Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Virus

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Camron
Návštěvník
Návštěvník
Příspěvky: 57
Registrován: 06 zář 2013 20:54

Virus

#1 Příspěvek od Camron »

Zdravím, mám takový problém.
Na FB (Facebook) mi přišel odkaz, já ocas na to samozřejmě kliknul on se během 1s stáhl (byla to fotka) a dal mi do PC vir hned jak jsem ho stáhl tak semi resetnul pc a začal se rozesílat všem ostatním..
Potom mi došel jiný odkaz a zase já vocas na to musel kliknout obže, proč já. :D
Potom jsem to projel programem HitmanPro a našel mi 3x Trojan smazal jsem se, potom jsem to projel Anti-malwarem našel náký 2 chyby tak jsem je smazal, potom pro kontrolu 2x rychlý test avastem, 1x Úplný test, nic nenašli.
Ale ten vir tam je..
- Seká se mi zvuk
-Seká se mi obraz
-Občas zamrzne internet nebo plocha..
- Kliknu na stránku a někdy to hodí chybu až to zkusím znovu
- Hry se mi sekají i zvuk v nich.
- To vše od té doby co jsem stáhl ty viry..
Teď po virech ani stopy, ale prostě je tam citím jinak by toto nedělalo..
Vše jsem ještě projel CCleanerem, vyčistil + registry.

Tu fotku jsem vlastně stáhl a potom vymazal a následně vysypal z koše.

Používám Avast.
Prosím pomozte mi.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119529
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Virus

#2 Příspěvek od Rudy »

Zdravím!
Dejte log RSIT: http://forum.viry.cz/viewtopic.php?f=24&t=130784 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Camron
Návštěvník
Návštěvník
Příspěvky: 57
Registrován: 06 zář 2013 20:54

Re: Virus

#3 Příspěvek od Camron »

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2013-09-07 12:03:08
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 51 GB (67%) free of 76 GB
Total RAM: 1014 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:03:27, on 7.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Broadcom Management Agent (BrcmMgmtAgent) - Broadcom Corporation - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: vToolbarUpdater15.4.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe

--
End of file - 6378 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-08-28 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG SafeGuard toolbar - C:\Program Files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll [2013-08-29 3086512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-08-28 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG SafeGuard toolbar - C:\Program Files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll [2013-08-29 3086512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"SDTray"=C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [2013-05-16 3830224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2013-04-15 337432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlimDrivers]
C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-07-10 29378880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\steam.exe [2013-07-27 1807272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2013-08-29 2285232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon]
SDWinLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Administrator\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\Administrator\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\LaRoXion MT2\trable.dll"="C:\Program Files\LaRoXion MT2\trable.dll:*:Enabled:trable"
"C:\Program Files\ASoft\AutoExit\AutoExit.exe"="C:\Program Files\ASoft\AutoExit\AutoExit.exe:*:Enabled:Public Release Version"
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-09-07 12:03:09 ----D---- C:\Program Files\trend micro
2013-09-07 12:03:07 ----D---- C:\rsit
2013-09-07 11:36:01 ----A---- C:\Documents and Settings\All Users\Data aplikací\SMRResults322.dat
2013-09-06 21:28:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2013-09-06 21:27:27 ----A---- C:\WINDOWS\system32\sdnclean.exe
2013-09-06 21:26:39 ----D---- C:\Program Files\Spybot - Search & Destroy 2
2013-09-06 14:16:06 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2013-09-06 14:15:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-09-06 14:15:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-09-06 14:15:11 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2013-09-05 19:47:37 ----A---- C:\WINDOWS\system32\igfxres.dll
2013-09-05 19:25:11 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2013-09-04 22:51:56 ----D---- C:\Documents and Settings\Administrator\Data aplikací\SlrPlugins
2013-09-01 23:44:23 ----D---- C:\Temp
2013-09-01 12:03:58 ----D---- C:\baf64bc283fc65c5eb7571
2013-08-31 15:35:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Caphyon
2013-08-31 15:34:13 ----D---- C:\Documents and Settings\Administrator\Data aplikací\LaRoXion
2013-08-31 15:19:22 ----D---- C:\WINDOWS\assembly
2013-08-31 15:18:18 ----D---- C:\WINDOWS\system32\en-US
2013-08-31 15:18:08 ----D---- C:\Program Files\Microsoft.NET
2013-08-31 15:18:04 ----D---- C:\WINDOWS\Microsoft.NET
2013-08-29 22:56:24 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2013-08-29 22:49:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG SafeGuard toolbar
2013-08-29 22:49:36 ----D---- C:\Documents and Settings\Administrator\Data aplikací\AVG SafeGuard toolbar
2013-08-29 22:49:26 ----A---- C:\WINDOWS\system32\drivers\avgtpx86.sys
2013-08-29 22:49:15 ----D---- C:\Program Files\Common Files\AVG Secure Search
2013-08-29 22:49:13 ----D---- C:\Program Files\AVG SafeGuard toolbar
2013-08-29 22:18:02 ----D---- C:\Program Files\Rockstar Games
2013-08-29 00:27:49 ----A---- C:\WINDOWS\system32\bootdelete.exe
2013-08-29 00:21:23 ----D---- C:\Program Files\HitmanPro
2013-08-29 00:20:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\HitmanPro
2013-08-28 19:24:59 ----D---- C:\Program Files\SystemRequirementsLab
2013-08-28 19:24:51 ----D---- C:\WINDOWS\Sun
2013-08-28 19:23:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2013-08-28 19:23:57 ----D---- C:\Program Files\Common Files\Java
2013-08-28 19:23:53 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2013-08-28 19:23:53 ----A---- C:\WINDOWS\system32\javaws.exe
2013-08-28 19:23:53 ----A---- C:\WINDOWS\system32\deployJava1.dll
2013-08-28 19:23:49 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-08-28 19:23:49 ----A---- C:\WINDOWS\system32\javaw.exe
2013-08-28 19:23:49 ----A---- C:\WINDOWS\system32\java.exe
2013-08-28 19:23:14 ----D---- C:\Program Files\Java
2013-08-28 19:22:24 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Sun
2013-08-25 23:54:53 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2013-08-25 23:54:53 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2013-08-25 23:54:52 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2013-08-25 23:54:51 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2013-08-25 23:54:50 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2013-08-25 23:54:50 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2013-08-25 23:54:50 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2013-08-25 23:54:49 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2013-08-25 23:54:49 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2013-08-25 23:54:48 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2013-08-25 23:54:48 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2013-08-25 23:54:48 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2013-08-25 23:54:47 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2013-08-25 23:54:46 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2013-08-25 23:54:46 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2013-08-25 23:54:42 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2013-08-25 23:54:42 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2013-08-25 23:54:42 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2013-08-25 23:54:41 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2013-08-25 23:54:40 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2013-08-25 23:54:40 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2013-08-25 23:54:39 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2013-08-25 23:54:39 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2013-08-25 23:54:39 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2013-08-25 23:54:38 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2013-08-25 23:54:38 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2013-08-25 23:54:37 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2013-08-25 23:54:37 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2013-08-25 23:54:36 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2013-08-25 23:54:35 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2013-08-25 23:54:35 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2013-08-25 23:54:35 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2013-08-25 23:54:35 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2013-08-25 23:54:33 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2013-08-25 23:54:31 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2013-08-25 23:54:31 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2013-08-25 23:54:31 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2013-08-25 23:54:30 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2013-08-25 23:54:29 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2013-08-25 23:54:29 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2013-08-25 23:54:29 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2013-08-25 23:54:28 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2013-08-25 23:54:28 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2013-08-25 23:54:27 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2013-08-25 23:54:26 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2013-08-25 23:54:26 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2013-08-25 23:54:25 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2013-08-25 23:54:24 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2013-08-25 23:54:23 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2013-08-25 23:54:23 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2013-08-25 23:54:22 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2013-08-25 23:54:21 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2013-08-25 23:54:20 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2013-08-25 23:54:20 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2013-08-25 23:54:19 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2013-08-25 23:54:19 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2013-08-25 23:54:19 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2013-08-25 23:54:18 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2013-08-25 23:54:18 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2013-08-25 23:54:17 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2013-08-25 23:54:16 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2013-08-25 23:54:15 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2013-08-25 23:54:14 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2013-08-25 23:54:14 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2013-08-25 23:54:11 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2013-08-25 23:54:11 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2013-08-25 23:54:10 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2013-08-25 23:54:09 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2013-08-25 23:54:09 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2013-08-25 23:54:09 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2013-08-25 23:54:08 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2013-08-25 23:54:07 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2013-08-25 23:54:07 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2013-08-25 23:54:06 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2013-08-25 23:54:06 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2013-08-25 23:54:05 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2013-08-25 23:54:05 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2013-08-25 23:54:04 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2013-08-25 23:54:04 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2013-08-25 23:54:03 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2013-08-25 23:54:02 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2013-08-25 23:54:02 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2013-08-25 23:54:01 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2013-08-25 23:54:00 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2013-08-25 23:53:56 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2013-08-24 20:05:17 ----N---- C:\WINDOWS\SchedLgU.Txt
2013-08-24 20:00:45 ----D---- C:\WINDOWS\system32\MRT
2013-08-24 19:59:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2013-08-24 19:49:08 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Apple Computer
2013-08-16 09:02:06 ----D---- C:\Program Files\GameforgeLive
2013-08-15 14:32:30 ----D---- C:\Documents and Settings\Administrator\Data aplikací\IObit
2013-08-15 14:30:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2013-08-15 14:30:40 ----D---- C:\Program Files\IObit
2013-08-14 20:16:48 ----D---- C:\WINDOWS\system32\cache
2013-08-14 15:43:56 ----D---- C:\Documents and Settings\Administrator\Data aplikací\LolClient
2013-08-14 15:43:51 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
2013-08-14 11:40:07 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2013-08-14 11:40:07 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2013-08-14 11:40:06 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2013-08-14 11:40:06 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2013-08-14 11:40:04 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2013-08-14 11:39:59 ----D---- C:\WINDOWS\Logs
2013-08-14 11:39:57 ----SHD---- C:\WINDOWS\system32\AI_RecycleBin
2013-08-14 11:37:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\PMB Files
2013-08-14 11:37:36 ----D---- C:\Program Files\Pando Networks
2013-08-14 11:36:44 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Riot Games
2013-08-11 22:38:25 ----D---- C:\WINDOWS\ie8updates
2013-08-11 22:37:52 ----D---- C:\WINDOWS\WBEM
2013-08-11 22:36:46 ----HDC---- C:\WINDOWS\ie8
2013-08-11 22:33:01 ----A---- C:\WINDOWS\system32\MRT.exe
2013-08-11 14:35:27 ----D---- C:\Documents and Settings\Administrator\Data aplikací\TeamViewer
2013-08-11 12:12:10 ----N---- C:\WINDOWS\system32\browserchoice.exe
2013-08-11 12:00:59 ----N---- C:\WINDOWS\system32\iacenc.dll
2013-08-11 11:56:23 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2013-08-11 11:14:28 ----D---- C:\WINDOWS\system32\PreInstall
2013-08-11 11:14:24 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2013-08-11 11:14:22 ----HD---- C:\WINDOWS\$hf_mig$
2013-08-11 11:14:00 ----N---- C:\WINDOWS\system32\spmsg.dll
2013-08-10 20:44:27 ----D---- C:\Program Files\Common Files\PC Tools
2013-08-10 20:44:24 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2013-08-10 20:41:53 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2013-08-10 20:33:20 ----D---- C:\Program Files\Common Files\Symantec Shared
2013-08-10 20:33:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2013-08-10 20:33:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2013-08-10 20:31:10 ----D---- C:\WINDOWS\system32\Adobe
2013-08-10 14:02:03 ----A---- C:\WINDOWS\system32\Baspxp32.dll
2013-08-10 14:00:16 ----D---- C:\WINDOWS\Dell
2013-08-10 13:55:37 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-08-10 13:55:36 ----A---- C:\WINDOWS\system32\CSVer.dll
2013-08-10 13:49:41 ----D---- C:\Program Files\SlimDrivers
2013-08-10 13:13:57 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2013-08-10 13:13:46 ----D---- C:\Program Files\Common Files\Skype
2013-08-10 13:13:44 ----RD---- C:\Program Files\Skype
2013-08-10 13:13:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-08-10 10:49:02 ----D---- C:\Intel
2013-08-10 10:47:57 ----D---- C:\Documents and Settings\Administrator\Data aplikací\WinRAR
2013-08-10 10:47:52 ----D---- C:\Program Files\WinRAR
2013-08-10 09:53:51 ----D---- C:\Program Files\Drivers Backup
2013-08-10 09:47:32 ----A---- C:\WINDOWS\system32\XceedCry.dll
2013-08-10 09:47:31 ----A---- C:\WINDOWS\system32\XCEEDZIP.DLL
2013-08-10 08:52:51 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2013-08-09 21:58:00 ----D---- C:\Program Files\CCleaner
2013-08-09 21:43:39 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Fighters
2013-08-09 21:42:08 ----D---- C:\WINDOWS\system32\appmgmt
2013-08-09 21:36:16 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2013-08-09 21:23:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\DriverGenius
2013-08-09 21:09:00 ----D---- C:\WINDOWS\Minidump
2013-08-09 20:08:44 ----D---- C:\Program Files\dumps
2013-08-09 20:08:05 ----D---- C:\Program Files\Common Files\Steam
2013-08-09 20:08:04 ----D---- C:\Program Files\Steam
2013-08-09 19:57:45 ----D---- C:\Program Files\Lavalys
2013-08-09 17:35:15 ----D---- C:\Documents and Settings\Administrator\Data aplikací\PowerISO
2013-08-09 17:33:46 ----D---- C:\Program Files\PowerISO
2013-08-09 17:22:35 ----A---- C:\WINDOWS\system32\wpa.bak
2013-08-09 17:05:42 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2013-08-09 15:50:23 ----D---- C:\Documents and Settings\Administrator\Data aplikací\TS3Client
2013-08-09 15:49:41 ----D---- C:\Program Files\TeamSpeak 3 Client
2013-08-09 14:54:09 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2013-08-09 14:54:09 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2013-08-09 14:54:08 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2013-08-09 14:54:07 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2013-08-09 14:54:07 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2013-08-09 14:54:06 ----A---- C:\WINDOWS\system32\drivers\aswVmm.sys
2013-08-09 14:54:05 ----A---- C:\WINDOWS\system32\drivers\aswRvrt.sys
2013-08-09 14:54:04 ----A---- C:\WINDOWS\system32\drivers\aswMonFlt.sys
2013-08-09 14:54:04 ----A---- C:\WINDOWS\system32\aswBoot.exe
2013-08-09 14:53:23 ----A---- C:\WINDOWS\avastSS.scr
2013-08-09 14:52:39 ----D---- C:\Program Files\AVAST Software
2013-08-09 14:49:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2013-08-09 14:36:31 ----D---- C:\Program Files\Google
2013-08-09 14:29:28 ----D---- C:\Program Files\Broadcom
2013-08-09 14:17:09 ----A---- C:\WINDOWS\system32\hidserv.dll
2013-08-09 14:16:58 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys

======List of files/folders modified in the last 1 month======

2013-09-07 12:03:16 ----D---- C:\WINDOWS\Prefetch
2013-09-07 12:03:09 ----RD---- C:\Program Files
2013-09-07 11:54:40 ----D---- C:\WINDOWS\Temp
2013-09-07 11:54:40 ----D---- C:\WINDOWS
2013-09-07 11:54:01 ----D---- C:\WINDOWS\system32\drivers
2013-09-07 11:37:21 ----D---- C:\WINDOWS\system32\CatRoot2
2013-09-07 11:36:18 ----RASH---- C:\boot.ini
2013-09-06 21:28:43 ----SD---- C:\WINDOWS\Tasks
2013-09-06 21:27:59 ----D---- C:\WINDOWS\system32\config
2013-09-06 21:27:57 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2013-09-06 21:27:27 ----D---- C:\WINDOWS\system32
2013-09-05 19:52:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-09-05 19:52:47 ----HD---- C:\WINDOWS\inf
2013-09-05 19:52:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2013-09-05 19:09:13 ----D---- C:\WINDOWS\system32\CatRoot
2013-09-05 19:08:38 ----D---- C:\WINDOWS\system
2013-09-05 19:08:15 ----D---- C:\WINDOWS\VirtualEar
2013-09-01 13:48:13 ----SHD---- C:\WINDOWS\Installer
2013-09-01 13:42:21 ----D---- C:\WINDOWS\WinSxS
2013-09-01 13:42:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-31 15:30:56 ----D---- C:\WINDOWS\system32\cs-cz
2013-08-31 15:18:06 ----D---- C:\WINDOWS\system32\mui
2013-08-29 22:49:15 ----D---- C:\Program Files\Common Files
2013-08-29 22:43:15 ----A---- C:\WINDOWS\win.ini
2013-08-29 22:18:02 ----HD---- C:\Program Files\InstallShield Installation Information
2013-08-26 20:40:07 ----D---- C:\WINDOWS\Debug
2013-08-25 23:54:55 ----D---- C:\WINDOWS\system32\DirectX
2013-08-24 20:03:09 ----D---- C:\Program Files\Internet Explorer
2013-08-12 17:54:34 ----D---- C:\WINDOWS\Help
2013-08-12 17:54:33 ----D---- C:\WINDOWS\system32\wbem
2013-08-12 17:54:33 ----D---- C:\WINDOWS\AppPatch
2013-08-11 22:37:43 ----D---- C:\WINDOWS\Media
2013-08-11 22:31:15 ----D---- C:\Program Files\Messenger
2013-08-11 22:20:47 ----D---- C:\Program Files\Outlook Express
2013-08-11 22:20:18 ----D---- C:\Program Files\Movie Maker
2013-08-10 13:44:48 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2013-08-10 08:53:01 ----D---- C:\WINDOWS\SoftwareDistribution
2013-08-09 16:25:31 ----SHD---- C:\RECYCLER
2013-08-09 14:53:53 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-08-09 14:29:04 ----D---- C:\Program Files\Common Files\InstallShield
2013-08-09 14:25:02 ----SHD---- C:\System Volume Information
2013-08-09 14:18:00 ----D---- C:\WINDOWS\Registration
2013-08-09 14:17:32 ----D---- C:\WINDOWS\security

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-05-09 49376]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-08-09 175176]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-05-09 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-08-09 770344]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-08-09 369584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-05-09 56080]
R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2013-04-15 113608]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\MgmtAgent\BASFND.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2012-05-24 239928]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Blfp;Broadcom Advanced Server Program Driver; C:\WINDOWS\system32\DRIVERS\baspxp32.sys [2011-06-15 90624]
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 BrcmMgmtAgent;Broadcom Management Agent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2012-08-02 154624]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-08-28 182184]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-05-16 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-05-16 1033688]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [2013-08-29 1616048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-09 116648]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-05-15 171928]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-07-25 162672]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-09 116648]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-18 754856]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Ještě tam byl jeden, dám i ten pro jistotu.

Source Name: Service Control Manager
Time Written: 20130902155230.000000+120
Event Type: Informace
User:

Computer Name: PATRIK
Event Code: 9
Message: Broadcom NetXtreme 57xx Gigabit Controller: Network controller configured for 100Mb full-duplex link.

Record Number: 4
Source Name: b57w2k
Time Written: 20130902155205.000000+120
Event Type: Informace
User:

Computer Name: PATRIK
Event Code: 15
Message: Broadcom NetXtreme 57xx Gigabit Controller: Driver initialized successfully.

Record Number: 3
Source Name: b57w2k
Time Written: 20130902155205.000000+120
Event Type: Informace
User:

Computer Name: PATRIK
Event Code: 6005
Message: Služba Event Log byla spuštěna.

Record Number: 2
Source Name: EventLog
Time Written: 20130902155146.000000+120
Event Type: Informace
User:

Computer Name: PATRIK
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20130902155146.000000+120
Event Type: Informace
User:

=====Application event log=====

Computer Name: PATRIK
Event Code: 101
Message: Service stopped.

Record Number: 409
Source Name: SkypeUpdate
Time Written: 20130823111406.000000+120
Event Type: Informace
User:

Computer Name: PATRIK
Event Code: 103
Message: SkypeUpdate service is shutting down due to idle timeout.

Record Number: 408
Source Name: SkypeUpdate
Time Written: 20130823111405.000000+120
Event Type: Informace
User:

Computer Name: PATRIK
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 407
Source Name: SecurityCenter
Time Written: 20130823111236.000000+120
Event Type: Informace
User:

Computer Name: PATRIK
Event Code: 100
Message: Service started.

Record Number: 406
Source Name: SkypeUpdate
Time Written: 20130823111205.000000+120
Event Type: Informace
User:

Computer Name: PATRIK
Event Code: 0
Message:
Record Number: 405
Source Name: gupdate
Time Written: 20130823111204.000000+120
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119529
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Virus

#4 Příspěvek od Rudy »

Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Camron
Návštěvník
Návštěvník
Příspěvky: 57
Registrován: 06 zář 2013 20:54

Re: Virus

#5 Příspěvek od Camron »

ComboFix 13-09-06.01 - Administrator 07.09.2013 13:08:20.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.556 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\7c5e24efe773d644.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\frapsvid.dll
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-07 do 2013-09-07 )))))))))))))))))))))))))))))))
.
.
2013-09-07 10:03 . 2013-09-07 10:03 -------- d-----w- c:\program files\trend micro
2013-09-07 10:03 . 2013-09-07 10:03 -------- d-----w- C:\rsit
2013-09-06 20:21 . 2013-09-07 09:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\NPE
2013-09-06 19:27 . 2009-01-25 11:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-09-06 19:26 . 2013-09-06 19:27 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-09-06 12:16 . 2013-09-06 12:16 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2013-09-06 12:15 . 2013-09-06 12:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-06 12:15 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-05 17:47 . 2006-03-23 19:12 139264 ----a-w- c:\windows\system32\igfxres.dll
2013-09-05 17:25 . 2011-06-21 09:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2013-09-04 20:51 . 2013-09-04 20:51 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SlrPlugins
2013-09-01 21:44 . 2013-09-01 21:44 -------- d-----w- C:\Temp
2013-09-01 10:03 . 2013-09-01 10:04 -------- d-----w- C:\baf64bc283fc65c5eb7571
2013-08-31 13:34 . 2013-08-31 13:34 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\LaRoXion
2013-08-31 13:18 . 2013-08-31 13:18 -------- d-----w- c:\program files\Microsoft.NET
2013-08-29 20:49 . 2013-08-29 20:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\AVG Secure Search
2013-08-29 20:49 . 2013-08-29 20:49 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\AVG SafeGuard toolbar
2013-08-29 20:49 . 2013-08-29 20:48 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-08-29 20:49 . 2013-08-29 20:49 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-08-29 20:49 . 2013-08-29 20:49 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-08-29 20:18 . 2013-08-29 20:18 -------- d-----w- c:\program files\Rockstar Games
2013-08-28 23:17 . 2013-08-28 23:17 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2013-08-28 22:27 . 2013-09-05 15:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-08-28 22:21 . 2013-08-28 22:21 -------- d-----w- c:\program files\HitmanPro
2013-08-28 22:04 . 2013-08-28 22:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\BACS
2013-08-28 17:24 . 2013-08-28 17:25 -------- d-----w- c:\program files\SystemRequirementsLab
2013-08-28 17:24 . 2013-08-28 17:24 -------- d-----w- c:\documents and settings\Administrator\SystemRequirementsLab
2013-08-28 17:24 . 2013-08-28 17:24 -------- d-----w- c:\windows\Sun
2013-08-28 17:24 . 2013-08-28 17:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Sun
2013-08-28 17:23 . 2013-08-28 17:23 -------- d-----w- c:\program files\Common Files\Java
2013-08-28 17:23 . 2013-08-28 17:23 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-28 17:23 . 2013-08-28 17:23 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-28 17:23 . 2013-08-28 17:23 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-28 17:23 . 2013-08-28 17:23 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-28 17:23 . 2013-08-28 17:23 -------- d-----w- c:\program files\Java
2013-08-25 17:48 . 2013-08-25 17:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-08-24 18:00 . 2013-08-24 18:02 -------- d-----w- c:\windows\system32\MRT
2013-08-24 17:49 . 2013-08-24 17:49 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Apple Computer
2013-08-16 07:02 . 2013-08-16 07:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Gameforge4d
2013-08-16 07:02 . 2013-08-28 17:47 -------- d-----w- c:\program files\GameforgeLive
2013-08-15 12:32 . 2013-08-15 12:32 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\IObit
2013-08-15 12:30 . 2013-08-15 12:32 -------- d-----w- c:\program files\IObit
2013-08-14 13:43 . 2013-08-14 13:43 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\LolClient
2013-08-14 09:40 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2013-08-14 09:40 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2013-08-14 09:40 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2013-08-14 09:40 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2013-08-14 09:40 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2013-08-14 09:39 . 2013-08-26 18:40 -------- d-----w- c:\windows\Logs
2013-08-14 09:39 . 2013-08-31 17:07 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-08-14 09:37 . 2013-08-15 14:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\PMB Files
2013-08-14 09:37 . 2013-08-14 09:37 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2013-08-14 09:37 . 2013-08-14 09:37 -------- d-----w- c:\program files\Pando Networks
2013-08-14 09:36 . 2013-08-14 09:37 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Riot Games
2013-08-12 15:55 . 2013-08-12 15:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-08-12 15:54 . 2013-08-12 15:54 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-08-11 20:39 . 2013-07-26 02:48 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-08-11 20:38 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-08-11 20:38 . 2013-07-26 02:49 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-08-11 20:38 . 2013-07-26 02:48 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-08-11 20:38 . 2013-07-26 02:48 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-08-11 20:38 . 2013-07-26 02:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-08-11 20:38 . 2013-07-26 02:48 2005504 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-08-11 20:38 . 2013-07-26 02:48 11113472 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-08-11 20:38 . 2013-07-26 02:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-08-11 20:36 . 2013-08-11 20:38 -------- dc-h--w- c:\windows\ie8
2013-08-11 12:35 . 2013-08-11 13:04 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\TeamViewer
2013-08-11 10:17 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-08-11 10:15 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-08-11 10:12 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2013-08-11 10:04 . 2013-07-04 07:34 2195712 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2013-08-11 10:04 . 2013-07-04 07:34 2151936 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2013-08-11 10:04 . 2013-07-04 07:33 2030592 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2013-08-11 10:04 . 2013-07-04 07:34 2072320 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2013-08-11 10:00 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-08-11 10:00 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2013-08-11 09:56 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2013-08-11 09:56 . 2008-06-14 17:35 272128 ------w- c:\windows\system32\drivers\bthport.sys
2013-08-11 09:36 . 2009-11-27 16:09 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2013-08-11 09:36 . 2009-11-27 16:09 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2013-08-11 09:14 . 2009-01-07 16:20 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2013-08-11 09:14 . 2013-08-24 17:54 -------- d--h--w- c:\windows\$hf_mig$
2013-08-10 18:44 . 2013-08-13 20:26 -------- d-----w- c:\program files\Common Files\PC Tools
2013-08-10 18:33 . 2013-08-13 20:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-08-10 18:31 . 2013-08-10 18:31 -------- d-----w- c:\windows\system32\Adobe
2013-08-10 12:02 . 2011-06-15 08:42 89600 ----a-w- c:\windows\system32\Baspxp32.dll
2013-08-10 12:00 . 2013-08-10 12:00 -------- d-----w- c:\windows\Dell
2013-08-10 11:59 . 2013-08-10 11:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Downloaded Installations
2013-08-10 11:55 . 2013-08-10 12:02 -------- dc----w- c:\windows\system32\DRVSTORE
2013-08-10 11:55 . 2000-01-01 00:00 53248 ----a-w- c:\windows\system32\CSVer.dll
2013-08-10 11:49 . 2013-08-29 20:48 -------- d-----w- c:\program files\SlimDrivers
2013-08-10 11:44 . 2013-08-10 11:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Identities
2013-08-10 11:13 . 2013-09-06 13:49 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Skype
2013-08-10 11:13 . 2013-08-10 11:13 -------- d-----w- c:\program files\Common Files\Skype
2013-08-10 11:13 . 2013-08-10 11:13 -------- d-----r- c:\program files\Skype
2013-08-10 08:49 . 2013-08-10 08:49 -------- d-----w- C:\Intel
2013-08-10 07:53 . 2013-08-10 07:53 -------- d-----w- c:\program files\Drivers Backup
2013-08-10 07:47 . 2011-02-08 12:58 1882104 ----a-w- c:\windows\system32\Codejock.Controls.v15.0.1.ocx
2013-08-10 07:47 . 2004-09-28 09:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2013-08-10 07:47 . 2004-08-11 13:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2013-08-10 07:47 . 2005-01-12 09:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2013-08-10 07:47 . 2004-03-08 22:00 132880 ----a-w- c:\windows\system32\Msinet.ocx
2013-08-10 07:47 . 2004-03-08 22:00 1081616 ----a-w- c:\windows\system32\Mscomctl.ocx
2013-08-10 07:47 . 2004-03-08 22:00 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
2013-08-09 19:58 . 2013-08-09 19:58 -------- d-----w- c:\program files\CCleaner
2013-08-09 19:43 . 2013-08-29 20:46 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Fighters
2013-08-09 19:37 . 2013-08-09 19:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\SlimWare Utilities Inc
2013-08-09 18:08 . 2013-08-09 18:08 -------- d-----w- c:\program files\dumps
2013-08-09 18:08 . 2013-08-09 18:08 -------- d-----w- c:\documents and settings\All Users\Nabdka Start
2013-08-09 18:08 . 2013-08-09 18:08 -------- d-----w- c:\program files\Common Files\Steam
2013-08-09 18:08 . 2013-08-27 17:38 -------- d-----w- c:\program files\Steam
2013-08-09 17:57 . 2013-08-09 17:57 -------- d-----w- c:\program files\Lavalys
2013-08-09 15:45 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-08-09 15:45 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-08-09 15:45 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-08-09 15:45 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-08-09 15:45 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-08-09 15:45 . 2013-08-09 15:45 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-08-09 15:45 . 2013-08-09 15:45 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-08-09 15:35 . 2013-08-09 15:35 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\PowerISO
2013-08-09 15:33 . 2013-08-09 15:33 -------- d-----w- c:\program files\PowerISO
2013-08-09 15:05 . 2013-08-30 10:31 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\uTorrent
2013-08-09 13:50 . 2013-09-07 09:56 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\TS3Client
2013-08-09 13:49 . 2013-08-09 13:49 -------- d-----w- c:\program files\TeamSpeak 3 Client
2013-08-09 12:54 . 2013-08-09 12:54 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-31 00:41 . 2008-04-14 06:52 810496 ----a-w- c:\windows\system32\wmvdmod.dll
2013-07-26 02:49 . 2008-04-14 06:52 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:48 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-26 02:48 . 2008-04-14 06:51 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-25 15:52 . 2008-04-14 05:50 385024 ------w- c:\windows\system32\html.iec
2013-07-10 10:37 . 2008-04-14 06:52 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:34 . 2008-04-14 08:06 2072320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-04 07:34 . 2008-04-14 06:07 2195712 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-08-29 20:48 3086512 ----a-w- c:\program files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll" [2013-08-29 3086512]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\documents and settings\Administrator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\documents and settings\Administrator\Dokumenty
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\documents and settings\Administrator\Dokumenty\Downloads
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-23 19:13 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-23 19:17 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-23 19:17 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2013-04-15 09:50 337432 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlimDrivers]
2013-07-10 06:58 29378880 ----a-w- c:\program files\SlimDrivers\SlimDrivers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 13:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-07-26 22:46 1807272 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2013-08-29 20:48 2285232 ----a-w- c:\program files\AVG SafeGuard toolbar\vprot.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Administrator\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57221:TCP"= 57221:TCP:Pando Media Booster
"57221:UDP"= 57221:UDP:Pando Media Booster
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [9.8.2013 14:54 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [9.8.2013 14:54 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9.8.2013 14:54 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.8.2013 14:54 369584]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [29.8.2013 22:49 37664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.8.2013 14:54 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [9.8.2013 14:54 66336]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2.8.2012 18:30 154624]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [6.9.2013 21:27 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [6.9.2013 21:27 1033688]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [29.8.2013 22:49 1616048]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6.9.2013 14:15 701512]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [6.9.2013 21:27 171928]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [25.7.2013 9:40 162672]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2.6.2011 11:08 11336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6.9.2013 14:15 22856]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - BASFND
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 22:06 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-28 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-09 08:58]
.
2013-09-07 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-06 08:58]
.
2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-09 12:36]
.
2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-09 12:36]
.
2013-09-06 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-06 08:57]
.
2013-09-06 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-09-06 08:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = localhost:21320
TCP: DhcpNameServer = 62.129.50.20 85.135.32.100
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-LaRoXion_2013 - c:\documents and settings\Administrator\Dokumenty\Downloads\LaRoXion_2013.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-07 13:20
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3677025366-2327790419-4192687133-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,94,fd,a2,17,b0,e7,44,84,a8,13,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,94,fd,a2,17,b0,e7,44,84,a8,13,\
.
Celkový čas: 2013-09-07 13:22:32
ComboFix-quarantined-files.txt 2013-09-07 11:22
.
Před spuštěním: Volných bajtů: 53 687 709 696
Po spuštění: Volných bajtů: 53 645 410 304
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E2939B9C593507E4891A46479F8DBCF9
413FC2A0C716421B3158746D63736515
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119529
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Virus

#6 Příspěvek od Rudy »

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

RegLock:
[HKEY_USERS\S-1-5-21-3677025366-2327790419-4192687133-500\Software\Microsoft\Internet Explorer\User Preferences]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Camron
Návštěvník
Návštěvník
Příspěvky: 57
Registrován: 06 zář 2013 20:54

Re: Virus

#7 Příspěvek od Camron »

Udělal jsem to, dalo mi to zase log, dám ho zde.


ComboFix 13-09-06.01 - Administrator 07.09.2013 14:23:05.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.686 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-07 do 2013-09-07 )))))))))))))))))))))))))))))))
.
.
2013-09-07 10:03 . 2013-09-07 10:03 -------- d-----w- c:\program files\trend micro
2013-09-07 10:03 . 2013-09-07 10:03 -------- d-----w- C:\rsit
2013-09-06 20:21 . 2013-09-07 09:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\NPE
2013-09-06 19:27 . 2009-01-25 11:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-09-06 19:26 . 2013-09-06 19:27 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-09-06 12:16 . 2013-09-06 12:16 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2013-09-06 12:15 . 2013-09-06 12:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-06 12:15 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-05 17:47 . 2006-03-23 19:12 139264 ----a-w- c:\windows\system32\igfxres.dll
2013-09-05 17:25 . 2011-06-21 09:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2013-09-04 20:51 . 2013-09-04 20:51 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SlrPlugins
2013-09-01 21:44 . 2013-09-01 21:44 -------- d-----w- C:\Temp
2013-09-01 10:03 . 2013-09-01 10:04 -------- d-----w- C:\baf64bc283fc65c5eb7571
2013-08-31 13:34 . 2013-08-31 13:34 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\LaRoXion
2013-08-31 13:18 . 2013-08-31 13:18 -------- d-----w- c:\program files\Microsoft.NET
2013-08-29 20:49 . 2013-08-29 20:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\AVG Secure Search
2013-08-29 20:49 . 2013-08-29 20:49 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\AVG SafeGuard toolbar
2013-08-29 20:49 . 2013-08-29 20:48 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-08-29 20:49 . 2013-08-29 20:49 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-08-29 20:49 . 2013-08-29 20:49 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-08-29 20:18 . 2013-08-29 20:18 -------- d-----w- c:\program files\Rockstar Games
2013-08-28 23:17 . 2013-08-28 23:17 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2013-08-28 22:27 . 2013-09-05 15:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-08-28 22:21 . 2013-08-28 22:21 -------- d-----w- c:\program files\HitmanPro
2013-08-28 22:04 . 2013-08-28 22:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\BACS
2013-08-28 17:24 . 2013-08-28 17:25 -------- d-----w- c:\program files\SystemRequirementsLab
2013-08-28 17:24 . 2013-08-28 17:24 -------- d-----w- c:\documents and settings\Administrator\SystemRequirementsLab
2013-08-28 17:24 . 2013-08-28 17:24 -------- d-----w- c:\windows\Sun
2013-08-28 17:24 . 2013-08-28 17:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Sun
2013-08-28 17:23 . 2013-08-28 17:23 -------- d-----w- c:\program files\Common Files\Java
2013-08-28 17:23 . 2013-08-28 17:23 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-28 17:23 . 2013-08-28 17:23 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-28 17:23 . 2013-08-28 17:23 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-28 17:23 . 2013-08-28 17:23 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-28 17:23 . 2013-08-28 17:23 -------- d-----w- c:\program files\Java
2013-08-25 17:48 . 2013-08-25 17:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-08-24 18:00 . 2013-08-24 18:02 -------- d-----w- c:\windows\system32\MRT
2013-08-24 17:49 . 2013-08-24 17:49 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Apple Computer
2013-08-16 07:02 . 2013-08-16 07:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Gameforge4d
2013-08-16 07:02 . 2013-08-28 17:47 -------- d-----w- c:\program files\GameforgeLive
2013-08-15 12:32 . 2013-08-15 12:32 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\IObit
2013-08-15 12:30 . 2013-08-15 12:32 -------- d-----w- c:\program files\IObit
2013-08-14 13:43 . 2013-08-14 13:43 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\LolClient
2013-08-14 09:40 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2013-08-14 09:40 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2013-08-14 09:40 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2013-08-14 09:40 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2013-08-14 09:40 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2013-08-14 09:39 . 2013-08-26 18:40 -------- d-----w- c:\windows\Logs
2013-08-14 09:39 . 2013-08-31 17:07 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-08-14 09:37 . 2013-08-15 14:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\PMB Files
2013-08-14 09:37 . 2013-08-14 09:37 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2013-08-14 09:37 . 2013-08-14 09:37 -------- d-----w- c:\program files\Pando Networks
2013-08-14 09:36 . 2013-08-14 09:37 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Riot Games
2013-08-12 15:55 . 2013-08-12 15:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-08-12 15:54 . 2013-08-12 15:54 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-08-11 20:39 . 2013-07-26 02:48 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-08-11 20:38 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-08-11 20:38 . 2013-07-26 02:49 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-08-11 20:38 . 2013-07-26 02:48 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-08-11 20:38 . 2013-07-26 02:48 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-08-11 20:38 . 2013-07-26 02:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-08-11 20:38 . 2013-07-26 02:48 2005504 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-08-11 20:38 . 2013-07-26 02:48 11113472 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-08-11 20:38 . 2013-07-26 02:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-08-11 20:36 . 2013-08-11 20:38 -------- dc-h--w- c:\windows\ie8
2013-08-11 12:35 . 2013-08-11 13:04 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\TeamViewer
2013-08-11 10:17 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-08-11 10:15 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-08-11 10:12 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2013-08-11 10:04 . 2013-07-04 07:34 2195712 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2013-08-11 10:04 . 2013-07-04 07:34 2151936 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2013-08-11 10:04 . 2013-07-04 07:33 2030592 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2013-08-11 10:04 . 2013-07-04 07:34 2072320 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2013-08-11 10:00 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-08-11 10:00 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2013-08-11 09:56 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2013-08-11 09:56 . 2008-06-14 17:35 272128 ------w- c:\windows\system32\drivers\bthport.sys
2013-08-11 09:36 . 2009-11-27 16:09 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2013-08-11 09:36 . 2009-11-27 16:09 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2013-08-11 09:14 . 2009-01-07 16:20 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2013-08-11 09:14 . 2013-08-24 17:54 -------- d--h--w- c:\windows\$hf_mig$
2013-08-10 18:44 . 2013-08-13 20:26 -------- d-----w- c:\program files\Common Files\PC Tools
2013-08-10 18:33 . 2013-08-13 20:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-08-10 18:31 . 2013-08-10 18:31 -------- d-----w- c:\windows\system32\Adobe
2013-08-10 12:02 . 2011-06-15 08:42 89600 ----a-w- c:\windows\system32\Baspxp32.dll
2013-08-10 12:00 . 2013-08-10 12:00 -------- d-----w- c:\windows\Dell
2013-08-10 11:59 . 2013-08-10 11:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Downloaded Installations
2013-08-10 11:55 . 2013-08-10 12:02 -------- dc----w- c:\windows\system32\DRVSTORE
2013-08-10 11:55 . 2000-01-01 00:00 53248 ----a-w- c:\windows\system32\CSVer.dll
2013-08-10 11:49 . 2013-08-29 20:48 -------- d-----w- c:\program files\SlimDrivers
2013-08-10 11:44 . 2013-08-10 11:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Identities
2013-08-10 11:13 . 2013-09-06 13:49 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Skype
2013-08-10 11:13 . 2013-08-10 11:13 -------- d-----w- c:\program files\Common Files\Skype
2013-08-10 11:13 . 2013-08-10 11:13 -------- d-----r- c:\program files\Skype
2013-08-10 08:49 . 2013-08-10 08:49 -------- d-----w- C:\Intel
2013-08-10 07:53 . 2013-08-10 07:53 -------- d-----w- c:\program files\Drivers Backup
2013-08-10 07:47 . 2011-02-08 12:58 1882104 ----a-w- c:\windows\system32\Codejock.Controls.v15.0.1.ocx
2013-08-10 07:47 . 2004-09-28 09:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2013-08-10 07:47 . 2004-08-11 13:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2013-08-10 07:47 . 2005-01-12 09:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2013-08-10 07:47 . 2004-03-08 22:00 132880 ----a-w- c:\windows\system32\Msinet.ocx
2013-08-10 07:47 . 2004-03-08 22:00 1081616 ----a-w- c:\windows\system32\Mscomctl.ocx
2013-08-10 07:47 . 2004-03-08 22:00 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
2013-08-09 19:58 . 2013-08-09 19:58 -------- d-----w- c:\program files\CCleaner
2013-08-09 19:43 . 2013-08-29 20:46 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Fighters
2013-08-09 19:37 . 2013-08-09 19:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\SlimWare Utilities Inc
2013-08-09 18:08 . 2013-08-09 18:08 -------- d-----w- c:\program files\dumps
2013-08-09 18:08 . 2013-08-09 18:08 -------- d-----w- c:\documents and settings\All Users\Nabdka Start
2013-08-09 18:08 . 2013-08-09 18:08 -------- d-----w- c:\program files\Common Files\Steam
2013-08-09 18:08 . 2013-08-27 17:38 -------- d-----w- c:\program files\Steam
2013-08-09 17:57 . 2013-08-09 17:57 -------- d-----w- c:\program files\Lavalys
2013-08-09 15:45 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-08-09 15:45 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-08-09 15:45 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-08-09 15:45 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-08-09 15:45 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-08-09 15:45 . 2013-08-09 15:45 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-08-09 15:45 . 2013-08-09 15:45 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-08-09 15:35 . 2013-08-09 15:35 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\PowerISO
2013-08-09 15:33 . 2013-08-09 15:33 -------- d-----w- c:\program files\PowerISO
2013-08-09 15:05 . 2013-08-30 10:31 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\uTorrent
2013-08-09 13:50 . 2013-09-07 09:56 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\TS3Client
2013-08-09 13:49 . 2013-08-09 13:49 -------- d-----w- c:\program files\TeamSpeak 3 Client
2013-08-09 12:54 . 2013-08-09 12:54 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-31 00:41 . 2008-04-14 06:52 810496 ----a-w- c:\windows\system32\wmvdmod.dll
2013-07-26 02:49 . 2008-04-14 06:52 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:48 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-26 02:48 . 2008-04-14 06:51 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-25 15:52 . 2008-04-14 05:50 385024 ------w- c:\windows\system32\html.iec
2013-07-10 10:37 . 2008-04-14 06:52 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:34 . 2008-04-14 08:06 2072320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-04 07:34 . 2008-04-14 06:07 2195712 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-08-29 20:48 3086512 ----a-w- c:\program files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll" [2013-08-29 3086512]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-23 19:13 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-23 19:17 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-23 19:17 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2013-04-15 09:50 337432 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlimDrivers]
2013-07-10 06:58 29378880 ----a-w- c:\program files\SlimDrivers\SlimDrivers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 13:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-07-26 22:46 1807272 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2013-08-29 20:48 2285232 ----a-w- c:\program files\AVG SafeGuard toolbar\vprot.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Administrator\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57221:TCP"= 57221:TCP:Pando Media Booster
"57221:UDP"= 57221:UDP:Pando Media Booster
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [9.8.2013 14:54 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [9.8.2013 14:54 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9.8.2013 14:54 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.8.2013 14:54 369584]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [29.8.2013 22:49 37664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.8.2013 14:54 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [9.8.2013 14:54 66336]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2.8.2012 18:30 154624]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [6.9.2013 21:27 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [6.9.2013 21:27 1033688]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [29.8.2013 22:49 1616048]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6.9.2013 14:15 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6.9.2013 14:15 701512]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [6.9.2013 21:27 171928]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [25.7.2013 9:40 162672]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2.6.2011 11:08 11336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 22:06 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-28 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-09 08:58]
.
2013-09-07 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-06 08:58]
.
2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-09 12:36]
.
2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-09 12:36]
.
2013-09-06 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-06 08:57]
.
2013-09-06 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-09-06 08:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = localhost:21320
TCP: DhcpNameServer = 62.129.50.20 85.135.32.100
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-07 14:39
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3677025366-2327790419-4192687133-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,94,fd,a2,17,b0,e7,44,84,a8,13,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,94,fd,a2,17,b0,e7,44,84,a8,13,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3832)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2013-09-07 14:43:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-07 12:43
ComboFix2.txt 2013-09-07 11:22
.
Před spuštěním: Volných bajtů: 53 605 158 912
Po spuštění: Volných bajtů: 53 600 436 224
.
- - End Of File - - 29E77E7938B6A116B852605E9E69013F
413FC2A0C716421B3158746D63736515
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119529
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Virus

#8 Příspěvek od Rudy »

Log je již OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Camron
Návštěvník
Návštěvník
Příspěvky: 57
Registrován: 06 zář 2013 20:54

Re: Virus

#9 Příspěvek od Camron »

Mám pocit že mám o něco rychlejší pc, start a tak.
Ale ten zvuk se pořád seká..
Ve hře jak zvuk tak i obraz se mi seká..:/
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119529
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Virus

#10 Příspěvek od Rudy »

Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Camron
Návštěvník
Návštěvník
Příspěvky: 57
Registrován: 06 zář 2013 20:54

Re: Virus

#11 Příspěvek od Camron »

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2013-09-07 21:08:14
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 51 GB (67%) free of 76 GB
Total RAM: 1014 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:08:18, on 7.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Broadcom Management Agent (BrcmMgmtAgent) - Broadcom Corporation - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: vToolbarUpdater15.4.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe

--
End of file - 6270 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-08-28 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG SafeGuard toolbar - C:\Program Files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll [2013-08-29 3086512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-08-28 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG SafeGuard toolbar - C:\Program Files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll [2013-08-29 3086512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"SDTray"=C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [2013-05-16 3830224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2013-04-15 337432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlimDrivers]
C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-07-10 29378880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\steam.exe [2013-07-27 1807272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2013-08-29 2285232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Administrator\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\Administrator\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-09-07 14:43:51 ----A---- C:\ComboFix.txt
2013-09-07 14:20:23 ----D---- C:\ComboFix
2013-09-07 13:05:01 ----A---- C:\Boot.bak
2013-09-07 13:04:49 ----RASHD---- C:\cmdcons
2013-09-07 13:03:08 ----A---- C:\WINDOWS\zip.exe
2013-09-07 13:03:08 ----A---- C:\WINDOWS\SWXCACLS.exe
2013-09-07 13:03:08 ----A---- C:\WINDOWS\SWSC.exe
2013-09-07 13:03:08 ----A---- C:\WINDOWS\SWREG.exe
2013-09-07 13:03:08 ----A---- C:\WINDOWS\sed.exe
2013-09-07 13:03:08 ----A---- C:\WINDOWS\PEV.exe
2013-09-07 13:03:08 ----A---- C:\WINDOWS\NIRCMD.exe
2013-09-07 13:03:08 ----A---- C:\WINDOWS\MBR.exe
2013-09-07 13:03:08 ----A---- C:\WINDOWS\grep.exe
2013-09-07 13:02:19 ----D---- C:\Qoobox
2013-09-07 13:01:28 ----D---- C:\WINDOWS\erdnt
2013-09-07 12:03:09 ----D---- C:\Program Files\trend micro
2013-09-07 12:03:07 ----D---- C:\rsit
2013-09-07 11:36:01 ----A---- C:\Documents and Settings\All Users\Data aplikací\SMRResults322.dat
2013-09-06 21:28:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2013-09-06 21:27:27 ----A---- C:\WINDOWS\system32\sdnclean.exe
2013-09-06 21:26:39 ----D---- C:\Program Files\Spybot - Search & Destroy 2
2013-09-06 14:16:06 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2013-09-06 14:15:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-09-06 14:15:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-09-06 14:15:11 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2013-09-05 19:47:37 ----A---- C:\WINDOWS\system32\igfxres.dll
2013-09-05 19:25:11 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2013-09-04 22:51:56 ----D---- C:\Documents and Settings\Administrator\Data aplikací\SlrPlugins
2013-09-01 23:44:23 ----D---- C:\Temp
2013-09-01 12:03:58 ----D---- C:\baf64bc283fc65c5eb7571
2013-08-31 15:35:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Caphyon
2013-08-31 15:34:13 ----D---- C:\Documents and Settings\Administrator\Data aplikací\LaRoXion
2013-08-31 15:19:22 ----D---- C:\WINDOWS\assembly
2013-08-31 15:18:18 ----D---- C:\WINDOWS\system32\en-US
2013-08-31 15:18:08 ----D---- C:\Program Files\Microsoft.NET
2013-08-31 15:18:04 ----D---- C:\WINDOWS\Microsoft.NET
2013-08-29 22:56:24 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2013-08-29 22:49:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG SafeGuard toolbar
2013-08-29 22:49:36 ----D---- C:\Documents and Settings\Administrator\Data aplikací\AVG SafeGuard toolbar
2013-08-29 22:49:26 ----A---- C:\WINDOWS\system32\drivers\avgtpx86.sys
2013-08-29 22:49:15 ----D---- C:\Program Files\Common Files\AVG Secure Search
2013-08-29 22:49:13 ----D---- C:\Program Files\AVG SafeGuard toolbar
2013-08-29 22:18:02 ----D---- C:\Program Files\Rockstar Games
2013-08-29 00:27:49 ----A---- C:\WINDOWS\system32\bootdelete.exe
2013-08-29 00:21:23 ----D---- C:\Program Files\HitmanPro
2013-08-29 00:20:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\HitmanPro
2013-08-28 19:24:59 ----D---- C:\Program Files\SystemRequirementsLab
2013-08-28 19:24:51 ----D---- C:\WINDOWS\Sun
2013-08-28 19:23:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2013-08-28 19:23:57 ----D---- C:\Program Files\Common Files\Java
2013-08-28 19:23:53 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2013-08-28 19:23:53 ----A---- C:\WINDOWS\system32\javaws.exe
2013-08-28 19:23:53 ----A---- C:\WINDOWS\system32\deployJava1.dll
2013-08-28 19:23:49 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-08-28 19:23:49 ----A---- C:\WINDOWS\system32\javaw.exe
2013-08-28 19:23:49 ----A---- C:\WINDOWS\system32\java.exe
2013-08-28 19:23:14 ----D---- C:\Program Files\Java
2013-08-28 19:22:24 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Sun
2013-08-25 23:54:53 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2013-08-25 23:54:53 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2013-08-25 23:54:52 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2013-08-25 23:54:51 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2013-08-25 23:54:50 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2013-08-25 23:54:50 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2013-08-25 23:54:50 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2013-08-25 23:54:49 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2013-08-25 23:54:49 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2013-08-25 23:54:48 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2013-08-25 23:54:48 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2013-08-25 23:54:48 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2013-08-25 23:54:47 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2013-08-25 23:54:46 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2013-08-25 23:54:46 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2013-08-25 23:54:42 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2013-08-25 23:54:42 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2013-08-25 23:54:42 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2013-08-25 23:54:41 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2013-08-25 23:54:40 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2013-08-25 23:54:40 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2013-08-25 23:54:39 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2013-08-25 23:54:39 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2013-08-25 23:54:39 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2013-08-25 23:54:38 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2013-08-25 23:54:38 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2013-08-25 23:54:37 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2013-08-25 23:54:37 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2013-08-25 23:54:36 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2013-08-25 23:54:35 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2013-08-25 23:54:35 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2013-08-25 23:54:35 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2013-08-25 23:54:35 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2013-08-25 23:54:33 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2013-08-25 23:54:31 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2013-08-25 23:54:31 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2013-08-25 23:54:31 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2013-08-25 23:54:30 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2013-08-25 23:54:29 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2013-08-25 23:54:29 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2013-08-25 23:54:29 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2013-08-25 23:54:28 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2013-08-25 23:54:28 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2013-08-25 23:54:27 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2013-08-25 23:54:26 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2013-08-25 23:54:26 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2013-08-25 23:54:25 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2013-08-25 23:54:24 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2013-08-25 23:54:23 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2013-08-25 23:54:23 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2013-08-25 23:54:22 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2013-08-25 23:54:21 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2013-08-25 23:54:20 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2013-08-25 23:54:20 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2013-08-25 23:54:19 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2013-08-25 23:54:19 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2013-08-25 23:54:19 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2013-08-25 23:54:18 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2013-08-25 23:54:18 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2013-08-25 23:54:17 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2013-08-25 23:54:16 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2013-08-25 23:54:15 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2013-08-25 23:54:14 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2013-08-25 23:54:14 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2013-08-25 23:54:11 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2013-08-25 23:54:11 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2013-08-25 23:54:10 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2013-08-25 23:54:09 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2013-08-25 23:54:09 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2013-08-25 23:54:09 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2013-08-25 23:54:08 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2013-08-25 23:54:07 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2013-08-25 23:54:07 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2013-08-25 23:54:06 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2013-08-25 23:54:06 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2013-08-25 23:54:05 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2013-08-25 23:54:05 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2013-08-25 23:54:04 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2013-08-25 23:54:04 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2013-08-25 23:54:03 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2013-08-25 23:54:02 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2013-08-25 23:54:02 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2013-08-25 23:54:01 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2013-08-25 23:54:00 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2013-08-25 23:53:56 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2013-08-24 20:05:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-08-24 20:00:45 ----D---- C:\WINDOWS\system32\MRT
2013-08-24 19:59:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2013-08-24 19:49:08 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Apple Computer
2013-08-16 09:02:06 ----D---- C:\Program Files\GameforgeLive
2013-08-15 14:32:30 ----D---- C:\Documents and Settings\Administrator\Data aplikací\IObit
2013-08-15 14:30:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2013-08-15 14:30:40 ----D---- C:\Program Files\IObit
2013-08-14 15:43:56 ----D---- C:\Documents and Settings\Administrator\Data aplikací\LolClient
2013-08-14 15:43:51 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
2013-08-14 11:40:07 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2013-08-14 11:40:07 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2013-08-14 11:40:06 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2013-08-14 11:40:06 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2013-08-14 11:40:04 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2013-08-14 11:39:59 ----D---- C:\WINDOWS\Logs
2013-08-14 11:39:57 ----SHD---- C:\WINDOWS\system32\AI_RecycleBin
2013-08-14 11:37:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\PMB Files
2013-08-14 11:37:36 ----D---- C:\Program Files\Pando Networks
2013-08-14 11:36:44 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Riot Games
2013-08-11 22:38:25 ----D---- C:\WINDOWS\ie8updates
2013-08-11 22:37:52 ----D---- C:\WINDOWS\WBEM
2013-08-11 22:36:46 ----HDC---- C:\WINDOWS\ie8
2013-08-11 22:33:01 ----A---- C:\WINDOWS\system32\MRT.exe
2013-08-11 14:35:27 ----D---- C:\Documents and Settings\Administrator\Data aplikací\TeamViewer
2013-08-11 12:12:10 ----N---- C:\WINDOWS\system32\browserchoice.exe
2013-08-11 12:00:59 ----N---- C:\WINDOWS\system32\iacenc.dll
2013-08-11 11:56:23 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2013-08-11 11:14:28 ----D---- C:\WINDOWS\system32\PreInstall
2013-08-11 11:14:24 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2013-08-11 11:14:22 ----HD---- C:\WINDOWS\$hf_mig$
2013-08-11 11:14:00 ----N---- C:\WINDOWS\system32\spmsg.dll
2013-08-10 20:44:27 ----D---- C:\Program Files\Common Files\PC Tools
2013-08-10 20:44:24 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2013-08-10 20:41:53 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2013-08-10 20:33:20 ----D---- C:\Program Files\Common Files\Symantec Shared
2013-08-10 20:33:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2013-08-10 20:33:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2013-08-10 20:31:10 ----D---- C:\WINDOWS\system32\Adobe
2013-08-10 14:02:03 ----A---- C:\WINDOWS\system32\Baspxp32.dll
2013-08-10 14:00:16 ----D---- C:\WINDOWS\Dell
2013-08-10 13:55:37 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-08-10 13:55:36 ----A---- C:\WINDOWS\system32\CSVer.dll
2013-08-10 13:49:41 ----D---- C:\Program Files\SlimDrivers
2013-08-10 13:13:57 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2013-08-10 13:13:46 ----D---- C:\Program Files\Common Files\Skype
2013-08-10 13:13:44 ----RD---- C:\Program Files\Skype
2013-08-10 13:13:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-08-10 10:49:02 ----D---- C:\Intel
2013-08-10 10:47:57 ----D---- C:\Documents and Settings\Administrator\Data aplikací\WinRAR
2013-08-10 10:47:52 ----D---- C:\Program Files\WinRAR
2013-08-10 09:53:51 ----D---- C:\Program Files\Drivers Backup
2013-08-10 09:47:32 ----A---- C:\WINDOWS\system32\XceedCry.dll
2013-08-10 09:47:31 ----A---- C:\WINDOWS\system32\XCEEDZIP.DLL
2013-08-10 08:52:51 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2013-08-09 21:58:00 ----D---- C:\Program Files\CCleaner
2013-08-09 21:43:39 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Fighters
2013-08-09 21:42:08 ----D---- C:\WINDOWS\system32\appmgmt
2013-08-09 21:36:16 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2013-08-09 21:23:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\DriverGenius
2013-08-09 21:09:00 ----D---- C:\WINDOWS\Minidump
2013-08-09 20:08:44 ----D---- C:\Program Files\dumps
2013-08-09 20:08:05 ----D---- C:\Program Files\Common Files\Steam
2013-08-09 20:08:04 ----D---- C:\Program Files\Steam
2013-08-09 19:57:45 ----D---- C:\Program Files\Lavalys
2013-08-09 17:35:15 ----D---- C:\Documents and Settings\Administrator\Data aplikací\PowerISO
2013-08-09 17:33:46 ----D---- C:\Program Files\PowerISO
2013-08-09 17:22:35 ----A---- C:\WINDOWS\system32\wpa.bak
2013-08-09 17:05:42 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2013-08-09 15:50:23 ----D---- C:\Documents and Settings\Administrator\Data aplikací\TS3Client
2013-08-09 15:49:41 ----D---- C:\Program Files\TeamSpeak 3 Client
2013-08-09 14:54:09 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2013-08-09 14:54:09 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2013-08-09 14:54:08 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2013-08-09 14:54:07 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2013-08-09 14:54:07 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2013-08-09 14:54:06 ----A---- C:\WINDOWS\system32\drivers\aswVmm.sys
2013-08-09 14:54:05 ----A---- C:\WINDOWS\system32\drivers\aswRvrt.sys
2013-08-09 14:54:04 ----A---- C:\WINDOWS\system32\drivers\aswMonFlt.sys
2013-08-09 14:54:04 ----A---- C:\WINDOWS\system32\aswBoot.exe
2013-08-09 14:53:23 ----A---- C:\WINDOWS\avastSS.scr
2013-08-09 14:52:39 ----D---- C:\Program Files\AVAST Software
2013-08-09 14:49:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2013-08-09 14:36:31 ----D---- C:\Program Files\Google
2013-08-09 14:29:28 ----D---- C:\Program Files\Broadcom
2013-08-09 14:17:09 ----A---- C:\WINDOWS\system32\hidserv.dll
2013-08-09 14:16:58 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys

======List of files/folders modified in the last 1 month======

2013-09-07 20:23:37 ----D---- C:\WINDOWS\Temp
2013-09-07 20:14:14 ----D---- C:\WINDOWS\system32\CatRoot2
2013-09-07 14:43:56 ----D---- C:\WINDOWS\system32\drivers
2013-09-07 14:38:23 ----D---- C:\WINDOWS
2013-09-07 14:38:23 ----A---- C:\WINDOWS\system.ini
2013-09-07 14:37:59 ----D---- C:\WINDOWS\system32\drivers\etc
2013-09-07 14:32:58 ----D---- C:\WINDOWS\system32
2013-09-07 14:32:58 ----D---- C:\WINDOWS\AppPatch
2013-09-07 14:32:53 ----D---- C:\Program Files\Common Files
2013-09-07 13:05:01 ----RASH---- C:\boot.ini
2013-09-07 13:02:19 ----D---- C:\WINDOWS\Prefetch
2013-09-07 12:03:09 ----RD---- C:\Program Files
2013-09-06 21:28:43 ----SD---- C:\WINDOWS\Tasks
2013-09-06 21:27:59 ----D---- C:\WINDOWS\system32\config
2013-09-06 21:27:57 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2013-09-05 19:52:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-09-05 19:52:47 ----HD---- C:\WINDOWS\inf
2013-09-05 19:52:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2013-09-05 19:09:13 ----D---- C:\WINDOWS\system32\CatRoot
2013-09-05 19:08:38 ----D---- C:\WINDOWS\system
2013-09-05 19:08:15 ----D---- C:\WINDOWS\VirtualEar
2013-09-01 13:48:13 ----SHD---- C:\WINDOWS\Installer
2013-09-01 13:42:21 ----D---- C:\WINDOWS\WinSxS
2013-09-01 13:42:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-31 15:30:56 ----D---- C:\WINDOWS\system32\cs-cz
2013-08-31 15:18:06 ----D---- C:\WINDOWS\system32\mui
2013-08-29 22:43:15 ----A---- C:\WINDOWS\win.ini
2013-08-29 22:18:02 ----HD---- C:\Program Files\InstallShield Installation Information
2013-08-26 20:40:07 ----D---- C:\WINDOWS\Debug
2013-08-25 23:54:55 ----D---- C:\WINDOWS\system32\DirectX
2013-08-24 20:03:09 ----D---- C:\Program Files\Internet Explorer
2013-08-12 17:54:34 ----D---- C:\WINDOWS\Help
2013-08-12 17:54:33 ----D---- C:\WINDOWS\system32\wbem
2013-08-11 22:37:43 ----D---- C:\WINDOWS\Media
2013-08-11 22:31:15 ----D---- C:\Program Files\Messenger
2013-08-11 22:20:47 ----D---- C:\Program Files\Outlook Express
2013-08-11 22:20:18 ----D---- C:\Program Files\Movie Maker
2013-08-10 13:44:48 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2013-08-10 08:53:01 ----D---- C:\WINDOWS\SoftwareDistribution
2013-08-09 14:53:53 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-08-09 14:29:04 ----D---- C:\Program Files\Common Files\InstallShield
2013-08-09 14:25:02 ----SHD---- C:\System Volume Information
2013-08-09 14:18:00 ----D---- C:\WINDOWS\Registration
2013-08-09 14:17:32 ----D---- C:\WINDOWS\security

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-05-09 49376]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-08-09 175176]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-05-09 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-08-09 770344]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-08-09 369584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-05-09 56080]
R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2013-04-15 113608]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\MgmtAgent\BASFND.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2012-05-24 239928]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Blfp;Broadcom Advanced Server Program Driver; C:\WINDOWS\system32\DRIVERS\baspxp32.sys [2011-06-15 90624]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 BrcmMgmtAgent;Broadcom Management Agent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2012-08-02 154624]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-08-28 182184]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-05-16 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-05-16 1033688]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [2013-08-29 1616048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-09 116648]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-05-15 171928]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-07-25 162672]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-09 116648]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-18 754856]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119529
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Virus

#12 Příspěvek od Rudy »

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:files
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

:services
MBAMService

:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT. Odinstalujte Spybot, mohl by být v konfliktu s antispywarem Avastu. Dále jsou v PC zbytky předchozího antiviru (AVG). Odstraňte je AVG uninstallerem: http://www.uninstallavg.com/ . CF odinstalujte pomocí T-Cleaneru: http://vyosek.ic.cz/pro_usery/T-Cleaner.exe .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Camron
Návštěvník
Návštěvník
Příspěvky: 57
Registrován: 06 zář 2013 20:54

Re: Virus

#13 Příspěvek od Camron »

Chci odstranit ten AVG přes ten program, ale chce to po mě Serial number, placený.





Nový log

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2013-09-07 22:44:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 58 GB (76%) free of 76 GB
Total RAM: 1014 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:44:11, on 7.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Dokumenty\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Broadcom Management Agent (BrcmMgmtAgent) - Broadcom Corporation - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: vToolbarUpdater15.4.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe

--
End of file - 5777 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-08-28 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG SafeGuard toolbar - C:\Program Files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll [2013-08-29 3086512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-08-28 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG SafeGuard toolbar - C:\Program Files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll [2013-08-29 3086512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2013-04-15 337432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlimDrivers]
C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-07-10 29378880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\steam.exe [2013-07-27 1807272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2013-08-29 2285232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Administrator\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\Administrator\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-09-07 22:44:03 ----D---- C:\rsit
2013-09-07 22:34:00 ----D---- C:\Rbackup
2013-09-07 22:21:27 ----D---- C:\Program Files\Perfect Uninstaller
2013-09-07 22:14:33 ----A---- C:\WINDOWS\wininit.ini
2013-09-07 21:41:17 ----SHD---- C:\RECYCLER
2013-09-07 13:05:01 ----A---- C:\Boot.bak
2013-09-07 13:04:49 ----RASHD---- C:\cmdcons
2013-09-07 13:02:19 ----D---- C:\Qoobox
2013-09-07 12:03:09 ----D---- C:\Program Files\trend micro
2013-09-07 11:36:01 ----A---- C:\Documents and Settings\All Users\Data aplikací\SMRResults322.dat
2013-09-06 21:28:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2013-09-06 14:16:06 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2013-09-06 14:15:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-09-06 14:15:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-09-06 14:15:11 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2013-09-05 19:47:37 ----A---- C:\WINDOWS\system32\igfxres.dll
2013-09-05 19:25:11 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2013-09-04 22:51:56 ----D---- C:\Documents and Settings\Administrator\Data aplikací\SlrPlugins
2013-09-01 23:44:23 ----D---- C:\Temp
2013-09-01 12:03:58 ----D---- C:\baf64bc283fc65c5eb7571
2013-08-31 15:35:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Caphyon
2013-08-31 15:34:13 ----D---- C:\Documents and Settings\Administrator\Data aplikací\LaRoXion
2013-08-31 15:19:22 ----D---- C:\WINDOWS\assembly
2013-08-31 15:18:18 ----D---- C:\WINDOWS\system32\en-US
2013-08-31 15:18:08 ----D---- C:\Program Files\Microsoft.NET
2013-08-31 15:18:04 ----D---- C:\WINDOWS\Microsoft.NET
2013-08-29 22:56:24 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2013-08-29 22:49:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG SafeGuard toolbar
2013-08-29 22:49:36 ----D---- C:\Documents and Settings\Administrator\Data aplikací\AVG SafeGuard toolbar
2013-08-29 22:49:26 ----A---- C:\WINDOWS\system32\drivers\avgtpx86.sys
2013-08-29 22:49:15 ----D---- C:\Program Files\Common Files\AVG Secure Search
2013-08-29 22:49:13 ----D---- C:\Program Files\AVG SafeGuard toolbar
2013-08-29 22:18:02 ----D---- C:\Program Files\Rockstar Games
2013-08-29 00:27:49 ----A---- C:\WINDOWS\system32\bootdelete.exe
2013-08-29 00:21:23 ----D---- C:\Program Files\HitmanPro
2013-08-29 00:20:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\HitmanPro
2013-08-28 19:24:59 ----D---- C:\Program Files\SystemRequirementsLab
2013-08-28 19:24:51 ----D---- C:\WINDOWS\Sun
2013-08-28 19:23:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2013-08-28 19:23:57 ----D---- C:\Program Files\Common Files\Java
2013-08-28 19:23:53 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2013-08-28 19:23:53 ----A---- C:\WINDOWS\system32\javaws.exe
2013-08-28 19:23:53 ----A---- C:\WINDOWS\system32\deployJava1.dll
2013-08-28 19:23:49 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-08-28 19:23:49 ----A---- C:\WINDOWS\system32\javaw.exe
2013-08-28 19:23:49 ----A---- C:\WINDOWS\system32\java.exe
2013-08-28 19:23:14 ----D---- C:\Program Files\Java
2013-08-28 19:22:24 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Sun
2013-08-25 23:54:53 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2013-08-25 23:54:53 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2013-08-25 23:54:52 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2013-08-25 23:54:51 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2013-08-25 23:54:50 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2013-08-25 23:54:50 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2013-08-25 23:54:50 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2013-08-25 23:54:49 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2013-08-25 23:54:49 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2013-08-25 23:54:48 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2013-08-25 23:54:48 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2013-08-25 23:54:48 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2013-08-25 23:54:47 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2013-08-25 23:54:46 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2013-08-25 23:54:46 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2013-08-25 23:54:42 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2013-08-25 23:54:42 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2013-08-25 23:54:42 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2013-08-25 23:54:41 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2013-08-25 23:54:40 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2013-08-25 23:54:40 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2013-08-25 23:54:39 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2013-08-25 23:54:39 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2013-08-25 23:54:39 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2013-08-25 23:54:38 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2013-08-25 23:54:38 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2013-08-25 23:54:37 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2013-08-25 23:54:37 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2013-08-25 23:54:36 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2013-08-25 23:54:35 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2013-08-25 23:54:35 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2013-08-25 23:54:35 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2013-08-25 23:54:35 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2013-08-25 23:54:33 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2013-08-25 23:54:31 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2013-08-25 23:54:31 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2013-08-25 23:54:31 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2013-08-25 23:54:30 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2013-08-25 23:54:29 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2013-08-25 23:54:29 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2013-08-25 23:54:29 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2013-08-25 23:54:28 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2013-08-25 23:54:28 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2013-08-25 23:54:27 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2013-08-25 23:54:26 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2013-08-25 23:54:26 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2013-08-25 23:54:25 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2013-08-25 23:54:24 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2013-08-25 23:54:23 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2013-08-25 23:54:23 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2013-08-25 23:54:22 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2013-08-25 23:54:21 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2013-08-25 23:54:20 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2013-08-25 23:54:20 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2013-08-25 23:54:19 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2013-08-25 23:54:19 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2013-08-25 23:54:19 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2013-08-25 23:54:18 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2013-08-25 23:54:18 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2013-08-25 23:54:17 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2013-08-25 23:54:16 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2013-08-25 23:54:15 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2013-08-25 23:54:14 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2013-08-25 23:54:14 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2013-08-25 23:54:11 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2013-08-25 23:54:11 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2013-08-25 23:54:10 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2013-08-25 23:54:09 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2013-08-25 23:54:09 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2013-08-25 23:54:09 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2013-08-25 23:54:08 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2013-08-25 23:54:07 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2013-08-25 23:54:07 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2013-08-25 23:54:06 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2013-08-25 23:54:06 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2013-08-25 23:54:05 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2013-08-25 23:54:05 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2013-08-25 23:54:04 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2013-08-25 23:54:04 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2013-08-25 23:54:03 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2013-08-25 23:54:02 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2013-08-25 23:54:02 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2013-08-25 23:54:01 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2013-08-25 23:54:00 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2013-08-25 23:53:56 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2013-08-24 20:05:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-08-24 20:00:45 ----D---- C:\WINDOWS\system32\MRT
2013-08-24 19:59:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2013-08-24 19:49:08 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Apple Computer
2013-08-16 09:02:06 ----D---- C:\Program Files\GameforgeLive
2013-08-15 14:32:30 ----D---- C:\Documents and Settings\Administrator\Data aplikací\IObit
2013-08-15 14:30:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2013-08-15 14:30:40 ----D---- C:\Program Files\IObit
2013-08-14 15:43:56 ----D---- C:\Documents and Settings\Administrator\Data aplikací\LolClient
2013-08-14 15:43:51 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
2013-08-14 11:40:07 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2013-08-14 11:40:07 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2013-08-14 11:40:06 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2013-08-14 11:40:06 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2013-08-14 11:40:04 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2013-08-14 11:39:59 ----D---- C:\WINDOWS\Logs
2013-08-14 11:39:57 ----SHD---- C:\WINDOWS\system32\AI_RecycleBin
2013-08-14 11:37:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\PMB Files
2013-08-14 11:37:36 ----D---- C:\Program Files\Pando Networks
2013-08-14 11:36:44 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Riot Games
2013-08-11 22:38:25 ----D---- C:\WINDOWS\ie8updates
2013-08-11 22:37:52 ----D---- C:\WINDOWS\WBEM
2013-08-11 22:36:46 ----HDC---- C:\WINDOWS\ie8
2013-08-11 22:33:01 ----A---- C:\WINDOWS\system32\MRT.exe
2013-08-11 14:35:27 ----D---- C:\Documents and Settings\Administrator\Data aplikací\TeamViewer
2013-08-11 12:12:10 ----N---- C:\WINDOWS\system32\browserchoice.exe
2013-08-11 12:00:59 ----N---- C:\WINDOWS\system32\iacenc.dll
2013-08-11 11:56:23 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2013-08-11 11:14:28 ----D---- C:\WINDOWS\system32\PreInstall
2013-08-11 11:14:24 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2013-08-11 11:14:22 ----HD---- C:\WINDOWS\$hf_mig$
2013-08-11 11:14:00 ----N---- C:\WINDOWS\system32\spmsg.dll
2013-08-10 20:44:27 ----D---- C:\Program Files\Common Files\PC Tools
2013-08-10 20:44:24 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2013-08-10 20:41:53 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2013-08-10 20:33:20 ----D---- C:\Program Files\Common Files\Symantec Shared
2013-08-10 20:33:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2013-08-10 20:33:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2013-08-10 20:31:10 ----D---- C:\WINDOWS\system32\Adobe
2013-08-10 14:02:03 ----A---- C:\WINDOWS\system32\Baspxp32.dll
2013-08-10 14:00:16 ----D---- C:\WINDOWS\Dell
2013-08-10 13:55:37 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-08-10 13:55:36 ----A---- C:\WINDOWS\system32\CSVer.dll
2013-08-10 13:49:41 ----D---- C:\Program Files\SlimDrivers
2013-08-10 13:13:57 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2013-08-10 13:13:46 ----D---- C:\Program Files\Common Files\Skype
2013-08-10 13:13:44 ----RD---- C:\Program Files\Skype
2013-08-10 13:13:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-08-10 10:49:02 ----D---- C:\Intel
2013-08-10 10:47:57 ----D---- C:\Documents and Settings\Administrator\Data aplikací\WinRAR
2013-08-10 10:47:52 ----D---- C:\Program Files\WinRAR
2013-08-10 09:53:51 ----D---- C:\Program Files\Drivers Backup
2013-08-10 09:47:32 ----A---- C:\WINDOWS\system32\XceedCry.dll
2013-08-10 09:47:31 ----A---- C:\WINDOWS\system32\XCEEDZIP.DLL
2013-08-10 08:52:51 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2013-08-09 21:58:00 ----D---- C:\Program Files\CCleaner
2013-08-09 21:43:39 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Fighters
2013-08-09 21:42:08 ----D---- C:\WINDOWS\system32\appmgmt
2013-08-09 21:36:16 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2013-08-09 21:23:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\DriverGenius
2013-08-09 21:09:00 ----D---- C:\WINDOWS\Minidump
2013-08-09 20:08:44 ----D---- C:\Program Files\dumps
2013-08-09 20:08:05 ----D---- C:\Program Files\Common Files\Steam
2013-08-09 20:08:04 ----D---- C:\Program Files\Steam
2013-08-09 19:57:45 ----D---- C:\Program Files\Lavalys
2013-08-09 17:35:15 ----D---- C:\Documents and Settings\Administrator\Data aplikací\PowerISO
2013-08-09 17:33:46 ----D---- C:\Program Files\PowerISO
2013-08-09 17:22:35 ----A---- C:\WINDOWS\system32\wpa.bak
2013-08-09 17:05:42 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2013-08-09 15:50:23 ----D---- C:\Documents and Settings\Administrator\Data aplikací\TS3Client
2013-08-09 15:49:41 ----D---- C:\Program Files\TeamSpeak 3 Client
2013-08-09 14:54:09 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2013-08-09 14:54:09 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2013-08-09 14:54:08 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2013-08-09 14:54:07 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2013-08-09 14:54:07 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2013-08-09 14:54:06 ----A---- C:\WINDOWS\system32\drivers\aswVmm.sys
2013-08-09 14:54:05 ----A---- C:\WINDOWS\system32\drivers\aswRvrt.sys
2013-08-09 14:54:04 ----A---- C:\WINDOWS\system32\drivers\aswMonFlt.sys
2013-08-09 14:54:04 ----A---- C:\WINDOWS\system32\aswBoot.exe
2013-08-09 14:53:23 ----A---- C:\WINDOWS\avastSS.scr
2013-08-09 14:52:39 ----D---- C:\Program Files\AVAST Software
2013-08-09 14:49:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2013-08-09 14:36:31 ----D---- C:\Program Files\Google
2013-08-09 14:29:28 ----D---- C:\Program Files\Broadcom
2013-08-09 14:17:09 ----A---- C:\WINDOWS\system32\hidserv.dll
2013-08-09 14:16:58 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys

======List of files/folders modified in the last 1 month======

2013-09-07 22:40:12 ----D---- C:\WINDOWS\Temp
2013-09-07 22:40:12 ----D---- C:\WINDOWS\Prefetch
2013-09-07 22:40:11 ----SHD---- C:\System Volume Information
2013-09-07 22:40:11 ----D---- C:\WINDOWS\system32\Restore
2013-09-07 22:39:30 ----D---- C:\WINDOWS
2013-09-07 22:21:54 ----D---- C:\WINDOWS\system32
2013-09-07 22:21:27 ----RD---- C:\Program Files
2013-09-07 22:15:04 ----D---- C:\WINDOWS\system32\CatRoot2
2013-09-07 22:14:36 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2013-09-07 22:14:35 ----SD---- C:\WINDOWS\Tasks
2013-09-07 14:43:56 ----D---- C:\WINDOWS\system32\drivers
2013-09-07 14:38:23 ----A---- C:\WINDOWS\system.ini
2013-09-07 14:37:59 ----D---- C:\WINDOWS\system32\drivers\etc
2013-09-07 14:32:58 ----D---- C:\WINDOWS\AppPatch
2013-09-07 14:32:53 ----D---- C:\Program Files\Common Files
2013-09-07 13:05:01 ----RASH---- C:\boot.ini
2013-09-06 21:27:59 ----D---- C:\WINDOWS\system32\config
2013-09-05 19:52:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-09-05 19:52:47 ----HD---- C:\WINDOWS\inf
2013-09-05 19:52:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2013-09-05 19:09:13 ----D---- C:\WINDOWS\system32\CatRoot
2013-09-05 19:08:38 ----D---- C:\WINDOWS\system
2013-09-05 19:08:15 ----D---- C:\WINDOWS\VirtualEar
2013-09-01 13:48:13 ----SHD---- C:\WINDOWS\Installer
2013-09-01 13:42:21 ----D---- C:\WINDOWS\WinSxS
2013-09-01 13:42:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-31 15:30:56 ----D---- C:\WINDOWS\system32\cs-cz
2013-08-31 15:18:06 ----D---- C:\WINDOWS\system32\mui
2013-08-29 22:43:15 ----A---- C:\WINDOWS\win.ini
2013-08-29 22:18:02 ----HD---- C:\Program Files\InstallShield Installation Information
2013-08-26 20:40:07 ----D---- C:\WINDOWS\Debug
2013-08-25 23:54:55 ----D---- C:\WINDOWS\system32\DirectX
2013-08-24 20:03:09 ----D---- C:\Program Files\Internet Explorer
2013-08-12 17:54:34 ----D---- C:\WINDOWS\Help
2013-08-12 17:54:33 ----D---- C:\WINDOWS\system32\wbem
2013-08-11 22:37:43 ----D---- C:\WINDOWS\Media
2013-08-11 22:31:15 ----D---- C:\Program Files\Messenger
2013-08-11 22:20:47 ----D---- C:\Program Files\Outlook Express
2013-08-11 22:20:18 ----D---- C:\Program Files\Movie Maker
2013-08-10 13:44:48 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2013-08-10 08:53:01 ----D---- C:\WINDOWS\SoftwareDistribution
2013-08-09 14:53:53 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-08-09 14:29:04 ----D---- C:\Program Files\Common Files\InstallShield
2013-08-09 14:18:00 ----D---- C:\WINDOWS\Registration
2013-08-09 14:17:32 ----D---- C:\WINDOWS\security

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-05-09 49376]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-08-09 175176]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-05-09 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-08-09 770344]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-08-09 369584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-05-09 56080]
R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2013-04-15 113608]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\MgmtAgent\BASFND.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2012-05-24 239928]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Blfp;Broadcom Advanced Server Program Driver; C:\WINDOWS\system32\DRIVERS\baspxp32.sys [2011-06-15 90624]
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 BrcmMgmtAgent;Broadcom Management Agent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2012-08-02 154624]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-08-28 182184]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [2013-08-29 1616048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-09 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-07-25 162672]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-09 116648]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-18 754856]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Naposledy upravil(a) Camron dne 07 zář 2013 21:44, celkem upraveno 1 x.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119529
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Virus

#14 Příspěvek od Rudy »

Tyto nástroje: http://www.avg.com/cz-cs/utilities by měly být free. Musíte ale pro odinstalaci restartovat do nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Camron
Návštěvník
Návštěvník
Příspěvky: 57
Registrován: 06 zář 2013 20:54

Re: Virus

#15 Příspěvek od Camron »

AVG Odinstalovaný, vše udělané.
Log jsem už dal v předešlé odpovědí (v editu)
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“