08-14 19:43:57 ----A---- C:\Windows\system32\WMVDECOD.DLL
2013-08-14 19:40:24 ----A---- C:\Windows\system32\tzres.dll
2013-08-14 18:42:01 ----D---- C:\Users\xxx\AppData\Roaming\Fighters
2013-08-14 18:41:12 ----D---- C:\ProgramData\Fighters
2013-08-14 17:35:02 ----D---- C:\Users\xxx\AppData\Roaming\Blueberry
2013-08-14 17:34:45 ----D---- C:\Users\xxx\AppData\Roaming\LogSys
2013-08-14 17:34:43 ----D---- C:\ProgramData\LogSys
2013-08-14 07:34:53 ----D---- C:\Program Files\Seznam.cz
2013-08-14 07:31:22 ----D---- C:\Users\xxx\AppData\Roaming\SMRecorder
2013-08-14 07:29:30 ----A---- C:\Users\xxx\AppData\Roaming\CamShapes.ini
2013-08-14 07:29:30 ----A---- C:\Users\xxx\AppData\Roaming\CamLayout.ini
2013-08-14 07:29:30 ----A---- C:\Users\xxx\AppData\Roaming\Camdata.ini
2013-08-12 21:21:26 ----D---- C:\Program Files\Common Files\Apple
2013-08-12 21:21:16 ----D---- C:\ProgramData\Apple
2013-08-12 21:21:16 ----D---- C:\Program Files\Apple Software Update
2013-08-10 17:22:38 ----D---- C:\ProgramData\MetaQuotes
2013-08-09 22:59:46 ----D---- C:\Windows\system32\MRT
2013-08-07 20:51:44 ----D---- C:\ProgramData\MGS
2013-08-07 20:51:44 ----D---- C:\Microgaming
2013-08-07 12:53:54 ----D---- C:\Windows\system32\Adobe
2013-08-06 13:05:25 ----D---- C:\Program Files\MAXON
2013-08-06 10:10:54 ----D---- C:\Program Files\Unity
2013-08-02 10:56:33 ----D---- C:\ProgramData\Bitstream
2013-07-31 21:40:20 ----D---- C:\ProgramData\Stardock
2013-07-31 19:50:17 ----D---- C:\Users\xxx\AppData\Roaming\Rainmeter
2013-07-31 19:50:13 ----D---- C:\Program Files\Rainmeter
2013-07-31 17:36:48 ----D---- C:\ProgramData\Package Cache
2013-07-31 16:07:35 ----D---- C:\Program Files\Regino v5.0
2013-07-30 18:19:38 ----D---- C:\Users\xxx\AppData\Roaming\Unity
2013-07-30 17:32:55 ----D---- C:\ProgramData\Unity
2013-07-30 14:34:02 ----D---- C:\Users\xxx\AppData\Roaming\NewSoft

======List of files/folders modified in the last 1 month======

2013-08-28 19:14:31 ----D---- C:\Windows\Prefetch
2013-08-28 19:14:23 ----D---- C:\Windows\Temp
2013-08-28 19:14:18 ----RD---- C:\Program Files
2013-08-28 17:46:03 ----D---- C:\ProgramData\SEarch-NNewiTeaub
2013-08-28 17:46:03 ----D---- C:\ProgramData\BrOwwsae2saevEe
2013-08-28 16:30:02 ----D---- C:\Windows\system32\config
2013-08-28 13:10:25 ----D---- C:\Users\xxx\AppData\Roaming\MAXON
2013-08-28 12:23:43 ----A---- C:\Windows\win.ini
2013-08-28 12:23:40 ----HD---- C:\ProgramData
2013-08-28 12:23:18 ----D---- C:\Windows
2013-08-28 11:53:01 ----D---- C:\Windows\system32\NDF
2013-08-28 11:44:07 ----D---- C:\Windows\System32
2013-08-28 11:44:07 ----D---- C:\Windows\inf
2013-08-28 11:44:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-08-28 11:42:12 ----D---- C:\Windows\system32\DriverStore
2013-08-28 11:42:12 ----D---- C:\Windows\system32\drivers
2013-08-28 11:42:12 ----D---- C:\Windows\system32\catroot
2013-08-28 08:00:11 ----D---- C:\Windows\system32\RTCOM
2013-08-28 07:58:26 ----D---- C:\Users\xxx\AppData\Roaming\uTorrent
2013-08-28 07:57:18 ----D---- C:\Windows\debug
2013-08-27 13:46:42 ----D---- C:\Users\xxx\AppData\Roaming\SearchProtect
2013-08-27 13:46:37 ----D---- C:\Program Files\Conduit
2013-08-27 11:41:14 ----D---- C:\Users\xxx\AppData\Roaming\Seznam.cz
2013-08-27 11:31:34 ----SHD---- C:\System Volume Information
2013-08-27 11:10:30 ----D---- C:\Program Files\Secure Speed Dial
2013-08-27 11:02:09 ----SHD---- C:\Windows\Installer
2013-08-26 06:59:09 ----D---- C:\Windows\system32\catroot2
2013-08-25 13:17:23 ----D---- C:\Windows\system32\Tasks
2013-08-25 13:17:21 ----D---- C:\Windows\Tasks
2013-08-22 10:56:42 ----D---- C:\Windows\system32\wdi
2013-08-22 10:36:34 ----D---- C:\Program Files\Common Files
2013-08-21 20:55:56 ----D---- C:\Users\xxx\AppData\Roaming\OpenCandy
2013-08-21 20:49:32 ----SD---- C:\Users\xxx\AppData\Roaming\Microsoft
2013-08-21 10:03:10 ----A---- C:\Windows\system32\sqlite3.dll
2013-08-19 09:47:10 ----D---- C:\Windows\ModemLogs
2013-08-17 07:00:52 ----D---- C:\Windows\winsxs
2013-08-17 06:59:40 ----D---- C:\Windows\Downloaded Installations
2013-08-16 20:27:00 ----D---- C:\Windows\Microsoft.NET
2013-08-16 20:26:18 ----RSD---- C:\Windows\assembly
2013-08-15 21:45:54 ----SD---- C:\ProgramData\Microsoft
2013-08-15 12:44:44 ----D---- C:\Windows\rescache
2013-08-15 10:38:27 ----D---- C:\ProgramData\Google
2013-08-15 10:38:27 ----D---- C:\Program Files\Google
2013-08-15 06:17:49 ----D---- C:\Windows\system32\cs-CZ
2013-08-15 06:17:47 ----D---- C:\Program Files\Internet Explorer
2013-08-15 00:00:29 ----A---- C:\Windows\system32\MRT.exe
2013-08-15 00:00:09 ----D---- C:\ProgramData\Microsoft Help
2013-08-14 19:27:56 ----RSD---- C:\Windows\Fonts
2013-08-14 17:34:43 ----D---- C:\Windows\Help
2013-08-13 08:48:34 ----D---- C:\Users\xxx\AppData\Roaming\Apple Computer
2013-08-12 10:24:41 ----D---- C:\Users\xxx\AppData\Roaming\Systweak
2013-08-11 14:01:24 ----D---- C:\Program Files\Common Files\Adobe AIR
2013-08-10 16:04:37 ----D---- C:\Users\xxx\AppData\Roaming\Canon
2013-08-10 16:03:31 ----D---- C:\Windows\system32\FxsTmp
2013-08-06 12:59:21 ----D---- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite
2013-08-05 22:31:03 ----D---- C:\Users\xxx\AppData\Roaming\vlc
2013-08-02 17:19:06 ----D---- C:\Users\xxx\AppData\Roaming\Audacity
2013-08-02 14:11:31 ----D---- C:\Program Files\Smith Micro
2013-08-02 14:08:14 ----D---- C:\Users\xxx\AppData\Roaming\Poser Pro
2013-07-31 16:07:48 ----A---- C:\Windows\system.ini
2013-07-30 14:47:56 ----D---- C:\Windows\Logs
2013-07-30 09:05:12 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-07-29 22:04:05 ----D---- C:\Users\xxx\AppData\Roaming\dvdcss
2013-07-29 11:27:10 ----D---- C:\ProgramData\Razer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-05-09 49376]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-07-15 175176]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2013-05-22 15672]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-05-02 466008]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-05-09 61680]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-07-15 770344]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-07-15 369584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-05-09 56080]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-11 242240]
R3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]
R3 FileMonitor;FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2013-03-23 21480]
R3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2012-04-23 95616]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2012-04-23 76544]
R3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2012-04-23 27520]
R3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2012-04-23 202752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2013-05-21 2666248]
R3 moufiltr;Tablet Mouse Filter Driver; C:\Windows\system32\DRIVERS\moufiltr.sys [2009-03-08 6144]
R3 RegFilter;RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2013-03-26 31752]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [2012-11-16 10088]
R3 UrlFilter;UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2013-03-26 20944]
R3 vhidmini;Generic Virtual HID Driver; C:\Windows\system32\DRIVERS\walvhid.sys [2009-08-20 6144]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 DFX11_1;DFX Audio Enhancer 11.1; C:\Windows\system32\drivers\dfx11_1.sys [2012-12-13 24424]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
S3 FETNDIS;VIA Rhine-Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6.sys [2009-07-14 44032]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2013-07-21 14848]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-07-21 49664]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinRing0_1_2_0;WinRing0_1_2_0; C:\Windows\system32\drivers\WinRing0_1_2_0.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6; C:\Program Files\IObit\Advanced SystemCare Ultimate\ascsvc.exe [2012-12-13 1051088]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus; C:\Program Files\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [2013-07-08 623936]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 CltMngSvc;Search Protect by Conduit Updater; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [2013-05-08 97056]
R2 Freemake Improver;Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-08-22 101888]
R2 IMFservice;IMF Service; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [2013-04-25 335168]
R2 MbnExt;Mobile Broadband Extension Service; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2013-01-31 1724192]
R2 WTService;WTService; C:\Windows\system32\atwtusb.exe [2010-04-13 519912]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-12 136176]
S2 SecureUpdateSvc;SecureUpdate; C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe [2013-08-21 2460496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-30 257416]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-04-13 647680]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-12 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-06 1343400]
S4 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba; C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-05-14 759048]
S4 AppHostSvc;Pomocná služba hostitele aplikace; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2013-07-05 807800]
S4 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 97432]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 W3SVC;Služba Publikování na webu; C:\Windows\system32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

Re: Nákaza - wuaudit.exe a rundll32.exe

Napsal: 28 srp 2013 19:38
od vyosek
Zdravim :)

:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: Nákaza - wuaudit.exe a rundll32.exe

Napsal: 29 srp 2013 09:09
od tejt
Dobrý den, a děkuji mockrát za vaši odpověď, ale hlavně radu. :)
Ráno při startu PC mi to hlásilo že byl nenalezen soubor C:\...AppData\Local\Temp\tsiVi432.dll Nevím jestli je to s tím, proč jsem vás oslovil, nějak spjato, ale říkám si, že raději aby jste o tom věděli.
Rkill jsem spustil i z toho dalšího odkazu, protože mi to hlásilo sice že "Rkill finished", ale bylo to jako chybové okno, tak nevím. Vždy byla zpráva stejná.Textový soubor (Log) jsem projistotu vždy přejmenoval. Říkal jsem si že to možná vytvoří soubor (zprávu) se stejným názvem, a bude se to navzájem kopat.
ComboFix jsem spustil, ale nešel mi zastavit AdvancedSystemCare, tak jsem jej odinstaloval, Odinstaloval jsem i IObit Malware, který jsem se dočetl že stojí za prd. Snad mi kámoš prozradí znovu na AdSysCare klíč, teda jestli mi ho doporučíte.
ComboFix mi také restartoval celé PC (při tomto spuštění systému mi už PC nehlásil že "tsiVi432.dll" nebyl nalezen), tak si nejsem jist, jestli to nějak ovlivní i tem RKill.

Log z RKill:

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/29/2013 08:38:42 AM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 08/29/2013 08:38:58 AM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)



Log z ComboFix :


ComboFix 13-08-29.01 - xxx 29.08.2013 9:31.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3070.2058 [GMT 2:00]
Spuštěný z: c:\users\xxx\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\BrOwwsae2saevEe
c:\programdata\BrOwwsae2saevEe\5148ff8928a8e.tlb
c:\programdata\SEarch-NNewiTeaub
c:\programdata\SEarch-NNewiTeaub\5148ffb58df62.tlb
c:\programdata\SEarch-NNewiTeaub\settings.ini
c:\users\xxx\AppData\Roaming\SearchProtect
c:\users\xxx\AppData\Roaming\SearchProtect\bin\cltmng.exe
c:\users\xxx\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe
c:\users\xxx\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll
c:\users\xxx\AppData\Roaming\SearchProtect\bin\ChromeModule.dll
c:\users\xxx\AppData\Roaming\SearchProtect\bin\initData.ch
c:\users\xxx\AppData\Roaming\SearchProtect\bin\initData.ie
c:\users\xxx\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll
c:\users\xxx\AppData\Roaming\SearchProtect\bin\msvcp100.dll
c:\users\xxx\AppData\Roaming\SearchProtect\bin\msvcr100.dll
c:\users\xxx\AppData\Roaming\SearchProtect\bin\rep.dat
c:\users\xxx\AppData\Roaming\SearchProtect\bin\SPHook32.dll
c:\users\xxx\AppData\Roaming\SearchProtect\bin\SPRunner.exe
c:\users\xxx\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js
c:\users\xxx\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js
c:\users\xxx\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js
c:\users\xxx\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css
c:\users\xxx\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js
c:\users\xxx\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png
c:\users\xxx\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png
c:\users\xxx\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png
c:\users\xxx\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\users\xxx\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\users\xxx\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html
c:\users\xxx\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png
c:\users\xxx\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png
c:\users\xxx\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png
c:\users\xxx\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html
c:\users\xxx\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css
c:\users\xxx\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\abstraction.js
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\application.js
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul
c:\users\xxx\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN
c:\users\xxx\AppData\Roaming\SearchProtect\Res\SPSetup.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-28 do 2013-08-29 )))))))))))))))))))))))))))))))
.
.
2013-08-29 07:40 . 2013-08-29 07:43 -------- d-----w- c:\users\xxx\AppData\Local\temp
2013-08-29 06:26 . 2013-08-29 06:26 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BCE564D-DE92-470B-B8CB-62820D3B29E0}\offreg.dll
2013-08-28 17:14 . 2013-08-28 17:49 -------- d-----w- C:\rsit
2013-08-28 17:14 . 2013-08-28 17:14 -------- d-----w- c:\program files\trend micro
2013-08-27 13:18 . 2013-08-27 13:18 -------- d-----w- c:\users\xxx\Kuroyume
2013-08-27 11:47 . 2013-08-27 11:48 -------- d-----w- c:\program files\Freedom Download Manager
2013-08-27 10:51 . 2013-08-27 10:51 -------- d-----w- c:\users\xxx\AppData\Local\GHISLER
2013-08-27 10:41 . 2013-08-27 10:48 -------- d-----w- C:\totalcmd
2013-08-27 10:41 . 2013-08-27 10:41 -------- d-----w- c:\users\xxx\AppData\Roaming\GHISLER
2013-08-27 07:48 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BCE564D-DE92-470B-B8CB-62820D3B29E0}\mpengine.dll
2013-08-26 05:41 . 2013-08-26 05:41 -------- d-----w- c:\users\xxx\AppData\Local\gtk-2.0
2013-08-25 10:58 . 2013-08-25 10:58 -------- d-----w- c:\users\xxx\AppData\Roaming\PSpad
2013-08-25 09:00 . 2013-08-25 09:00 -------- d-----w- c:\users\xxx\AppData\Local\FileViewPro
2013-08-25 09:00 . 2013-08-25 09:00 -------- d-----w- c:\programdata\IsolatedStorage
2013-08-25 09:00 . 2013-08-25 09:00 -------- d-----w- c:\users\xxx\AppData\Roaming\IsolatedStorage
2013-08-25 08:59 . 2013-08-25 11:17 -------- d-----w- c:\users\xxx\AppData\Roaming\Solvusoft
2013-08-25 08:59 . 2012-10-15 15:02 17840 ----a-w- c:\windows\system32\roboot.exe
2013-08-25 08:58 . 2013-08-27 09:41 -------- d-----w- C:\Spacekace
2013-08-25 08:53 . 2013-08-25 08:53 -------- d-----w- c:\users\xxx\.idlerc
2013-08-22 08:50 . 2013-08-22 08:50 -------- d-----w- c:\users\xxx\AppData\Local\TechSmith
2013-08-22 08:39 . 2013-08-22 08:39 -------- d-----w- c:\users\xxx\AppData\Roaming\TechSmith
2013-08-22 08:36 . 2013-08-22 08:36 -------- d-----w- c:\programdata\regid.1995-08.com.techsmith
2013-08-22 08:36 . 2013-08-22 08:36 -------- d-----w- c:\program files\QuickTime
2013-08-22 08:36 . 2013-08-22 08:36 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2013-08-22 08:36 . 2013-08-22 08:36 -------- d-----w- c:\programdata\TechSmith
2013-08-22 08:36 . 2013-08-22 08:36 -------- d-----w- c:\program files\TechSmith
2013-08-21 19:20 . 2013-08-21 19:20 -------- d-----w- c:\program files\FreeTime
2013-08-21 19:02 . 2013-08-21 19:12 -------- d-----w- c:\users\xxx\AppData\Local\WMTools Downloaded Files
2013-08-21 18:57 . 2013-08-21 18:57 -------- d-----w- c:\users\xxx\AppData\Local\FreemakeVideoConverter
2013-08-21 18:56 . 2013-08-21 18:57 -------- d-----w- c:\programdata\Freemake
2013-08-21 18:55 . 2013-08-21 18:56 -------- d-----w- c:\program files\Freemake
2013-08-19 20:19 . 2013-08-19 20:19 -------- d-----w- c:\users\xxx\AppData\Roaming\T-Mobile
2013-08-19 19:30 . 2013-08-19 19:49 -------- d-----w- c:\users\xxx\.android
2013-08-19 07:49 . 2013-08-19 07:49 -------- d-----w- c:\programdata\Gemfor
2013-08-19 07:45 . 2011-08-16 14:40 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-08-19 07:45 . 2011-08-16 14:40 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-08-19 07:45 . 2013-08-19 07:45 -------- d-----w- c:\program files\Huawei
2013-08-17 05:12 . 2013-08-17 05:12 -------- d-----w- c:\users\xxx\AppData\Roaming\stetic
2013-08-17 05:11 . 2013-08-17 05:12 -------- d-----w- c:\users\xxx\AppData\Roaming\MonoDevelop-Unity-2.8
2013-08-17 05:11 . 2013-08-17 05:12 -------- d-----w- c:\users\xxx\AppData\Local\MonoDevelop-Unity-2.8
2013-08-17 05:00 . 2013-08-17 05:00 -------- d-----w- c:\program files\qwined.org
2013-08-14 17:46 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 17:46 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 17:46 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 17:46 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 17:46 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 17:46 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 17:46 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 17:46 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 17:46 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 17:46 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 17:43 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 17:40 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 16:42 . 2013-08-14 16:42 -------- d-----w- c:\users\xxx\AppData\Roaming\Fighters
2013-08-14 16:41 . 2013-08-14 16:42 -------- d-----w- c:\programdata\Fighters
2013-08-14 15:35 . 2013-08-14 16:20 -------- d-----w- c:\users\xxx\AppData\Roaming\Blueberry
2013-08-14 15:34 . 2013-08-14 15:35 -------- d-----w- c:\users\xxx\AppData\Roaming\LogSys
2013-08-14 15:34 . 2013-08-14 15:34 -------- d-----w- c:\programdata\LogSys
2013-08-14 05:34 . 2013-08-14 05:34 -------- d-----w- c:\users\xxx\AppData\Local\Application Data
2013-08-14 05:34 . 2013-08-14 16:46 -------- d-----w- c:\program files\Seznam.cz
2013-08-14 05:31 . 2013-08-14 05:31 -------- d-----w- c:\users\xxx\AppData\Roaming\SMRecorder
2013-08-12 19:21 . 2013-08-12 19:21 -------- d-----w- c:\program files\Common Files\Apple
2013-08-12 19:21 . 2013-08-12 19:21 -------- d-----w- c:\users\xxx\AppData\Local\Apple
2013-08-12 19:21 . 2013-08-12 19:21 -------- d-----w- c:\program files\Apple Software Update
2013-08-12 19:21 . 2013-08-12 19:21 -------- d-----w- c:\programdata\Apple
2013-08-10 15:22 . 2013-08-10 15:22 -------- d-----w- c:\programdata\MetaQuotes
2013-08-09 20:59 . 2013-08-14 22:03 -------- d-----w- c:\windows\system32\MRT
2013-08-07 18:51 . 2013-08-08 09:49 -------- d-----w- c:\programdata\MGS
2013-08-07 18:51 . 2013-08-07 18:51 -------- d-----w- C:\Microgaming
2013-08-07 16:45 . 2013-08-07 16:45 -------- d-----w- c:\users\xxx\AppData\Local\{1F162E48-FB46-4E05-BA2F-175D314AA82A}
2013-08-07 10:53 . 2013-08-07 10:53 -------- d-----w- c:\windows\system32\Adobe
2013-08-06 11:05 . 2013-08-13 16:25 -------- d-----w- c:\program files\MAXON
2013-08-06 08:10 . 2013-08-06 08:16 -------- d-----w- c:\program files\Unity
2013-08-02 08:56 . 2013-08-02 08:56 -------- d-----w- c:\programdata\Bitstream
2013-07-31 19:40 . 2013-07-31 19:40 -------- d-----w- c:\users\xxx\AppData\Local\Stardock
2013-07-31 19:40 . 2013-07-31 19:40 -------- d-----w- c:\programdata\Stardock
2013-07-31 17:50 . 2013-08-02 06:35 -------- d-----w- c:\users\xxx\AppData\Roaming\Rainmeter
2013-07-31 17:50 . 2013-07-31 17:50 -------- d-----w- c:\program files\Rainmeter
2013-07-31 15:36 . 2013-08-27 09:02 -------- d-----w- c:\programdata\Package Cache
2013-07-31 14:13 . 2013-07-31 14:13 -------- d-----w- c:\users\xxx\AppData\Local\Frameworkx.com
2013-07-31 14:07 . 2013-07-31 14:07 -------- d-----w- c:\program files\Regino v5.0
2013-07-30 16:19 . 2013-08-21 06:06 -------- d-----w- c:\users\xxx\AppData\Roaming\Unity
2013-07-30 16:01 . 2013-08-27 10:23 -------- d-----w- c:\users\xxx\AppData\Local\ElevatedDiagnostics
2013-07-30 15:36 . 2013-07-30 15:36 -------- d-----w- c:\users\xxx\AppData\Local\Apple Computer
2013-07-30 15:32 . 2013-08-19 18:49 -------- d-----w- c:\programdata\Unity
2013-07-30 15:32 . 2013-08-06 08:16 -------- d-----w- c:\users\xxx\AppData\Local\Unity
2013-07-30 12:34 . 2013-07-30 12:34 -------- d-----w- c:\users\xxx\AppData\Roaming\NewSoft
2013-07-30 12:33 . 2013-07-30 12:33 -------- d-----w- c:\users\xxx\AppData\Local\NewSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 08:03 . 2013-07-28 12:19 268968 ----a-w- c:\windows\system32\sqlite3.dll
2013-07-30 07:05 . 2013-03-12 08:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-30 07:05 . 2013-03-12 08:08 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-21 07:43 . 2013-07-21 07:43 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe
2013-07-21 07:43 . 2013-07-21 07:43 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-07-21 07:43 . 2013-07-21 07:43 4916224 ----a-w- c:\windows\system32\mstscax.dll
2013-07-21 07:43 . 2013-07-21 07:43 46592 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2013-07-21 07:43 . 2013-07-21 07:43 37376 ----a-w- c:\windows\system32\tsgqec.dll
2013-07-21 07:43 . 2013-07-21 07:43 32768 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2013-07-21 07:43 . 2013-07-21 07:43 317440 ----a-w- c:\windows\system32\wksprt.exe
2013-07-21 07:43 . 2013-07-21 07:43 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-07-21 07:43 . 2013-07-21 07:43 2739712 ----a-w- c:\windows\system32\rdpcorets.dll
2013-07-21 07:43 . 2013-07-21 07:43 269312 ----a-w- c:\windows\system32\aaclient.dll
2013-07-21 07:43 . 2013-07-21 07:43 221184 ----a-w- c:\windows\system32\rdpudd.dll
2013-07-21 07:43 . 2013-07-21 07:43 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2013-07-21 07:43 . 2013-07-21 07:43 16896 ----a-w- c:\windows\system32\wksprtPS.dll
2013-07-21 07:43 . 2013-07-21 07:43 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-07-21 07:43 . 2013-07-21 07:43 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-07-21 07:43 . 2013-07-21 07:43 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-07-21 07:43 . 2013-07-21 07:43 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-07-21 07:43 . 2013-07-21 07:43 1048064 ----a-w- c:\windows\system32\mstsc.exe
2013-07-21 07:42 . 2013-07-21 07:42 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-07-21 07:42 . 2013-07-21 07:42 247808 ----a-w- c:\windows\system32\schannel.dll
2013-07-21 07:42 . 2013-07-21 07:42 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-07-21 07:42 . 2013-07-21 07:42 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-07-21 07:41 . 2013-07-21 07:41 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-07-15 11:35 . 2013-07-15 11:36 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-15 11:35 . 2013-03-21 21:17 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-15 11:35 . 2013-03-21 21:17 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-15 10:58 . 2013-07-15 10:58 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-07-15 10:58 . 2013-07-15 10:58 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-07-15 10:58 . 2013-07-15 10:58 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-17 08:10 . 2013-06-17 08:10 30520 ----a-w- c:\windows\system32\midiwrap3405.deu
2013-06-05 03:05 . 2013-07-10 11:49 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 04:53 . 2013-07-10 11:49 509440 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchProtection"="c:\users\xxx\AppData\Roaming\Search Protection\SearchProtection.EXE" [2013-05-22 740712]
"ConduitFloatingPlugin_ghgmnfeamobhjmillnanbfhmkoeodooi"="c:\program files\Conduit\CT3303217\plugins\TBVerifier.dll" [1617-11-28 287008]
"T-Mobile CManager"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2012-07-14 1841264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-07-05 1303360]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-05-21 11947080]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-7-21 37048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
start AMD Accelerated Video Transcoding device initialization [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
"SearchProtect"=c:\users\xxx\AppData\Roaming\SearchProtect\bin\cltmng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"SearchProtectAll"=c:\program files\SearchProtect\bin\cltmng.exe
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
R2 SecureUpdateSvc;SecureUpdate;c:\program files\Secure Speed Dial\IE\SecureUpdate.exe [2013-08-21 2460496]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1.sys [2012-12-13 24424]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-07-21 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-07-21 49664]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-06 1343400]
R3 WinRing0_1_2_0;WinRing0_1_2_0; [x]
R4 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-05-14 759048]
R4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2013-07-05 807800]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2013-05-22 15672]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-16 217088]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\SearchProtect\bin\CltMngSvc.exe [2013-05-08 97056]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-08-22 101888]
S2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2013-01-31 1724192]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2010-04-13 519912]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-11 242240]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-04-23 95616]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-04-23 76544]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-04-23 27520]
S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-04-23 202752]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [2012-11-16 10088]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
MbnExt REG_MULTI_SZ MbnExt
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-21 16:38 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-12 07:05]
.
2013-08-29 c:\windows\Tasks\AmiUpdXp.job
- c:\users\xxx\AppData\Local\SwvUpdater\Updater.exe [2013-05-04 10:01]
.
2013-08-27 c:\windows\Tasks\Driver Booster Startup.job
- c:\program files\IObit\Driver Booster\DriverBooster.exe [2013-07-28 16:11]
.
2013-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-12 12:07]
.
2013-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-12 12:07]
.
2013-08-28 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2013-07-28 12:14]
.
2013-08-28 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2013-07-28 12:14]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN31564753502410478&UM=2&ctid=CT3303217
mStart Page = hxxp://google.apsolo.com
mWindow Title = Microsoft Internet Explorer
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{5BFEFF94-6411-4B74-A947-4969134B24DE} - (no file)
URLSearchHooks-{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
Toolbar-{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
Toolbar-{5BFEFF94-6411-4B74-A947-4969134B24DE} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
.
**************************************************************************
.
Celkový čas: 2013-08-29 09:46:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-08-29 07:46
.
Před spuštěním: 7 779 807 232
Po spuštění: 7 634 100 224
.
- - End Of File - - C25E6A025DF59393EBA2027B2E8DEC70
A36C5E4F47E84449FF07ED3517B43A31

Re: Nákaza - wuaudit.exe a rundll32.exe

Napsal: 29 srp 2013 09:24
od vyosek
:arrow: Advanced SystemCare 5 a IObit Malware Fighter a nasledne i vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti. Do PC je zpatky nedavejte

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Re: Nákaza - wuaudit.exe a rundll32.exe

Napsal: 29 srp 2013 09:47
od tejt
Tak hotovo a vkládám Log. :)
Chci se zeptat co by jste mi doporučil na čištění a zrychlení PC, případně i antivir.

Log z AdwCleaner:

# AdwCleaner v3.001 - Report created 29/08/2013 at 10:40:11
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : xxx - XXX-PC
# Running from : C:\Users\xxx\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Application Updater
Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\RegClean Pro
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Users\xxx\AppData\Local\Conduit
Folder Deleted : C:\Users\xxx\AppData\Local\cre
Folder Deleted : C:\Users\xxx\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\xxx\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\xxx\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\xxx\AppData\Roaming\Babylon
Folder Deleted : C:\Users\xxx\AppData\Roaming\NCdownloader
Folder Deleted : C:\Users\xxx\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\xxx\AppData\Roaming\search protection
Folder Deleted : C:\Users\xxx\AppData\Roaming\Systweak
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\RegClean Pro.lnk
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp
File Deleted : C:\Windows\Tasks\RegClean Pro_DEFAULT.job
File Deleted : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
File Deleted : C:\Windows\Tasks\RegClean Pro_UPDATES.job
File Deleted : C:\Windows\System32\Tasks\RegClean Pro_UPDATES

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A43DB35-997F-4334-8279-C74AAC455941}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A43DB35-997F-4334-8279-C74AAC455941}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74128530-3D41-4D73-951E-708EDD2078FC}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74128530-3D41-4D73-951E-708EDD2078FC}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28A7F121-922E-407B-ACFD-0F407F3B033F}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28A7F121-922E-407B-ACFD-0F407F3B033F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_ghgmnfeamobhjmillnanbfhmkoeodooi]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [6096 octets] - [29/08/2013 10:39:14]
AdwCleaner[S0].txt - [6118 octets] - [29/08/2013 10:40:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6178 octets] ##########

Re: Nákaza - wuaudit.exe a rundll32.exe

Napsal: 29 srp 2013 09:49
od vyosek
:arrow: Antivir doporucuji Avast Free. Na udrzbu PC CCleaner+Defraggler

:arrow: Poprosim o DDS http://forum.viry.cz/viewtopic.php?f=13&t=125171

Re: Nákaza - wuaudit.exe a rundll32.exe

Napsal: 29 srp 2013 10:21
od tejt
Avast Free mám, a ten CCleaner jsem slyšel, že není moc dobrej, ale dám na vás. Nechám si poradit lidma co s tím pracují, než někým, kdo "kolem toho jen chodí". :) :D

DDS :

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by xxx at 11:15:09 on 2013-08-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3070.2197 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
C:\Windows\system32\atwtusb.exe
C:\Windows\system32\atwtusb.exe
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k MbnExt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://google.apsolo.com
mWindow Title = Microsoft Internet Explorer
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SearchProtection] "c:\users\xxx\appdata\roaming\search protection\SearchProtection.EXE" /autostart
uRun: [T-Mobile CManager] "c:\program files\t-mobile\web'n'walk manager\Manager.exe" -autorun
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [RTHDVCPL] "c:\program files\realtek\audio\hda\RtHDVCpl.exe" -s
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
StartupFolder: c:\users\xxx\appdata\roaming\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{4EB6F412-01C8-1B58-4AD6-4B242C0EE614} : NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{59CCCE1F-7DBA-45BC-B65C-6DE8A2A0C4B6} : NameServer =
TCP: Interfaces\{EB6A1488-3FA0-4333-A0C5-FD040CD14269} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F057984F-B14D-44D6-BD4C-E4AD4538EF7F} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-7-15 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-7-15 175176]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2013-7-21 15672]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-7-15 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-7-15 369584]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-7-15 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-7-15 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-7-15 46808]
R2 Freemake Improver;Freemake Improver;c:\programdata\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2013-8-21 101888]
R2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe -k MbnExt [2009-7-14 20992]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2013\TuneUpUtilitiesService32.exe [2013-1-31 1724192]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-3-11 242240]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2013-8-28 11136]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\drivers\fetnd6v.sys [2008-9-22 43520]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2013-8-28 95616]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-8-28 76544]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2013-8-28 27520]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\drivers\ew_juwwanecm.sys [2013-8-28 202752]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2013\TuneUpUtilitiesDriver32.sys [2012-11-16 10088]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SecureUpdateSvc;SecureUpdate;c:\program files\secure speed dial\ie\SecureUpdate.exe [2013-7-28 2460496]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1.sys [2012-12-13 24424]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-8-28 102784]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-7-21 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-7-21 49664]
S3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\wat\WatAdminSvc.exe [2013-3-6 1343400]
S4 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba;c:\program files\abbyy pdf transformer 3.0\NetworkLicenseServer.exe [2009-5-14 759048]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\NOTEPAD.EXE=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-08-29 08:42:16 -------- d-----w- c:\programdata\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2013-08-29 08:39:09 -------- d-----w- C:\AdwCleaner
2013-08-29 07:43:03 -------- d-----w- C:\$RECYCLE.BIN
2013-08-29 07:40:53 -------- d-----w- c:\users\xxx\appdata\local\temp
2013-08-29 07:28:35 98816 ----a-w- c:\windows\sed.exe
2013-08-29 07:28:35 256000 ----a-w- c:\windows\PEV.exe
2013-08-29 07:28:35 208896 ----a-w- c:\windows\MBR.exe
2013-08-29 06:26:57 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5bce564d-de92-470b-b8cb-62820d3b29e0}\offreg.dll
2013-08-28 17:14:18 -------- d-----w- c:\program files\trend micro
2013-08-27 13:18:32 -------- d-----w- c:\users\xxx\Kuroyume
2013-08-27 11:47:37 -------- d-----w- c:\program files\Freedom Download Manager
2013-08-27 10:51:51 -------- d-----w- c:\users\xxx\appdata\local\GHISLER
2013-08-27 10:41:50 -------- d-----w- c:\users\xxx\appdata\roaming\GHISLER
2013-08-27 10:41:50 -------- d-----w- C:\totalcmd
2013-08-27 07:48:45 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5bce564d-de92-470b-b8cb-62820d3b29e0}\mpengine.dll
2013-08-26 05:41:53 -------- d-----w- c:\users\xxx\appdata\local\gtk-2.0
2013-08-25 10:58:23 -------- d-----w- c:\users\xxx\appdata\roaming\PSpad
2013-08-25 09:00:31 -------- d-----w- c:\users\xxx\appdata\local\FileViewPro
2013-08-25 09:00:27 -------- d-----w- c:\programdata\IsolatedStorage
2013-08-25 09:00:26 -------- d-----w- c:\users\xxx\appdata\roaming\IsolatedStorage
2013-08-25 08:59:11 -------- d-----w- c:\users\xxx\appdata\roaming\Solvusoft
2013-08-25 08:58:08 -------- d-----w- C:\Spacekace
2013-08-25 08:53:31 -------- d-----w- c:\users\xxx\.idlerc
2013-08-22 08:50:23 -------- d-----w- c:\users\xxx\appdata\local\TechSmith
2013-08-22 08:39:05 -------- d-----w- c:\users\xxx\appdata\roaming\TechSmith
2013-08-22 08:36:49 -------- d-----w- c:\programdata\regid.1995-08.com.techsmith
2013-08-22 08:36:34 -------- d-----w- c:\program files\common files\TechSmith Shared
2013-08-21 19:20:43 -------- d-----w- c:\program files\FreeTime
2013-08-21 19:02:20 -------- d-----w- c:\users\xxx\appdata\local\WMTools Downloaded Files
2013-08-21 18:57:14 -------- d-----w- c:\users\xxx\appdata\local\FreemakeVideoConverter
2013-08-21 18:56:23 -------- d-----w- c:\programdata\Freemake
2013-08-21 18:55:56 -------- d-----w- c:\program files\Freemake
2013-08-19 20:19:21 -------- d-----w- c:\users\xxx\appdata\roaming\T-Mobile
2013-08-19 19:30:13 -------- d-----w- c:\users\xxx\.android
2013-08-19 07:49:52 -------- d-----w- c:\programdata\Gemfor
2013-08-19 07:45:29 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-08-19 07:45:29 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-08-19 07:45:08 -------- d-----w- c:\program files\Huawei
2013-08-17 05:12:09 -------- d-----w- c:\users\xxx\appdata\roaming\stetic
2013-08-17 05:11:59 -------- d-----w- c:\users\xxx\appdata\roaming\MonoDevelop-Unity-2.8
2013-08-17 05:11:50 -------- d-----w- c:\users\xxx\appdata\local\MonoDevelop-Unity-2.8
2013-08-17 05:00:36 -------- d-----w- c:\program files\qwined.org
2013-08-14 17:46:32 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 17:46:21 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 17:46:19 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 17:46:19 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 17:46:19 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 17:46:19 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 17:46:15 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 17:46:14 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 17:46:14 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 17:46:04 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 17:43:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 17:40:24 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 16:42:01 -------- d-----w- c:\users\xxx\appdata\roaming\Fighters
2013-08-14 16:41:12 -------- d-----w- c:\programdata\Fighters
2013-08-14 15:35:02 -------- d-----w- c:\users\xxx\appdata\roaming\Blueberry
2013-08-14 15:34:45 -------- d-----w- c:\users\xxx\appdata\roaming\LogSys
2013-08-14 15:34:43 -------- d-----w- c:\programdata\LogSys
2013-08-14 05:34:57 -------- d-----w- c:\users\xxx\appdata\local\Application Data
2013-08-14 05:34:53 -------- d-----w- c:\program files\Seznam.cz
2013-08-14 05:31:22 -------- d-----w- c:\users\xxx\appdata\roaming\SMRecorder
2013-08-12 19:21:19 -------- d-----w- c:\users\xxx\appdata\local\Apple
2013-08-10 15:22:38 -------- d-----w- c:\programdata\MetaQuotes
2013-08-09 20:59:46 -------- d-----w- c:\windows\system32\MRT
2013-08-07 18:51:44 -------- d-----w- c:\programdata\MGS
2013-08-07 18:51:44 -------- d-----w- C:\Microgaming
2013-08-07 16:45:46 -------- d-----w- c:\users\xxx\appdata\local\{1F162E48-FB46-4E05-BA2F-175D314AA82A}
2013-08-07 10:53:54 -------- d-----w- c:\windows\system32\Adobe
2013-08-06 11:05:25 -------- d-----w- c:\program files\MAXON
2013-08-06 08:10:54 -------- d-----w- c:\program files\Unity
2013-08-02 08:56:33 -------- d-----w- c:\programdata\Bitstream
2013-07-31 19:40:23 -------- d-----w- c:\users\xxx\appdata\local\Stardock
2013-07-31 19:40:20 -------- d-----w- c:\programdata\Stardock
2013-07-31 17:50:17 -------- d-----w- c:\users\xxx\appdata\roaming\Rainmeter
2013-07-31 17:50:13 -------- d-----w- c:\program files\Rainmeter
2013-07-31 15:36:48 -------- d-----w- c:\programdata\Package Cache
2013-07-31 14:13:53 -------- d-----w- c:\users\xxx\appdata\local\Frameworkx.com
2013-07-31 14:07:35 -------- d-----w- c:\program files\Regino v5.0
2013-07-30 16:19:38 -------- d-----w- c:\users\xxx\appdata\roaming\Unity
2013-07-30 16:01:37 -------- d-----w- c:\users\xxx\appdata\local\ElevatedDiagnostics
2013-07-30 15:36:59 -------- d-----w- c:\users\xxx\appdata\local\Apple Computer
2013-07-30 15:32:55 -------- d-----w- c:\programdata\Unity
2013-07-30 15:32:12 -------- d-----w- c:\users\xxx\appdata\local\Unity
2013-07-30 12:34:02 -------- d-----w- c:\users\xxx\appdata\roaming\NewSoft
2013-07-30 12:33:57 -------- d-----w- c:\users\xxx\appdata\local\NewSoft
.
==================== Find3M ====================
.
2013-08-21 08:03:10 268968 ----a-w- c:\windows\system32\sqlite3.dll
2013-07-30 07:05:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-30 07:05:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-26 03:13:24 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-26 01:59:38 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-07-21 07:42:27 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-07-21 07:42:27 247808 ----a-w- c:\windows\system32\schannel.dll
2013-07-21 07:42:27 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-07-21 07:42:27 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-07-21 07:41:42 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-07-15 11:35:58 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-15 11:35:54 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-15 11:35:54 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-15 10:58:39 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-07-15 10:58:39 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-17 08:10:51 30520 ----a-w- c:\windows\system32\midiwrap3405.deu
2013-06-05 03:05:09 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 04:53:07 509440 ----a-w- c:\windows\system32\qedit.dll
.
============= FINISH: 11:15:35,58 ===============

Re: Nákaza - wuaudit.exe a rundll32.exe

Napsal: 29 srp 2013 19:35
od vyosek
:arrow: To by me zajimalo kdo o CCleaneru povidal neco spatneho...Naopak ja slysel, ale i zkusenosti z osobnich oprav nebo i kolegu na foru potvrzuji, ze ty kramy od IOBIt pekne posilaji PC do kytek a opravi je jen reinstal. CCleaner je provereny tisice lidmi a mnoha lety zkusenosti...

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

DDS::
uRun: [SearchProtection] "c:\users\xxx\appdata\roaming\search protection\SearchProtection.EXE" /autostart
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT3303217

Folder::
c:\users\xxx\appdata\roaming\search protection
c:\program files\Common Files\Spigot

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchProtection"=-
"ConduitFloatingPlugin_ghgmnfeamobhjmillnanbfhmkoeodooi"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

File::
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AmiUpdXp.job
C:\Windows\tasks\Driver Booster Startup.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\RegClean Pro_DEFAULT.job
C:\Windows\tasks\RegClean Pro_UPDATES.job

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Nákaza - wuaudit.exe a rundll32.exe

Napsal: 30 srp 2013 09:57
od tejt
S tím CCleanerem to neberte vůbec nějak vážně, to mi povídali známí, kteří soudí podobně jako já, že když jim to ukáže více nalezených chyb a oprav, tak to bude asi lepší program. Jde o to, jestli ty chyby a opravy jsou závažné a důležité, nebo je to nesmyslný proces. Já dám každopádně na vás. Přiznám se že jsem rád, když zapnu PC :D ,natož abych dělal z vlastního rozhodnutí něco, s čím mi např. nyní pomáháte a vedete. Za to vám obrovský dík. :worship:
Když jsem vyhazoval zbytky IObit a Ad.Sys.Care, tak mi to vzalo i ten DriverBooster, a dokonce zmizel i RegCleanPro. Alenechal jsem to i tak tím ComboFixem projet, aby to vymetlo i tem zbytek po nich. Snad jsem neudělal chybu.

Log z ComboFif:

ComboFix 13-08-29.01 - xxx 30.08.2013 10:28:16.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3070.2044 [GMT 2:00]
Spuštěný z: c:\users\xxx\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\xxx\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\AmiUpdXp.job"
"c:\windows\tasks\Driver Booster Startup.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\RegClean Pro_DEFAULT.job"
"c:\windows\tasks\RegClean Pro_UPDATES.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-28 do 2013-08-30 )))))))))))))))))))))))))))))))
.
.
2013-08-30 08:37 . 2013-08-30 08:37 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-08-30 08:37 . 2013-08-30 08:37 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-08-30 08:37 . 2013-08-30 08:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-30 08:37 . 2013-08-30 08:37 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-08-29 08:39 . 2013-08-29 08:40 -------- d-----w- C:\AdwCleaner
2013-08-29 07:40 . 2013-08-30 08:40 -------- d-----w- c:\users\xxx\AppData\Local\temp
2013-08-29 06:26 . 2013-08-29 06:26 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BCE564D-DE92-470B-B8CB-62820D3B29E0}\offreg.dll
2013-08-28 17:14 . 2013-08-28 17:49 -------- d-----w- C:\rsit
2013-08-28 17:14 . 2013-08-28 17:14 -------- d-----w- c:\program files\trend micro
2013-08-27 13:18 . 2013-08-27 13:18 -------- d-----w- c:\users\xxx\Kuroyume
2013-08-27 11:47 . 2013-08-27 11:48 -------- d-----w- c:\program files\Freedom Download Manager
2013-08-27 10:51 . 2013-08-27 10:51 -------- d-----w- c:\users\xxx\AppData\Local\GHISLER
2013-08-27 10:41 . 2013-08-29 09:48 -------- d-----w- C:\totalcmd
2013-08-27 10:41 . 2013-08-27 10:41 -------- d-----w- c:\users\xxx\AppData\Roaming\GHISLER
2013-08-27 07:48 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BCE564D-DE92-470B-B8CB-62820D3B29E0}\mpengine.dll
2013-08-26 05:41 . 2013-08-26 05:41 -------- d-----w- c:\users\xxx\AppData\Local\gtk-2.0
2013-08-25 10:58 . 2013-08-25 10:58 -------- d-----w- c:\users\xxx\AppData\Roaming\PSpad
2013-08-25 09:00 . 2013-08-25 09:00 -------- d-----w- c:\users\xxx\AppData\Local\FileViewPro
2013-08-25 09:00 . 2013-08-25 09:00 -------- d-----w- c:\programdata\IsolatedStorage
2013-08-25 09:00 . 2013-08-25 09:00 -------- d-----w- c:\users\xxx\AppData\Roaming\IsolatedStorage
2013-08-25 08:59 . 2013-08-25 11:17 -------- d-----w- c:\users\xxx\AppData\Roaming\Solvusoft
2013-08-25 08:58 . 2013-08-27 09:41 -------- d-----w- C:\Spacekace
2013-08-25 08:53 . 2013-08-25 08:53 -------- d-----w- c:\users\xxx\.idlerc
2013-08-22 08:50 . 2013-08-22 08:50 -------- d-----w- c:\users\xxx\AppData\Local\TechSmith
2013-08-22 08:39 . 2013-08-22 08:39 -------- d-----w- c:\users\xxx\AppData\Roaming\TechSmith
2013-08-22 08:36 . 2013-08-22 08:36 -------- d-----w- c:\programdata\regid.1995-08.com.techsmith
2013-08-22 08:36 . 2013-08-22 08:36 -------- d-----w- c:\program files\QuickTime
2013-08-22 08:36 . 2013-08-22 08:36 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2013-08-22 08:36 . 2013-08-22 08:36 -------- d-----w- c:\programdata\TechSmith
2013-08-22 08:36 . 2013-08-22 08:36 -------- d-----w- c:\program files\TechSmith
2013-08-21 19:20 . 2013-08-21 19:20 -------- d-----w- c:\program files\FreeTime
2013-08-21 19:02 . 2013-08-21 19:12 -------- d-----w- c:\users\xxx\AppData\Local\WMTools Downloaded Files
2013-08-21 18:57 . 2013-08-21 18:57 -------- d-----w- c:\users\xxx\AppData\Local\FreemakeVideoConverter
2013-08-21 18:56 . 2013-08-21 18:57 -------- d-----w- c:\programdata\Freemake
2013-08-21 18:55 . 2013-08-21 18:56 -------- d-----w- c:\program files\Freemake
2013-08-19 20:19 . 2013-08-19 20:19 -------- d-----w- c:\users\xxx\AppData\Roaming\T-Mobile
2013-08-19 19:30 . 2013-08-19 19:49 -------- d-----w- c:\users\xxx\.android
2013-08-19 07:49 . 2013-08-19 07:49 -------- d-----w- c:\programdata\Gemfor
2013-08-19 07:45 . 2011-08-16 14:40 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-08-19 07:45 . 2011-08-16 14:40 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-08-19 07:45 . 2013-08-19 07:45 -------- d-----w- c:\program files\Huawei
2013-08-17 05:12 . 2013-08-17 05:12 -------- d-----w- c:\users\xxx\AppData\Roaming\stetic
2013-08-17 05:11 . 2013-08-17 05:12 -------- d-----w- c:\users\xxx\AppData\Roaming\MonoDevelop-Unity-2.8
2013-08-17 05:11 . 2013-08-17 05:12 -------- d-----w- c:\users\xxx\AppData\Local\MonoDevelop-Unity-2.8
2013-08-17 05:00 . 2013-08-17 05:00 -------- d-----w- c:\program files\qwined.org
2013-08-14 17:46 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 17:46 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 17:46 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 17:46 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 17:46 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 17:46 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 17:46 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 17:46 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 17:46 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 17:46 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 17:43 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 17:40 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 16:42 . 2013-08-14 16:42 -------- d-----w- c:\users\xxx\AppData\Roaming\Fighters
2013-08-14 16:41 . 2013-08-14 16:42 -------- d-----w- c:\programdata\Fighters
2013-08-14 15:35 . 2013-08-14 16:20 -------- d-----w- c:\users\xxx\AppData\Roaming\Blueberry
2013-08-14 15:34 . 2013-08-14 15:35 -------- d-----w- c:\users\xxx\AppData\Roaming\LogSys
2013-08-14 15:34 . 2013-08-14 15:34 -------- d-----w- c:\programdata\LogSys
2013-08-14 05:34 . 2013-08-14 05:34 -------- d-----w- c:\users\xxx\AppData\Local\Application Data
2013-08-14 05:34 . 2013-08-14 16:46 -------- d-----w- c:\program files\Seznam.cz
2013-08-14 05:31 . 2013-08-14 05:31 -------- d-----w- c:\users\xxx\AppData\Roaming\SMRecorder
2013-08-12 19:21 . 2013-08-12 19:21 -------- d-----w- c:\program files\Common Files\Apple
2013-08-12 19:21 . 2013-08-12 19:21 -------- d-----w- c:\users\xxx\AppData\Local\Apple
2013-08-12 19:21 . 2013-08-12 19:21 -------- d-----w- c:\program files\Apple Software Update
2013-08-12 19:21 . 2013-08-12 19:21 -------- d-----w- c:\programdata\Apple
2013-08-10 15:22 . 2013-08-10 15:22 -------- d-----w- c:\programdata\MetaQuotes
2013-08-09 20:59 . 2013-08-14 22:03 -------- d-----w- c:\windows\system32\MRT
2013-08-07 18:51 . 2013-08-08 09:49 -------- d-----w- c:\programdata\MGS
2013-08-07 18:51 . 2013-08-07 18:51 -------- d-----w- C:\Microgaming
2013-08-07 16:45 . 2013-08-07 16:45 -------- d-----w- c:\users\xxx\AppData\Local\{1F162E48-FB46-4E05-BA2F-175D314AA82A}
2013-08-07 10:53 . 2013-08-07 10:53 -------- d-----w- c:\windows\system32\Adobe
2013-08-06 11:05 . 2013-08-13 16:25 -------- d-----w- c:\program files\MAXON
2013-08-06 08:10 . 2013-08-06 08:16 -------- d-----w- c:\program files\Unity
2013-08-02 08:56 . 2013-08-02 08:56 -------- d-----w- c:\programdata\Bitstream
2013-07-31 19:40 . 2013-07-31 19:40 -------- d-----w- c:\users\xxx\AppData\Local\Stardock
2013-07-31 19:40 . 2013-07-31 19:40 -------- d-----w- c:\programdata\Stardock
2013-07-31 17:50 . 2013-08-02 06:35 -------- d-----w- c:\users\xxx\AppData\Roaming\Rainmeter
2013-07-31 17:50 . 2013-07-31 17:50 -------- d-----w- c:\program files\Rainmeter
2013-07-31 15:36 . 2013-08-27 09:02 -------- d-----w- c:\programdata\Package Cache
2013-07-31 14:13 . 2013-07-31 14:13 -------- d-----w- c:\users\xxx\AppData\Local\Frameworkx.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 08:03 . 2013-07-28 12:19 268968 ----a-w- c:\windows\system32\sqlite3.dll
2013-07-30 07:05 . 2013-03-12 08:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-30 07:05 . 2013-03-12 08:08 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-21 07:43 . 2013-07-21 07:43 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe
2013-07-21 07:43 . 2013-07-21 07:43 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-07-21 07:43 . 2013-07-21 07:43 4916224 ----a-w- c:\windows\system32\mstscax.dll
2013-07-21 07:43 . 2013-07-21 07:43 46592 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2013-07-21 07:43 . 2013-07-21 07:43 37376 ----a-w- c:\windows\system32\tsgqec.dll
2013-07-21 07:43 . 2013-07-21 07:43 32768 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2013-07-21 07:43 . 2013-07-21 07:43 317440 ----a-w- c:\windows\system32\wksprt.exe
2013-07-21 07:43 . 2013-07-21 07:43 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-07-21 07:43 . 2013-07-21 07:43 2739712 ----a-w- c:\windows\system32\rdpcorets.dll
2013-07-21 07:43 . 2013-07-21 07:43 269312 ----a-w- c:\windows\system32\aaclient.dll
2013-07-21 07:43 . 2013-07-21 07:43 221184 ----a-w- c:\windows\system32\rdpudd.dll
2013-07-21 07:43 . 2013-07-21 07:43 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2013-07-21 07:43 . 2013-07-21 07:43 16896 ----a-w- c:\windows\system32\wksprtPS.dll
2013-07-21 07:43 . 2013-07-21 07:43 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-07-21 07:43 . 2013-07-21 07:43 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-07-21 07:43 . 2013-07-21 07:43 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-07-21 07:43 . 2013-07-21 07:43 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-07-21 07:43 . 2013-07-21 07:43 1048064 ----a-w- c:\windows\system32\mstsc.exe
2013-07-21 07:42 . 2013-07-21 07:42 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-07-21 07:42 . 2013-07-21 07:42 247808 ----a-w- c:\windows\system32\schannel.dll
2013-07-21 07:42 . 2013-07-21 07:42 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-07-21 07:42 . 2013-07-21 07:42 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-07-21 07:41 . 2013-07-21 07:41 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-07-15 11:35 . 2013-07-15 11:36 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-15 11:35 . 2013-03-21 21:17 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-15 11:35 . 2013-03-21 21:17 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-15 10:58 . 2013-07-15 10:58 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-07-15 10:58 . 2013-07-15 10:58 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-07-15 10:58 . 2013-07-15 10:58 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-17 08:10 . 2013-06-17 08:10 30520 ----a-w- c:\windows\system32\midiwrap3405.deu
2013-06-05 03:05 . 2013-07-10 11:49 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 04:53 . 2013-07-10 11:49 509440 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile CManager"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2012-07-14 1841264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-05-21 11947080]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-7-21 37048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
start AMD Accelerated Video Transcoding device initialization [X]
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
R2 SecureUpdateSvc;SecureUpdate;c:\program files\Secure Speed Dial\IE\SecureUpdate.exe [2013-08-21 2460496]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1.sys [2012-12-13 24424]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-07-21 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-07-21 49664]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-06 1343400]
R3 WinRing0_1_2_0;WinRing0_1_2_0; [x]
R4 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-05-14 759048]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-16 217088]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-08-22 101888]
S2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2013-01-31 1724192]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2010-04-13 519912]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-11 242240]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-04-23 95616]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-04-23 76544]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-04-23 27520]
S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-04-23 202752]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [2012-11-16 10088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
MbnExt REG_MULTI_SZ MbnExt
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-29 18:26 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-12 07:05]
.
2013-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-12 12:07]
.
2013-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-12 12:07]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://google.apsolo.com
mWindow Title = Microsoft Internet Explorer
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Search Protection - c:\users\xxx\AppData\Roaming\Search Protection\uninstall.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2013-08-30 10:43:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-08-30 08:43
.
Před spuštěním: 7 713 554 432
Po spuštění: 8 081 440 768
.
- - End Of File - - B67C8B1EF31165A436116F1CF460F8FE
A36C5E4F47E84449FF07ED3517B43A31

Re: Nákaza - wuaudit.exe a rundll32.exe

Napsal: 30 srp 2013 15:52
od vyosek
Tak jeste uklidime :James008:

:arrow: Odinstalujte Combofix
  • Prejmenujte ComboFix na Uninstall
  • Spustte jej
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|

Re: Nákaza - wuaudit.exe a rundll32.exe

Napsal: 30 srp 2013 17:52
od tejt
Je dobré promlouvat s Bohem, ale promlouvat s živoucím, který opravdu poradí, je vzácné a k nezaplacení. :)
Díky moc. Mát (PC) to malou ,slabou plýnu, samy jste to viděli si myslím, ale i tak bych bez toho umřel.
Omlouvám se že nemůžu hned, ale po 10.9. vám přispěju na fórum za ty trable semnou. Nevím kolik, moc si nemůžu dovolit, ale něco jo.
Díky díky, z mojí strany také vše.

Super :thumbsup: :worship:

Re: Nákaza - wuaudit.exe a rundll32.exe

Napsal: 30 srp 2013 19:57
od vyosek
Nemate zac, rad jsem pomohl :worship: Zase nekdy Obrázek

Za podporu fora jmenem celeho teamu dekuji :thumbsup:

A na zaklade Pravidla o zamykani temat :lock:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz