VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

vir v NB

https://forum.viry.cz:443/viewtopic.php?t=133915

Stránka 1 z 2

vir v NB

Napsal: 08 lis 2013 13:16
od David7
Dobrý den, prosím o pomoc.
Avira mi hlásí:
C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[DETECTION] Is the TR/Agent.642560.285 Trojan

Testování systému proběhlo po přeinstalaci NB a instalaci programů.
NB fungoval asi měsíc, poté černá obrazovka a vypnutí. Po zapnutí chtěl instalační CD na opravu systému. Oprava systému nebyla možná, proto ten přeinstalace. Byly nainstalovány stejné programy jako předtím, takže se nejspíše natáhlo něco z nich.

log z RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Alenka at 2013-11-08 13:17:19
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 125 GB (82%) free of 153 GB
Total RAM: 3036 MB (47% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}]
Zonealarm Helper Object - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll [2013-07-22 302992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
PDF Architect Helper - C:\Program Files\PDF Architect\PDFIEHelper.dll [2013-04-08 92208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
Avira SearchFree Toolbar - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2013-10-23 12240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - ZoneAlarm Security Toolbar - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll [2013-07-22 289168]
{41564952-412D-5637-00A7-7A786E7484D7} - Avira SearchFree Toolbar - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2013-10-23 12240]
{25A3A431-30BB-47C8-AD6A-E1063801134F} - PDF Architect Toolbar - C:\Program Files\PDF Architect\PDFIEPlugin.dll [2013-04-08 654384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-03-05 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-03-05 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-03-05 150552]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2009-03-23 17149952]
"AmIcoSinglun"=C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [2008-09-30 237568]
"HControlUser"=C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2008-08-18 98304]
"Wireless Console 3"=C:\Program Files\ASUS\Wireless Console 3\wcourier.exe [2009-02-07 1593344]
"ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2009-07-27 3054136]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-03-06 424352]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-12-03 35184]
"ZoneAlarm"=C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [2013-10-25 73832]
"SpywareTerminatorShield"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2013-10-22 2777736]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2013-10-10 681032]
"ApnTBMon"=C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2013-10-23 1673680]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"=C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe [2009-03-20 3261688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 210432]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2013-11-08 13:17:21 ----D---- C:\Program Files\trend micro
2013-11-08 13:17:18 ----D---- C:\rsit
2013-11-08 00:54:43 ----D---- C:\Users\Alenka\AppData\Roaming\Skype
2013-11-08 00:54:33 ----RD---- C:\Program Files\Skype
2013-11-08 00:54:33 ----D---- C:\Program Files\Common Files\Skype
2013-11-08 00:54:27 ----D---- C:\ProgramData\Skype
2013-11-07 23:50:00 ----D---- C:\Program Files\PDF Architect
2013-11-07 23:49:45 ----D---- C:\Users\Alenka\AppData\Roaming\pdfforge
2013-11-07 23:49:42 ----A---- C:\Windows\system32\pdfcmon.dll
2013-11-07 23:49:40 ----D---- C:\Program Files\PDFCreator
2013-11-07 23:49:40 ----A---- C:\Windows\system32\MSMPIDE.DLL
2013-11-07 23:41:16 ----D---- C:\Users\Alenka\AppData\Roaming\IrfanView
2013-11-07 23:41:16 ----D---- C:\Program Files\IrfanView
2013-11-07 23:36:06 ----D---- C:\Program Files\7-Zip
2013-11-07 23:30:21 ----D---- C:\Program Files\GIMP 2
2013-11-07 23:28:02 ----D---- C:\Users\Alenka\AppData\Roaming\Ashampoo
2013-11-07 23:22:51 ----D---- C:\ProgramData\Ashampoo
2013-11-07 23:22:48 ----D---- C:\Program Files\Ashampoo
2013-11-07 23:21:29 ----D---- C:\Users\Alenka\AppData\Roaming\Mozilla
2013-11-07 23:21:25 ----D---- C:\ProgramData\Mozilla
2013-11-07 23:21:24 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-11-07 23:10:03 ----D---- C:\Users\Alenka\AppData\Roaming\vlc
2013-11-07 23:09:05 ----D---- C:\Program Files\VideoLAN
2013-11-07 22:57:01 ----D---- C:\Users\Alenka\AppData\Roaming\GHISLER
2013-11-07 22:57:01 ----D---- C:\totalcmd
2013-11-07 22:54:06 ----D---- C:\Program Files\LibreOffice 4
2013-11-07 22:40:27 ----D---- C:\Program Files\Windows Portable Devices
2013-11-07 22:13:46 ----A---- C:\Windows\system32\UIAnimation.dll
2013-11-07 22:13:45 ----A---- C:\Windows\system32\UIRibbonRes.dll
2013-11-07 22:13:45 ----A---- C:\Windows\system32\UIRibbon.dll
2013-11-07 22:09:12 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2013-11-07 22:09:11 ----A---- C:\Windows\system32\wpdbusenum.dll
2013-11-07 22:09:11 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2013-11-07 22:09:09 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2013-11-07 22:09:07 ----A---- C:\Windows\system32\WPDSp.dll
2013-11-07 22:09:07 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2013-11-07 22:09:07 ----A---- C:\Windows\system32\wpdshext.dll
2013-11-07 22:09:07 ----A---- C:\Windows\system32\wpd_ci.dll
2013-11-07 22:09:07 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2013-11-07 22:09:07 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2013-11-07 22:09:07 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2013-11-07 22:09:07 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2013-11-07 21:51:40 ----A---- C:\Windows\system32\wmi.dll
2013-11-07 21:51:40 ----A---- C:\Windows\system32\imagehlp.dll
2013-11-07 21:38:40 ----A---- C:\Windows\system32\wininet.dll
2013-11-07 21:38:40 ----A---- C:\Windows\system32\urlmon.dll
2013-11-07 21:38:40 ----A---- C:\Windows\system32\msrating.dll
2013-11-07 21:38:40 ----A---- C:\Windows\system32\msls31.dll
2013-11-07 21:38:40 ----A---- C:\Windows\system32\jsproxy.dll
2013-11-07 21:38:40 ----A---- C:\Windows\system32\iertutil.dll
2013-11-07 21:38:39 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2013-11-07 21:38:39 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-07 21:38:39 ----A---- C:\Windows\system32\mshtmler.dll
2013-11-07 21:38:39 ----A---- C:\Windows\system32\ieui.dll
2013-11-07 21:38:39 ----A---- C:\Windows\system32\iesysprep.dll
2013-11-07 21:38:39 ----A---- C:\Windows\system32\ieframe.dll
2013-11-07 21:38:39 ----A---- C:\Windows\system32\ieapfltr.dll
2013-11-07 21:38:39 ----A---- C:\Windows\system32\dxtrans.dll
2013-11-07 21:38:39 ----A---- C:\Windows\system32\dxtmsft.dll
2013-11-07 21:38:38 ----A---- C:\Windows\system32\wextract.exe
2013-11-07 21:38:38 ----A---- C:\Windows\system32\webcheck.dll
2013-11-07 21:38:38 ----A---- C:\Windows\system32\vbscript.dll
2013-11-07 21:38:38 ----A---- C:\Windows\system32\url.dll
2013-11-07 21:38:38 ----A---- C:\Windows\system32\mshtmled.dll
2013-11-07 21:38:38 ----A---- C:\Windows\system32\msfeeds.dll
2013-11-07 21:38:38 ----A---- C:\Windows\system32\licmgr10.dll
2013-11-07 21:38:38 ----A---- C:\Windows\system32\inseng.dll
2013-11-07 21:38:38 ----A---- C:\Windows\system32\iexpress.exe
2013-11-07 21:38:38 ----A---- C:\Windows\system32\iesetup.dll
2013-11-07 21:38:38 ----A---- C:\Windows\system32\iernonce.dll
2013-11-07 21:38:38 ----A---- C:\Windows\system32\iedkcs32.dll
2013-11-07 21:38:38 ----A---- C:\Windows\system32\ie4uinit.exe
2013-11-07 21:38:38 ----A---- C:\Windows\system32\icardie.dll
2013-11-07 21:38:37 ----A---- C:\Windows\system32\pngfilt.dll
2013-11-07 21:38:37 ----A---- C:\Windows\system32\occache.dll
2013-11-07 21:38:37 ----A---- C:\Windows\system32\mshtml.dll
2013-11-07 21:38:37 ----A---- C:\Windows\system32\mshta.exe
2013-11-07 21:38:37 ----A---- C:\Windows\system32\msfeedssync.exe
2013-11-07 21:38:37 ----A---- C:\Windows\system32\msfeedsbs.dll
2013-11-07 21:38:37 ----A---- C:\Windows\system32\jscript9.dll
2013-11-07 21:38:37 ----A---- C:\Windows\system32\jscript.dll
2013-11-07 21:38:37 ----A---- C:\Windows\system32\imgutil.dll
2013-11-07 21:38:37 ----A---- C:\Windows\system32\ieUnatt.exe
2013-11-07 21:38:37 ----A---- C:\Windows\system32\iepeers.dll
2013-11-07 21:38:37 ----A---- C:\Windows\system32\ieakui.dll
2013-11-07 21:38:37 ----A---- C:\Windows\system32\ieaksie.dll
2013-11-07 21:38:37 ----A---- C:\Windows\system32\ieakeng.dll
2013-11-07 21:38:37 ----A---- C:\Windows\system32\IEAdvpack.dll
2013-11-07 21:38:37 ----A---- C:\Windows\system32\advpack.dll
2013-11-07 21:38:37 ----A---- C:\Windows\system32\admparse.dll
2013-11-07 21:38:00 ----A---- C:\Windows\system32\mfreadwrite.dll
2013-11-07 21:38:00 ----A---- C:\Windows\system32\mfps.dll
2013-11-07 21:38:00 ----A---- C:\Windows\system32\mfmp4src.dll
2013-11-07 21:38:00 ----A---- C:\Windows\system32\MFHEAACdec.dll
2013-11-07 21:38:00 ----A---- C:\Windows\system32\MFH264Dec.dll
2013-11-07 21:38:00 ----A---- C:\Windows\system32\mf.dll
2013-11-07 21:37:59 ----A---- C:\Windows\system32\stobject.dll
2013-11-07 21:37:59 ----A---- C:\Windows\system32\shdocvw.dll
2013-11-07 21:37:59 ----A---- C:\Windows\system32\mfplat.dll
2013-11-07 21:37:58 ----A---- C:\Windows\system32\XpsRasterService.dll
2013-11-07 21:37:58 ----A---- C:\Windows\system32\d2d1.dll
2013-11-07 21:37:57 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2013-11-07 21:37:57 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2013-11-07 21:37:57 ----A---- C:\Windows\system32\OpcServices.dll
2013-11-07 21:37:57 ----A---- C:\Windows\system32\dxgi.dll
2013-11-07 21:37:57 ----A---- C:\Windows\system32\d3d10warp.dll
2013-11-07 21:37:57 ----A---- C:\Windows\system32\d3d10level9.dll
2013-11-07 21:37:57 ----A---- C:\Windows\system32\d3d10core.dll
2013-11-07 21:37:57 ----A---- C:\Windows\system32\d3d10_1core.dll
2013-11-07 21:37:57 ----A---- C:\Windows\system32\d3d10_1.dll
2013-11-07 21:37:57 ----A---- C:\Windows\system32\d3d10.dll
2013-11-07 21:37:56 ----A---- C:\Windows\system32\xpsservices.dll
2013-11-07 21:37:56 ----A---- C:\Windows\system32\XpsPrint.dll
2013-11-07 21:37:22 ----A---- C:\Windows\system32\WMPhoto.dll
2013-11-07 21:37:22 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2013-11-07 21:37:22 ----A---- C:\Windows\system32\WindowsCodecs.dll
2013-11-07 21:37:22 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2013-11-07 21:37:22 ----A---- C:\Windows\system32\dxdiagn.dll
2013-11-07 21:37:22 ----A---- C:\Windows\system32\dxdiag.exe
2013-11-07 21:37:22 ----A---- C:\Windows\system32\d3d11.dll
2013-11-07 21:23:05 ----A---- C:\Windows\system32\Wdfres.dll
2013-11-07 21:23:03 ----A---- C:\Windows\system32\WUDFSvc.dll
2013-11-07 21:23:03 ----A---- C:\Windows\system32\WUDFPlatform.dll
2013-11-07 21:23:03 ----A---- C:\Windows\system32\winusb.dll
2013-11-07 21:23:00 ----A---- C:\Windows\system32\WUDFx.dll
2013-11-07 21:23:00 ----A---- C:\Windows\system32\WUDFHost.exe
2013-11-07 21:23:00 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2013-11-07 21:07:38 ----A---- C:\Windows\system32\srvsvc.dll
2013-11-07 21:07:37 ----A---- C:\Windows\system32\netevent.dll
2013-11-07 21:07:30 ----A---- C:\Windows\system32\cdd.dll
2013-11-07 21:07:28 ----A---- C:\Windows\system32\psisdecd.dll
2013-11-07 21:07:27 ----A---- C:\Windows\system32\winmm.dll
2013-11-07 21:07:27 ----A---- C:\Windows\system32\mciseq.dll
2013-11-07 21:07:27 ----A---- C:\Windows\system32\icaapi.dll
2013-11-07 21:07:24 ----A---- C:\Windows\system32\localspl.dll
2013-11-07 21:07:01 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-07 21:06:31 ----A---- C:\Windows\system32\synceng.dll
2013-11-07 21:06:30 ----A---- C:\Windows\system32\shell32.dll
2013-11-07 21:06:28 ----A---- C:\Windows\system32\EncDec.dll
2013-11-07 21:06:12 ----A---- C:\Windows\system32\tzres.dll
2013-11-07 21:05:49 ----A---- C:\Windows\system32\dpnsvr.exe
2013-11-07 21:05:49 ----A---- C:\Windows\system32\dpnet.dll
2013-11-07 21:05:47 ----A---- C:\Windows\system32\rpcrt4.dll
2013-11-07 21:05:45 ----A---- C:\Windows\system32\netapi32.dll
2013-11-07 21:05:39 ----A---- C:\Windows\system32\FntCache.dll
2013-11-07 21:05:39 ----A---- C:\Windows\system32\DWrite.dll
2013-11-07 21:05:38 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2013-11-07 21:05:31 ----A---- C:\Windows\system32\packager.dll
2013-11-07 21:04:47 ----A---- C:\Windows\system32\ncrypt.dll
2013-11-07 21:04:46 ----A---- C:\Windows\system32\kernel32.dll
2013-11-07 21:04:45 ----A---- C:\Windows\system32\msvcrt.dll
2013-11-07 21:04:17 ----A---- C:\Windows\system32\shlwapi.dll
2013-11-07 21:04:16 ----A---- C:\Windows\system32\quartz.dll
2013-11-07 21:04:14 ----A---- C:\Windows\system32\win32spl.dll
2013-11-07 21:04:14 ----A---- C:\Windows\system32\printcom.dll
2013-11-07 21:04:13 ----A---- C:\Windows\system32\WMVDECOD.DLL
2013-11-07 21:04:09 ----A---- C:\Windows\system32\certutil.exe
2013-11-07 21:04:08 ----A---- C:\Windows\system32\certenc.dll
2013-11-07 21:04:03 ----A---- C:\Windows\system32\msxml6.dll
2013-11-07 21:03:55 ----A---- C:\Windows\system32\qdvd.dll
2013-11-07 21:03:54 ----A---- C:\Windows\system32\smss.exe
2013-11-07 21:03:54 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-11-07 21:03:54 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-11-07 21:03:54 ----A---- C:\Windows\system32\ntdll.dll
2013-11-07 21:03:54 ----A---- C:\Windows\system32\csrsrv.dll
2013-11-07 21:03:51 ----A---- C:\Windows\system32\themeui.dll
2013-11-07 21:03:48 ----A---- C:\Windows\system32\winhttp.dll
2013-11-07 21:03:47 ----A---- C:\Windows\system32\atmlib.dll
2013-11-07 21:03:47 ----A---- C:\Windows\system32\atmfd.dll
2013-11-07 21:03:41 ----A---- C:\Windows\system32\UIAutomationCore.dll
2013-11-07 21:03:41 ----A---- C:\Windows\system32\oleaut32.dll
2013-11-07 21:03:41 ----A---- C:\Windows\system32\oleaccrc.dll
2013-11-07 21:03:41 ----A---- C:\Windows\system32\oleacc.dll
2013-11-07 21:03:35 ----A---- C:\Windows\system32\qedit.dll
2013-11-07 21:03:34 ----A---- C:\Windows\system32\msxml3.dll
2013-11-07 21:03:19 ----A---- C:\Windows\system32\mstscax.dll
2013-11-07 21:03:18 ----A---- C:\Windows\system32\xmllite.dll
2013-11-07 21:03:17 ----A---- C:\Windows\system32\comctl32.dll
2013-11-07 21:03:15 ----A---- C:\Windows\system32\winsrv.dll
2013-11-07 21:03:11 ----A---- C:\Windows\system32\cryptdlg.dll
2013-11-07 21:02:36 ----A---- C:\Windows\system32\schannel.dll
2013-11-07 21:02:36 ----A---- C:\Windows\system32\secur32.dll
2013-11-07 21:02:36 ----A---- C:\Windows\system32\lsass.exe
2013-11-07 21:02:36 ----A---- C:\Windows\system32\lsasrv.dll
2013-11-07 21:02:35 ----A---- C:\Windows\system32\msshsq.dll
2013-11-07 21:02:28 ----A---- C:\Windows\system32\wintrust.dll
2013-11-07 21:02:28 ----A---- C:\Windows\system32\cryptsvc.dll
2013-11-07 21:02:28 ----A---- C:\Windows\system32\cryptnet.dll
2013-11-07 21:02:28 ----A---- C:\Windows\system32\crypt32.dll
2013-11-07 20:44:36 ----A---- C:\Windows\system32\rdpencom.dll
2013-11-07 20:33:31 ----A---- C:\Windows\system32\wups2.dll
2013-11-07 20:33:31 ----A---- C:\Windows\system32\wuauclt.exe
2013-11-07 20:33:30 ----A---- C:\Windows\system32\wucltux.dll
2013-11-07 20:33:30 ----A---- C:\Windows\system32\wuaueng.dll
2013-11-07 20:33:13 ----A---- C:\Windows\system32\wups.dll
2013-11-07 20:33:13 ----A---- C:\Windows\system32\wudriver.dll
2013-11-07 20:33:13 ----A---- C:\Windows\system32\wuapi.dll
2013-11-07 20:33:10 ----A---- C:\Windows\system32\wuwebv.dll
2013-11-07 20:33:10 ----A---- C:\Windows\system32\wuapp.exe
2013-11-07 00:26:25 ----D---- C:\Users\Alenka\AppData\Roaming\Avira
2013-11-07 00:24:04 ----D---- C:\ProgramData\AskPartnerNetwork
2013-11-07 00:24:04 ----D---- C:\Program Files\AskPartnerNetwork
2013-11-07 00:22:40 ----D---- C:\ProgramData\APN
2013-11-07 00:20:03 ----D---- C:\Program Files\Avira
2013-11-06 23:57:00 ----D---- C:\Users\Alenka\AppData\Roaming\Spyware Terminator
2013-11-06 23:57:00 ----D---- C:\ProgramData\Spyware Terminator
2013-11-06 23:56:57 ----D---- C:\Program Files\Spyware Terminator
2013-11-06 23:42:01 ----D---- C:\Program Files\Check Point Software Technologies LTD
2013-11-06 23:42:00 ----D---- C:\Program Files\Mozilla Firefox
2013-11-06 23:37:18 ----D---- C:\Program Files\CheckPoint
2013-11-06 23:36:24 ----D---- C:\ProgramData\CheckPoint
2013-11-06 23:28:39 ----D---- C:\ProgramData\Avira
2013-11-06 23:13:45 ----D---- C:\ProgramData\ASUS
2013-11-06 22:54:57 ----D---- C:\Users\Alenka\AppData\Roaming\CyberLink
2013-11-06 22:54:40 ----D---- C:\ProgramData\LightScribe
2013-11-06 22:43:41 ----A---- C:\Windows\ATKPF.ini
2013-11-06 21:45:45 ----D---- C:\Program Files\CCleaner
2013-11-06 20:52:52 ----D---- C:\Users\Alenka\AppData\Roaming\Adobe
2013-11-06 17:59:28 ----SHD---- C:\System Volume Information
2013-11-06 17:59:02 ----A---- C:\Pass.txt
2013-11-06 16:07:04 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2013-11-06 16:07:04 ----A---- C:\Windows\system32\PresentationHost.exe
2013-11-06 16:07:04 ----A---- C:\Windows\system32\netfxperf.dll
2013-11-06 16:07:04 ----A---- C:\Windows\system32\mscoree.dll
2013-11-06 16:07:04 ----A---- C:\Windows\system32\dfshim.dll
2013-11-06 15:46:23 ----D---- C:\Windows\system32\eu-ES
2013-11-06 15:46:23 ----D---- C:\Windows\system32\ca-ES
2013-11-06 15:46:22 ----D---- C:\Windows\system32\vi-VN
2013-11-06 14:59:22 ----D---- C:\Windows\system32\EventProviders
2013-11-06 12:41:25 ----D---- C:\Windows\system32\WindowsPowerShell
2013-11-06 10:53:40 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2013-11-06 10:53:37 ----A---- C:\Windows\system32\SLsvc.exe
2013-11-06 10:53:37 ----A---- C:\Windows\system32\SLCExt.dll
2013-11-06 10:53:36 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2013-11-06 10:53:36 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2013-11-06 10:53:34 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2013-11-06 10:53:32 ----A---- C:\Windows\system32\mssrch.dll
2013-11-06 10:53:29 ----A---- C:\Windows\system32\tquery.dll
2013-11-06 10:53:28 ----A---- C:\Windows\system32\scavenge.dll
2013-11-06 10:53:28 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2013-11-06 10:53:27 ----A---- C:\Windows\system32\msi.dll
2013-11-06 10:53:26 ----A---- C:\Windows\system32\imapi2fs.dll
2013-11-06 10:53:25 ----A---- C:\Windows\system32\WscEapPr.dll
2013-11-06 10:53:25 ----A---- C:\Windows\system32\wcnwiz2.dll
2013-11-06 10:53:25 ----A---- C:\Windows\system32\sysmain.dll
2013-11-06 10:53:23 ----A---- C:\Windows\system32\icardagt.exe
2013-11-06 10:53:23 ----A---- C:\Windows\system32\EhStorShell.dll
2013-11-06 10:53:23 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2013-11-06 10:53:22 ----A---- C:\Windows\system32\spreview.exe
2013-11-06 10:53:22 ----A---- C:\Windows\system32\spinstall.exe
2013-11-06 10:53:22 ----A---- C:\Windows\system32\drmv2clt.dll
2013-11-06 10:53:21 ----A---- C:\Windows\system32\spwizui.dll
2013-11-06 10:53:21 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2013-11-06 10:53:19 ----A---- C:\Windows\system32\SearchIndexer.exe
2013-11-06 10:53:19 ----A---- C:\Windows\system32\p2psvc.dll
2013-11-06 10:53:19 ----A---- C:\Windows\system32\mssvp.dll
2013-11-06 10:53:17 ----A---- C:\Windows\system32\mssphtb.dll
2013-11-06 10:53:17 ----A---- C:\Windows\system32\mssph.dll
2013-11-06 10:53:17 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2013-11-06 10:53:17 ----A---- C:\Windows\system32\imapi2.dll
2013-11-06 10:53:16 ----A---- C:\Windows\system32\sdohlp.dll
2013-11-06 10:53:16 ----A---- C:\Windows\system32\IMJP10K.DLL
2013-11-06 10:53:16 ----A---- C:\Windows\system32\esent.dll
2013-11-06 10:53:15 ----A---- C:\Windows\system32\wevtsvc.dll
2013-11-06 10:53:15 ----A---- C:\Windows\system32\sperror.dll
2013-11-06 10:53:15 ----A---- C:\Windows\system32\korwbrkr.dll
2013-11-06 10:53:15 ----A---- C:\Windows\system32\DevicePairing.dll
2013-11-06 10:53:14 ----A---- C:\Windows\system32\SLC.dll
2013-11-06 10:53:13 ----A---- C:\Windows\system32\msjet40.dll
2013-11-06 10:53:12 ----A---- C:\Windows\system32\MPSSVC.dll
2013-11-06 10:53:11 ----A---- C:\Windows\system32\Query.dll
2013-11-06 10:53:11 ----A---- C:\Windows\system32\qmgr.dll
2013-11-06 10:53:10 ----A---- C:\Windows\system32\srchadmin.dll
2013-11-06 10:53:10 ----A---- C:\Windows\system32\P2PGraph.dll
2013-11-06 10:53:10 ----A---- C:\Windows\system32\msexch40.dll
2013-11-06 10:53:10 ----A---- C:\Windows\system32\IasMigReader.exe
2013-11-06 10:53:10 ----A---- C:\Windows\system32\diagperf.dll
2013-11-06 10:53:09 ----A---- C:\Windows\system32\winload.exe
2013-11-06 10:53:09 ----A---- C:\Windows\system32\uDWM.dll
2013-11-06 10:53:09 ----A---- C:\Windows\system32\mmc.exe
2013-11-06 10:53:09 ----A---- C:\Windows\system32\mblctr.exe
2013-11-06 10:53:08 ----A---- C:\Windows\system32\riched20.dll
2013-11-06 10:53:08 ----A---- C:\Windows\system32\RacEngn.dll
2013-11-06 10:53:08 ----A---- C:\Windows\system32\IasMigPlugin.dll
2013-11-06 10:53:08 ----A---- C:\Windows\system32\fdBth.dll
2013-11-06 10:53:08 ----A---- C:\Windows\system32\dfsr.exe
2013-11-06 10:53:05 ----A---- C:\Windows\system32\SearchFilterHost.exe
2013-11-06 10:53:04 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2013-11-06 10:53:02 ----A---- C:\Windows\system32\milcore.dll
2013-11-06 10:53:02 ----A---- C:\Windows\system32\EhStorAPI.dll
2013-11-06 10:53:02 ----A---- C:\Windows\system32\CertEnroll.dll
2013-11-06 10:53:00 ----A---- C:\Windows\system32\spoolss.dll
2013-11-06 10:53:00 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2013-11-06 10:52:59 ----A---- C:\Windows\system32\msvcp60.dll
2013-11-06 10:52:59 ----A---- C:\Windows\system32\msjtes40.dll
2013-11-06 10:52:59 ----A---- C:\Windows\system32\gpedit.dll
2013-11-06 10:52:59 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2013-11-06 10:52:58 ----A---- C:\Windows\system32\WinSAT.exe
2013-11-06 10:52:58 ----A---- C:\Windows\system32\infocardapi.dll
2013-11-06 10:52:57 ----A---- C:\Windows\system32\PresentationSettings.exe
2013-11-06 10:52:57 ----A---- C:\Windows\system32\mstext40.dll
2013-11-06 10:52:57 ----A---- C:\Windows\system32\Magnify.exe
2013-11-06 10:52:57 ----A---- C:\Windows\system32\es.dll
2013-11-06 10:52:57 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2013-11-06 10:52:57 ----A---- C:\Windows\system32\advapi32.dll
2013-11-06 10:52:55 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2013-11-06 10:52:55 ----A---- C:\Windows\system32\WebClnt.dll
2013-11-06 10:52:55 ----A---- C:\Windows\system32\slwmi.dll
2013-11-06 10:52:55 ----A---- C:\Windows\system32\msxbde40.dll
2013-11-06 10:52:55 ----A---- C:\Windows\system32\msexcl40.dll
2013-11-06 10:52:55 ----A---- C:\Windows\system32\comsvcs.dll
2013-11-06 10:52:54 ----A---- C:\Windows\system32\vssapi.dll
2013-11-06 10:52:54 ----A---- C:\Windows\system32\authui.dll
2013-11-06 10:52:53 ----A---- C:\Windows\system32\NetProjW.dll
2013-11-06 10:52:52 ----A---- C:\Windows\system32\propsys.dll
2013-11-06 10:52:52 ----A---- C:\Windows\system32\newdev.dll
2013-11-06 10:52:52 ----A---- C:\Windows\system32\msrepl40.dll
2013-11-06 10:52:51 ----A---- C:\Windows\system32\setupapi.dll
2013-11-06 10:52:51 ----A---- C:\Windows\system32\rpcss.dll
2013-11-06 10:52:51 ----A---- C:\Windows\system32\iasrecst.dll
2013-11-06 10:52:51 ----A---- C:\Windows\system32\gpsvc.dll
2013-11-06 10:52:51 ----A---- C:\Windows\system32\eudcedit.exe
2013-11-06 10:52:51 ----A---- C:\Windows\explorer.exe
2013-11-06 10:52:50 ----A---- C:\Windows\system32\mspbde40.dll
2013-11-06 10:52:50 ----A---- C:\Windows\system32\msltus40.dll
2013-11-06 10:52:50 ----A---- C:\Windows\system32\davclnt.dll
2013-11-06 10:52:50 ----A---- C:\Windows\system32\d3d9.dll
2013-11-06 10:52:49 ----A---- C:\Windows\system32\wevtapi.dll
2013-11-06 10:52:49 ----A---- C:\Windows\system32\msrd3x40.dll
2013-11-06 10:52:49 ----A---- C:\Windows\system32\msdtctm.dll
2013-11-06 10:52:49 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2013-11-06 10:52:49 ----A---- C:\Windows\system32\EhStorAuthn.dll
2013-11-06 10:52:49 ----A---- C:\Windows\system32\browseui.dll
2013-11-06 10:52:48 ----A---- C:\Windows\system32\photowiz.dll
2013-11-06 10:52:48 ----A---- C:\Windows\system32\nlhtml.dll
2013-11-06 10:52:47 ----A---- C:\Windows\system32\user32.dll
2013-11-06 10:52:45 ----A---- C:\Windows\system32\samsrv.dll
2013-11-06 10:52:45 ----A---- C:\Windows\system32\ci.dll
2013-11-06 10:52:44 ----A---- C:\Windows\system32\WcnNetsh.dll
2013-11-06 10:52:44 ----A---- C:\Windows\system32\SLCommDlg.dll
2013-11-06 10:52:43 ----A---- C:\Windows\system32\netshell.dll
2013-11-06 10:52:43 ----A---- C:\Windows\system32\IKEEXT.DLL
2013-11-06 10:52:43 ----A---- C:\Windows\system32\compcln.exe
2013-11-06 10:52:43 ----A---- C:\Windows\system32\apds.dll
2013-11-06 10:52:42 ----A---- C:\Windows\system32\xmlfilter.dll
2013-11-06 10:52:42 ----A---- C:\Windows\system32\mswstr10.dll
2013-11-06 10:52:42 ----A---- C:\Windows\system32\audiosrv.dll
2013-11-06 10:52:41 ----A---- C:\Windows\system32\QAGENTRT.DLL
2013-11-06 10:52:41 ----A---- C:\Windows\system32\msctf.dll
2013-11-06 10:52:41 ----A---- C:\Windows\system32\gdi32.dll
2013-11-06 10:52:41 ----A---- C:\Windows\system32\emdmgmt.dll
2013-11-06 10:52:40 ----A---- C:\Windows\system32\VSSVC.exe
2013-11-06 10:52:40 ----A---- C:\Windows\system32\SLUI.exe
2013-11-06 10:52:40 ----A---- C:\Windows\system32\msrd2x40.dll
2013-11-06 10:52:40 ----A---- C:\Windows\system32\eapphost.dll
2013-11-06 10:52:39 ----A---- C:\Windows\system32\winresume.exe
2013-11-06 10:52:39 ----A---- C:\Windows\system32\sqlsrv32.dll
2013-11-06 10:52:39 ----A---- C:\Windows\system32\propdefs.dll
2013-11-06 10:52:38 ----A---- C:\Windows\system32\wevtutil.exe
2013-11-06 10:52:38 ----A---- C:\Windows\system32\mssitlb.dll
2013-11-06 10:52:38 ----A---- C:\Windows\system32\dbgeng.dll
2013-11-06 10:52:35 ----A---- C:\Windows\system32\swprv.dll
2013-11-06 10:52:35 ----A---- C:\Windows\system32\mmcndmgr.dll
2013-11-06 10:52:33 ----A---- C:\Windows\system32\vds.exe
2013-11-06 10:52:32 ----A---- C:\Windows\system32\netlogon.dll
2013-11-06 10:52:32 ----A---- C:\Windows\system32\msctfp.dll
2013-11-06 10:52:32 ----A---- C:\Windows\system32\fdBthProxy.dll
2013-11-06 10:52:32 ----A---- C:\Windows\system32\drvinst.exe
2013-11-06 10:52:32 ----A---- C:\Windows\system32\devmgr.dll
2013-11-06 10:52:31 ----A---- C:\Windows\system32\msscb.dll
2013-11-06 10:52:31 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2013-11-06 10:52:31 ----A---- C:\Windows\system32\BFE.DLL
2013-11-06 10:52:31 ----A---- C:\Windows\system32\autochk.exe
2013-11-06 10:52:31 ----A---- C:\Windows\system32\adsldpc.dll
2013-11-06 10:52:30 ----A---- C:\Windows\system32\wcnwiz.dll
2013-11-06 10:52:30 ----A---- C:\Windows\system32\evr.dll
2013-11-06 10:52:29 ----A---- C:\Windows\system32\Wldap32.dll
2013-11-06 10:52:28 ----A---- C:\Windows\system32\WMVSDECD.DLL
2013-11-06 10:52:26 ----A---- C:\Windows\system32\wercon.exe
2013-11-06 10:52:26 ----A---- C:\Windows\system32\services.exe
2013-11-06 10:52:25 ----A---- C:\Windows\system32\wcncsvc.dll
2013-11-06 10:52:25 ----A---- C:\Windows\system32\mimefilt.dll
2013-11-06 10:52:25 ----A---- C:\Windows\system32\comdlg32.dll
2013-11-06 10:52:25 ----A---- C:\Windows\system32\adtschema.dll
2013-11-06 10:52:24 ----A---- C:\Windows\system32\msdtcprx.dll
2013-11-06 10:52:24 ----A---- C:\Windows\system32\certcli.dll
2013-11-06 10:52:23 ----A---- C:\Windows\system32\rtffilt.dll
2013-11-06 10:52:23 ----A---- C:\Windows\system32\reg.exe
2013-11-06 10:52:23 ----A---- C:\Windows\system32\mswdat10.dll
2013-11-06 10:52:23 ----A---- C:\Windows\system32\msjter40.dll
2013-11-06 10:52:23 ----A---- C:\Windows\system32\ipsmsnap.dll
2013-11-06 10:52:22 ----A---- C:\Windows\system32\WMNetMgr.dll
2013-11-06 10:52:22 ----A---- C:\Windows\system32\w32time.dll
2013-11-06 10:52:22 ----A---- C:\Windows\system32\umpnpmgr.dll
2013-11-06 10:52:22 ----A---- C:\Windows\system32\IPSECSVC.DLL
2013-11-06 10:52:21 ----A---- C:\Windows\system32\rsaenh.dll
2013-11-06 10:52:21 ----A---- C:\Windows\system32\msshooks.dll
2013-11-06 10:52:21 ----A---- C:\Windows\system32\msscntrs.dll
2013-11-06 10:52:21 ----A---- C:\Windows\system32\bthserv.dll
2013-11-06 10:52:21 ----A---- C:\Windows\system32\bcrypt.dll
2013-11-06 10:52:20 ----A---- C:\Windows\system32\TsWpfWrp.exe
2013-11-06 10:52:20 ----A---- C:\Windows\system32\msstrc.dll
2013-11-06 10:52:20 ----A---- C:\Windows\system32\msihnd.dll
2013-11-06 10:52:20 ----A---- C:\Windows\system32\MMDevAPI.dll
2013-11-06 10:52:19 ----A---- C:\Windows\system32\mtxclu.dll
2013-11-06 10:52:19 ----A---- C:\Windows\system32\mscories.dll
2013-11-06 10:52:19 ----A---- C:\Windows\system32\inetpp.dll
2013-11-06 10:52:19 ----A---- C:\Windows\system32\hidserv.dll
2013-11-06 10:52:19 ----A---- C:\Windows\system32\fundisc.dll
2013-11-06 10:52:19 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2013-11-06 10:52:18 ----A---- C:\Windows\system32\termsrv.dll
2013-11-06 10:52:18 ----A---- C:\Windows\system32\profsvc.dll
2013-11-06 10:52:14 ----A---- C:\Windows\system32\wdc.dll
2013-11-06 10:52:14 ----A---- C:\Windows\system32\msiexec.exe
2013-11-06 10:52:14 ----A---- C:\Windows\system32\imapi.dll
2013-11-06 10:52:14 ----A---- C:\Windows\system32\chsbrkr.dll
2013-11-06 10:52:13 ----A---- C:\Windows\system32\scrrun.dll
2013-11-06 10:52:13 ----A---- C:\Windows\system32\rasmans.dll
2013-11-06 10:52:13 ----A---- C:\Windows\system32\pnidui.dll
2013-11-06 10:52:13 ----A---- C:\Windows\system32\icardres.dll
2013-11-06 10:52:13 ----A---- C:\Windows\system32\iassdo.dll
2013-11-06 10:52:13 ----A---- C:\Windows\system32\autofmt.exe
2013-11-06 10:52:12 ----A---- C:\Windows\system32\wersvc.dll
2013-11-06 10:52:12 ----A---- C:\Windows\system32\slmgr.vbs
2013-11-06 10:52:12 ----A---- C:\Windows\system32\PSHED.DLL
2013-11-06 10:52:12 ----A---- C:\Windows\system32\pdh.dll
2013-11-06 10:52:12 ----A---- C:\Windows\system32\dhcpcsvc.dll
2013-11-06 10:52:12 ----A---- C:\Windows\system32\CertEnrollUI.dll
2013-11-06 10:52:12 ----A---- C:\Windows\system32\azroles.dll
2013-11-06 10:52:11 ----A---- C:\Windows\system32\winlogon.exe
2013-11-06 10:52:11 ----A---- C:\Windows\system32\SyncCenter.dll
2013-11-06 10:52:11 ----A---- C:\Windows\system32\pidgenx.dll
2013-11-06 10:52:10 ----A---- C:\Windows\system32\SLUINotify.dll
2013-11-06 10:52:10 ----A---- C:\Windows\system32\msjetoledb40.dll
2013-11-06 10:52:10 ----A---- C:\Windows\system32\comuid.dll
2013-11-06 10:52:10 ----A---- C:\Windows\system32\certmgr.dll
2013-11-06 10:52:09 ----A---- C:\Windows\system32\wisptis.exe
2013-11-06 10:52:09 ----A---- C:\Windows\system32\untfs.dll
2013-11-06 10:52:09 ----A---- C:\Windows\system32\spp.dll
2013-11-06 10:52:09 ----A---- C:\Windows\system32\sethc.exe
2013-11-06 10:52:09 ----A---- C:\Windows\system32\scrobj.dll
2013-11-06 10:52:09 ----A---- C:\Windows\system32\kd1394.dll
2013-11-06 10:52:09 ----A---- C:\Windows\system32\iassam.dll
2013-11-06 10:52:09 ----A---- C:\Windows\system32\dwm.exe
2013-11-06 10:52:08 ----A---- C:\Windows\system32\printui.dll
2013-11-06 10:52:08 ----A---- C:\Windows\system32\iasnap.dll
2013-11-06 10:52:08 ----A---- C:\Windows\system32\autoconv.exe
2013-11-06 10:52:07 ----A---- C:\Windows\system32\onex.dll
2013-11-06 10:52:07 ----A---- C:\Windows\system32\kdcom.dll
2013-11-06 10:52:07 ----A---- C:\Windows\system32\cscript.exe
2013-11-06 10:52:07 ----A---- C:\Windows\system32\basecsp.dll
2013-11-06 10:52:06 ----A---- C:\Windows\system32\wow32.dll
2013-11-06 10:52:06 ----A---- C:\Windows\system32\userenv.dll
2013-11-06 10:52:06 ----A---- C:\Windows\system32\osk.exe
2013-11-06 10:52:06 ----A---- C:\Windows\system32\mswsock.dll
2013-11-06 10:52:06 ----A---- C:\Windows\system32\audiodg.exe
2013-11-06 10:52:05 ----A---- C:\Windows\system32\RelMon.dll
2013-11-06 10:52:05 ----A---- C:\Windows\system32\kdusb.dll
2013-11-06 10:52:04 ----A---- C:\Windows\system32\WinSCard.dll
2013-11-06 10:52:04 ----A---- C:\Windows\system32\WerFaultSecure.exe
2013-11-06 10:52:04 ----A---- C:\Windows\system32\spcmsg.dll
2013-11-06 10:52:04 ----A---- C:\Windows\system32\offfilt.dll
2013-11-06 10:52:04 ----A---- C:\Windows\system32\msftedit.dll
2013-11-06 10:52:02 ----A---- C:\Windows\system32\wsepno.dll
2013-11-06 10:52:02 ----A---- C:\Windows\system32\WerFault.exe
2013-11-06 10:52:02 ----A---- C:\Windows\system32\Utilman.exe
2013-11-06 10:52:02 ----A---- C:\Windows\system32\diskraid.exe
2013-11-06 10:52:01 ----A---- C:\Windows\system32\SndVol.exe
2013-11-06 10:52:01 ----A---- C:\Windows\system32\msnetobj.dll
2013-11-06 10:52:01 ----A---- C:\Windows\system32\mscms.dll
2013-11-06 10:52:01 ----A---- C:\Windows\system32\mcmde.dll
2013-11-06 10:52:01 ----A---- C:\Windows\system32\apphelp.dll
2013-11-06 10:52:01 ----A---- C:\Windows\system32\adsmsext.dll
2013-11-06 10:52:00 ----A---- C:\Windows\system32\wscript.exe
2013-11-06 10:52:00 ----A---- C:\Windows\system32\wiaservc.dll
2013-11-06 10:52:00 ----A---- C:\Windows\system32\ulib.dll
2013-11-06 10:52:00 ----A---- C:\Windows\system32\sysclass.dll
2013-11-06 10:52:00 ----A---- C:\Windows\system32\prnntfy.dll
2013-11-06 10:52:00 ----A---- C:\Windows\system32\odbccp32.dll
2013-11-06 10:52:00 ----A---- C:\Windows\system32\iasdatastore.dll
2013-11-06 10:51:59 ----A---- C:\Windows\system32\dsound.dll
2013-11-06 10:51:56 ----A---- C:\Windows\system32\cryptui.dll
2013-11-06 10:51:55 ----A---- C:\Windows\system32\wscntfy.dll
2013-11-06 10:51:55 ----A---- C:\Windows\system32\rastapi.dll
2013-11-06 10:51:55 ----A---- C:\Windows\system32\pnpsetup.dll
2013-11-06 10:51:55 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2013-11-06 10:51:55 ----A---- C:\Windows\system32\fdProxy.dll
2013-11-06 10:51:54 ----A---- C:\Windows\system32\wscsvc.dll
2013-11-06 10:51:54 ----A---- C:\Windows\system32\WMVENCOD.DLL
2013-11-06 10:51:54 ----A---- C:\Windows\system32\wlangpui.dll
2013-11-06 10:51:54 ----A---- C:\Windows\system32\vdsdyn.dll
2013-11-06 10:51:54 ----A---- C:\Windows\system32\logman.exe
2013-11-06 10:51:54 ----A---- C:\Windows\system32\ipsecsnp.dll
2013-11-06 10:51:54 ----A---- C:\Windows\system32\iashlpr.dll
2013-11-06 10:51:54 ----A---- C:\Windows\system32\gpapi.dll
2013-11-06 10:51:54 ----A---- C:\Windows\system32\diskpart.exe
2013-11-06 10:51:54 ----A---- C:\Windows\system32\brcpl.dll
2013-11-06 10:51:53 ----A---- C:\Windows\system32\zipfldr.dll
2013-11-06 10:51:53 ----A---- C:\Windows\system32\wusa.exe
2013-11-06 10:51:53 ----A---- C:\Windows\system32\regsvc.dll
2013-11-06 10:51:53 ----A---- C:\Windows\system32\rasapi32.dll
2013-11-06 10:51:53 ----A---- C:\Windows\system32\ntprint.dll
2013-11-06 10:51:53 ----A---- C:\Windows\system32\mscorier.dll
2013-11-06 10:51:53 ----A---- C:\Windows\system32\iasrad.dll
2013-11-06 10:51:53 ----A---- C:\Windows\system32\findstr.exe
2013-11-06 10:51:52 ----A---- C:\Windows\system32\wshext.dll
2013-11-06 10:51:52 ----A---- C:\Windows\system32\wpccpl.dll
2013-11-06 10:51:52 ----A---- C:\Windows\system32\rasdlg.dll
2013-11-06 10:51:52 ----A---- C:\Windows\system32\netcenter.dll
2013-11-06 10:51:51 ----A---- C:\Windows\system32\wsnmp32.dll
2013-11-06 10:51:51 ----A---- C:\Windows\system32\wer.dll
2013-11-06 10:51:51 ----A---- C:\Windows\system32\themecpl.dll
2013-11-06 10:51:51 ----A---- C:\Windows\system32\iassvcs.dll
2013-11-06 10:51:50 ----A---- C:\Windows\system32\uxsms.dll
2013-11-06 10:51:50 ----A---- C:\Windows\system32\mssprxy.dll
2013-11-06 10:51:49 ----A---- C:\Windows\system32\slcc.dll
2013-11-06 10:51:49 ----A---- C:\Windows\system32\scansetting.dll
2013-11-06 10:51:49 ----A---- C:\Windows\system32\ntmarta.dll
2013-11-06 10:51:49 ----A---- C:\Windows\system32\msutb.dll
2013-11-06 10:51:49 ----A---- C:\Windows\system32\mstlsapi.dll
2013-11-06 10:51:49 ----A---- C:\Windows\system32\iasads.dll
2013-11-06 10:51:48 ----A---- C:\Windows\system32\powrprof.dll
2013-11-06 10:51:48 ----A---- C:\Windows\system32\powercpl.dll
2013-11-06 10:51:48 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2013-11-06 10:51:48 ----A---- C:\Windows\system32\networkmap.dll
2013-11-06 10:51:48 ----A---- C:\Windows\system32\iasacct.dll
2013-11-06 10:51:48 ----A---- C:\Windows\system32\authz.dll
2013-11-06 10:51:47 ----A---- C:\Windows\system32\systemcpl.dll
2013-11-06 10:51:47 ----A---- C:\Windows\system32\sud.dll
2013-11-06 10:51:47 ----A---- C:\Windows\system32\newdev.exe
2013-11-06 10:51:47 ----A---- C:\Windows\system32\dot3svc.dll
2013-11-06 10:51:47 ----A---- C:\Windows\system32\connect.dll
2013-11-06 10:51:46 ----A---- C:\Windows\system32\winrsmgr.dll
2013-11-06 10:51:46 ----A---- C:\Windows\system32\usercpl.dll
2013-11-06 10:51:46 ----A---- C:\Windows\system32\samlib.dll
2013-11-06 10:51:46 ----A---- C:\Windows\system32\pcaui.dll
2013-11-06 10:51:46 ----A---- C:\Windows\system32\mmci.dll
2013-11-06 10:51:46 ----A---- C:\Windows\system32\accessibilitycpl.dll
2013-11-06 10:51:45 ----A---- C:\Windows\system32\wlanpref.dll
2013-11-06 10:51:45 ----A---- C:\Windows\system32\autoplay.dll
2013-11-06 10:51:44 ----A---- C:\Windows\system32\wpcao.dll
2013-11-06 10:51:44 ----A---- C:\Windows\system32\rpchttp.dll
2013-11-06 10:51:44 ----A---- C:\Windows\system32\regapi.dll
2013-11-06 10:51:44 ----A---- C:\Windows\system32\msinfo32.exe
2013-11-06 10:51:43 ----A---- C:\Windows\system32\vdsutil.dll
2013-11-06 10:51:43 ----A---- C:\Windows\system32\tapisrv.dll
2013-11-06 10:51:43 ----A---- C:\Windows\system32\scksp.dll
2013-11-06 10:51:43 ----A---- C:\Windows\system32\scesrv.dll
2013-11-06 10:51:43 ----A---- C:\Windows\system32\mpr.dll
2013-11-06 10:51:43 ----A---- C:\Windows\system32\feclient.dll
2013-11-06 10:51:42 ----A---- C:\Windows\system32\oleprn.dll
2013-11-06 10:51:42 ----A---- C:\Windows\system32\imm32.dll
2013-11-06 10:51:42 ----A---- C:\Windows\system32\dot3msm.dll
2013-11-06 10:51:42 ----A---- C:\Windows\system32\AudioSes.dll
2013-11-06 10:51:41 ----A---- C:\Windows\system32\wscisvif.dll
2013-11-06 10:51:41 ----A---- C:\Windows\system32\rekeywiz.exe
2013-11-06 10:51:41 ----A---- C:\Windows\system32\ncryptui.dll
2013-11-06 10:51:41 ----A---- C:\Windows\system32\iaspolcy.dll
2013-11-06 10:51:41 ----A---- C:\Windows\system32\Faultrep.dll
2013-11-06 10:51:41 ----A---- C:\Windows\system32\dpapimig.exe
2013-11-06 10:51:41 ----A---- C:\Windows\system32\DeviceEject.exe
2013-11-06 10:51:40 ----A---- C:\Windows\system32\TSTheme.exe
2013-11-06 10:51:40 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-06 10:51:40 ----A---- C:\Windows\system32\scecli.dll
2013-11-06 10:51:40 ----A---- C:\Windows\system32\rasplap.dll
2013-11-06 10:51:40 ----A---- C:\Windows\system32\rasgcw.dll
2013-11-06 10:51:40 ----A---- C:\Windows\system32\pnpui.dll
2013-11-06 10:51:40 ----A---- C:\Windows\system32\perfdisk.dll
2013-11-06 10:51:40 ----A---- C:\Windows\system32\hdwwiz.exe
2013-11-06 10:51:40 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2013-11-06 10:51:40 ----A---- C:\Windows\system32\certreq.exe
2013-11-06 10:51:39 ----A---- C:\Windows\system32\wsmprovhost.exe
2013-11-06 10:51:39 ----A---- C:\Windows\system32\winrshost.exe
2013-11-06 10:51:39 ----A---- C:\Windows\system32\winrs.exe
2013-11-06 10:51:39 ----A---- C:\Windows\system32\whealogr.dll
2013-11-06 10:51:39 ----A---- C:\Windows\system32\tcpmon.dll
2013-11-06 10:51:39 ----A---- C:\Windows\system32\tcpipcfg.dll
2013-11-06 10:51:39 ----A---- C:\Windows\system32\spwinsat.dll
2013-11-06 10:51:39 ----A---- C:\Windows\system32\PnPUnattend.exe
2013-11-06 10:51:39 ----A---- C:\Windows\system32\fdWSD.dll
2013-11-06 10:51:39 ----A---- C:\Windows\system32\cmmon32.exe
2013-11-06 10:51:38 ----A---- C:\Windows\system32\wsmplpxy.dll
2013-11-06 10:51:38 ----A---- C:\Windows\system32\winrssrv.dll
2013-11-06 10:51:38 ----A---- C:\Windows\system32\srcore.dll
2013-11-06 10:51:38 ----A---- C:\Windows\system32\cmdial32.dll
2013-11-06 10:51:37 ----A---- C:\Windows\system32\conime.exe
2013-11-06 10:51:36 ----A---- C:\Windows\system32\WsmRes.dll
2013-11-06 10:51:36 ----A---- C:\Windows\system32\wevtfwd.dll
2013-11-06 10:51:36 ----A---- C:\Windows\system32\wecutil.exe
2013-11-06 10:51:36 ----A---- C:\Windows\system32\wecsvc.dll
2013-11-06 10:51:36 ----A---- C:\Windows\system32\wecapi.dll
2013-11-06 10:51:36 ----A---- C:\Windows\system32\SCardSvr.dll
2013-11-06 10:51:36 ----A---- C:\Windows\system32\pwrshplugin.dll
2013-11-06 10:51:35 ----A---- C:\Windows\system32\SnippingTool.exe
2013-11-06 10:51:35 ----A---- C:\Windows\system32\raschap.dll
2013-11-06 10:51:35 ----A---- C:\Windows\system32\MSVidCtl.dll
2013-11-06 10:51:35 ----A---- C:\Windows\system32\fontext.dll
2013-11-06 10:51:34 ----A---- C:\Windows\system32\wiaaut.dll
2013-11-06 10:51:33 ----A---- C:\Windows\system32\WMVXENCD.DLL
2013-11-06 10:51:33 ----A---- C:\Windows\system32\wlanui.dll
2013-11-06 10:51:33 ----A---- C:\Windows\system32\winrm.vbs
2013-11-06 10:51:33 ----A---- C:\Windows\system32\shwebsvc.dll
2013-11-06 10:51:33 ----A---- C:\Windows\system32\rasppp.dll
2013-11-06 10:51:33 ----A---- C:\Windows\system32\PnPutil.exe
2013-11-06 10:51:33 ----A---- C:\Windows\system32\dsprop.dll
2013-11-06 10:51:33 ----A---- C:\Windows\system32\dimsroam.dll
2013-11-06 10:51:32 ----A---- C:\Windows\system32\WsmWmiPl.dll
2013-11-06 10:51:32 ----A---- C:\Windows\system32\WsmAuto.dll
2013-11-06 10:51:32 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2013-11-06 10:51:32 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2013-11-06 10:51:32 ----A---- C:\Windows\system32\winrscmd.dll
2013-11-06 10:51:32 ----A---- C:\Windows\system32\shsetup.dll
2013-11-06 10:51:32 ----A---- C:\Windows\system32\rasmontr.dll
2013-11-06 10:51:32 ----A---- C:\Windows\system32\oobefldr.dll
2013-11-06 10:51:32 ----A---- C:\Windows\system32\mscandui.dll
2013-11-06 10:51:32 ----A---- C:\Windows\system32\modemui.dll
2013-11-06 10:51:31 ----A---- C:\Windows\system32\WsmSvc.dll
2013-11-06 10:51:31 ----A---- C:\Windows\system32\wmdrmsdk.dll
2013-11-06 10:51:31 ----A---- C:\Windows\system32\wlgpclnt.dll
2013-11-06 10:51:31 ----A---- C:\Windows\system32\rdpwsx.dll
2013-11-06 10:51:31 ----A---- C:\Windows\system32\chtbrkr.dll
2013-11-06 10:51:31 ----A---- C:\Windows\system32\dataclen.dll
2013-11-06 10:51:31 ----A---- C:\Windows\system32\blackbox.dll
2013-11-06 10:51:30 ----A---- C:\Windows\system32\WSDMon.dll
2013-11-06 10:51:30 ----A---- C:\Windows\system32\wmpeffects.dll
2013-11-06 10:51:30 ----A---- C:\Windows\system32\networkexplorer.dll
2013-11-06 10:51:30 ----A---- C:\Windows\system32\netplwiz.dll
2013-11-06 10:51:30 ----A---- C:\Windows\system32\credui.dll
2013-11-06 10:51:30 ----A---- C:\Windows\system32\certprop.dll
2013-11-06 10:51:29 ----A---- C:\Windows\system32\wpcsvc.dll
2013-11-06 10:51:29 ----A---- C:\Windows\system32\msscp.dll
2013-11-06 10:51:29 ----A---- C:\Windows\system32\logagent.exe
2013-11-06 10:51:29 ----A---- C:\Windows\system32\InkEd.dll
2013-11-06 10:51:29 ----A---- C:\Windows\system32\ifmon.dll
2013-11-06 10:51:29 ----A---- C:\Windows\system32\gpresult.exe
2013-11-06 10:51:29 ----A---- C:\Windows\system32\cipher.exe
2013-11-06 10:51:28 ----A---- C:\Windows\system32\wscapi.dll
2013-11-06 10:51:28 ----A---- C:\Windows\system32\thawbrkr.dll
2013-11-06 10:51:28 ----A---- C:\Windows\system32\softkbd.dll
2013-11-06 10:51:28 ----A---- C:\Windows\system32\sendmail.dll
2013-11-06 10:51:28 ----A---- C:\Windows\system32\msimtf.dll
2013-11-06 10:51:27 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2013-11-06 10:51:26 ----A---- C:\Windows\system32\puiapi.dll
2013-11-06 10:51:26 ----A---- C:\Windows\system32\olepro32.dll
2013-11-06 10:51:26 ----A---- C:\Windows\system32\msctfui.dll
2013-11-06 10:51:26 ----A---- C:\Windows\system32\drmmgrtn.dll
2013-11-06 10:51:26 ----A---- C:\Windows\system32\dmsynth.dll
2013-11-06 10:51:25 ----A---- C:\Windows\system32\wshbth.dll
2013-11-06 10:51:25 ----A---- C:\Windows\system32\version.dll
2013-11-06 10:51:25 ----A---- C:\Windows\system32\SLLUA.exe
2013-11-06 10:51:25 ----A---- C:\Windows\system32\msisip.dll
2013-11-06 10:51:25 ----A---- C:\Windows\system32\mprapi.dll
2013-11-06 10:51:25 ----A---- C:\Windows\system32\input.dll
2013-11-06 10:51:25 ----A---- C:\Windows\system32\fc.exe
2013-11-06 10:51:25 ----A---- C:\Windows\system32\ExplorerFrame.dll
2013-11-06 10:51:24 ----A---- C:\Windows\system32\msjint40.dll
2013-11-06 10:51:24 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2013-11-06 10:51:24 ----A---- C:\Windows\system32\l2nacp.dll
2013-11-06 10:51:24 ----A---- C:\Windows\system32\ftp.exe
2013-11-06 10:51:24 ----A---- C:\Windows\system32\fdSSDP.dll
2013-11-06 10:51:24 ----A---- C:\Windows\system32\eapp3hst.dll
2013-11-06 10:51:24 ----A---- C:\Windows\system32\dmusic.dll
2013-11-06 10:51:24 ----A---- C:\Windows\system32\cscapi.dll
2013-11-06 10:51:23 ----A---- C:\Windows\system32\wsdchngr.dll
2013-11-06 10:51:23 ----A---- C:\Windows\system32\Storprop.dll
2013-11-06 10:51:23 ----A---- C:\Windows\system32\SMBHelperClass.dll
2013-11-06 10:51:23 ----A---- C:\Windows\system32\rasdial.exe
2013-11-06 10:51:23 ----A---- C:\Windows\system32\rasdiag.dll
2013-11-06 10:51:23 ----A---- C:\Windows\system32\fdWCN.dll
2013-11-06 10:51:23 ----A---- C:\Windows\system32\dot3cfg.dll
2013-11-06 10:51:23 ----A---- C:\Windows\system32\cscdll.dll
2013-11-06 10:51:23 ----A---- C:\Windows\system32\bthudtask.exe
2013-11-06 10:51:23 ----A---- C:\Windows\system32\bthci.dll
2013-11-06 10:51:22 ----A---- C:\Windows\system32\slcinst.dll
2013-11-06 10:51:22 ----A---- C:\Windows\system32\nslookup.exe
2013-11-06 10:51:22 ----A---- C:\Windows\system32\networkitemfactory.dll
2013-11-06 10:51:22 ----A---- C:\Windows\system32\ipconfig.exe
2013-11-06 10:51:22 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2013-11-06 10:51:22 ----A---- C:\Windows\system32\eappcfg.dll
2013-11-06 10:51:21 ----A---- C:\Windows\system32\PNPXAssoc.dll
2013-11-06 10:51:21 ----A---- C:\Windows\system32\ocsetup.exe
2013-11-06 10:51:21 ----A---- C:\Windows\system32\mmcico.dll
2013-11-06 10:51:21 ----A---- C:\Windows\system32\hbaapi.dll
2013-11-06 10:51:21 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2013-11-06 10:51:21 ----A---- C:\Windows\system32\fdeploy.dll
2013-11-06 10:51:21 ----A---- C:\Windows\system32\eappgnui.dll
2013-11-06 10:51:20 ----A---- C:\Windows\system32\iscsilog.dll
2013-11-06 10:51:20 ----A---- C:\Windows\system32\gpupdate.exe
2013-11-06 10:51:20 ----A---- C:\Windows\system32\csrstub.exe
2013-11-06 10:51:20 ----A---- C:\Windows\system32\cbsra.exe
2013-11-06 10:51:20 ----A---- C:\Windows\system32\bitsigd.dll
2013-11-06 10:51:19 ----A---- C:\Windows\system32\vdmdbg.dll
2013-11-06 10:51:19 ----A---- C:\Windows\system32\slwga.dll
2013-11-06 10:51:19 ----A---- C:\Windows\system32\odbcconf.dll
2013-11-06 10:51:19 ----A---- C:\Windows\system32\NcdProp.dll
2013-11-06 10:51:19 ----A---- C:\Windows\system32\inetppui.dll
2013-11-06 10:51:18 ----A---- C:\Windows\system32\winrnr.dll
2013-11-06 10:51:18 ----A---- C:\Windows\system32\midimap.dll
2013-11-06 10:51:15 ----A---- C:\Windows\system32\msimsg.dll
2013-11-06 10:51:15 ----A---- C:\Windows\system32\f3ahvoas.dll
2013-11-06 10:50:32 ----A---- C:\Windows\system32\SmiEngine.dll
2013-11-06 10:50:21 ----A---- C:\Windows\system32\wdscore.dll
2013-11-06 10:50:21 ----A---- C:\Windows\system32\PkgMgr.exe
2013-11-06 10:49:48 ----A---- C:\Windows\system32\drvstore.dll
2013-11-06 10:44:47 ----A---- C:\Windows\system32\shsvcs.dll
2013-11-06 10:44:32 ----A---- C:\Windows\system32\wmp.dll
2013-11-06 10:44:29 ----A---- C:\Windows\system32\wmploc.DLL
2013-11-06 10:44:29 ----A---- C:\Windows\system32\spwmp.dll
2013-11-06 10:44:29 ----A---- C:\Windows\system32\dxmasf.dll
2013-11-06 10:44:16 ----A---- C:\Windows\system32\odbc32.dll
2013-11-06 10:44:13 ----A---- C:\Windows\system32\wlansvc.dll
2013-11-06 10:44:13 ----A---- C:\Windows\system32\wlanmsm.dll
2013-11-06 10:44:13 ----A---- C:\Windows\system32\wlanhlp.dll
2013-11-06 10:44:12 ----A---- C:\Windows\system32\wlansec.dll
2013-11-06 10:44:12 ----A---- C:\Windows\system32\wlanapi.dll
2013-11-06 10:44:12 ----A---- C:\Windows\system32\L2SecHC.dll
2013-11-06 10:44:02 ----A---- C:\Windows\system32\netiohlp.dll
2013-11-06 10:44:01 ----A---- C:\Windows\system32\TCPSVCS.EXE
2013-11-06 10:44:01 ----A---- C:\Windows\system32\ROUTE.EXE
2013-11-06 10:44:01 ----A---- C:\Windows\system32\NETSTAT.EXE
2013-11-06 10:44:01 ----A---- C:\Windows\system32\MRINFO.EXE
2013-11-06 10:44:01 ----A---- C:\Windows\system32\HOSTNAME.EXE
2013-11-06 10:44:01 ----A---- C:\Windows\system32\finger.exe
2013-11-06 10:44:01 ----A---- C:\Windows\system32\ARP.EXE
2013-11-06 10:43:43 ----A---- C:\Windows\system32\WMVCORE.DLL
2013-11-06 10:43:41 ----A---- C:\Windows\system32\rrinstaller.exe
2013-11-06 10:43:41 ----A---- C:\Windows\system32\mfpmp.exe
2013-11-06 10:43:41 ----A---- C:\Windows\system32\mferror.dll
2013-11-06 10:43:39 ----A---- C:\Windows\system32\msv1_0.dll
2013-11-06 10:43:37 ----A---- C:\Windows\system32\mfc40u.dll
2013-11-06 10:43:37 ----A---- C:\Windows\system32\mfc40.dll
2013-11-06 10:43:25 ----A---- C:\Windows\system32\iccvid.dll
2013-11-06 10:43:23 ----A---- C:\Windows\system32\usp10.dll
2013-11-06 10:43:22 ----A---- C:\Windows\system32\lpk.dll
2013-11-06 10:43:22 ----A---- C:\Windows\system32\fontsub.dll
2013-11-06 10:43:22 ----A---- C:\Windows\system32\dciman32.dll
2013-11-06 10:43:21 ----A---- C:\Windows\system32\ole32.dll
2013-11-06 10:43:13 ----A---- C:\Windows\system32\dnsrslvr.dll
2013-11-06 10:43:13 ----A---- C:\Windows\system32\dnscacheugc.exe
2013-11-06 10:43:13 ----A---- C:\Windows\system32\dnsapi.dll
2013-11-06 10:43:12 ----A---- C:\Windows\system32\spoolsv.exe
2013-11-06 10:43:09 ----A---- C:\Windows\system32\t2embed.dll
2013-11-06 10:43:08 ----A---- C:\Windows\system32\mfc42u.dll
2013-11-06 10:43:08 ----A---- C:\Windows\system32\mfc42.dll
2013-11-06 10:43:07 ----A---- C:\Windows\system32\sdclt.exe
2013-11-06 10:43:05 ----A---- C:\Windows\system32\atl.dll
2013-11-06 10:43:05 ----A---- C:\Windows\system32\asycfilt.dll
2013-11-06 10:42:45 ----A---- C:\Windows\system32\wkssvc.dll
2013-11-06 10:42:35 ----A---- C:\Windows\system32\rtutils.dll
2013-11-06 10:42:34 ----A---- C:\Windows\system32\MP4SDECD.DLL
2013-11-06 10:40:48 ----A---- C:\Windows\system32\secproc_isv.dll
2013-11-06 10:40:48 ----A---- C:\Windows\system32\secproc.dll
2013-11-06 10:40:48 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2013-11-06 10:40:48 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2013-11-06 10:40:48 ----A---- C:\Windows\system32\RMActivate_isv.exe
2013-11-06 10:40:48 ----A---- C:\Windows\system32\RMActivate.exe
2013-11-06 10:40:47 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2013-11-06 10:40:47 ----A---- C:\Windows\system32\secproc_ssp.dll
2013-11-06 10:40:47 ----A---- C:\Windows\system32\msdrm.dll
2013-11-06 10:40:43 ----A---- C:\Windows\system32\gameux.dll
2013-11-06 10:40:43 ----A---- C:\Windows\system32\Apphlpdm.dll
2013-11-06 10:40:42 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2013-11-06 10:39:50 ----A---- C:\Windows\system32\tsgqec.dll
2013-11-06 10:39:50 ----A---- C:\Windows\system32\tscupgrd.exe
2013-11-06 10:39:50 ----A---- C:\Windows\system32\mstsc.exe
2013-11-06 10:39:50 ----A---- C:\Windows\system32\aaclient.dll
2013-11-06 10:39:48 ----A---- C:\Windows\system32\wdigest.dll
2013-11-06 10:39:48 ----A---- C:\Windows\system32\kerberos.dll
2013-11-06 10:38:44 ----A---- C:\Windows\system32\iphlpsvc.dll
2013-11-06 10:38:06 ----A---- C:\Windows\system32\unregmp2.exe
2013-11-06 10:36:46 ----A---- C:\Windows\system32\wmpdxm.dll
2013-11-06 10:35:48 ----A---- C:\Windows\system32\taskschd.dll
2013-11-06 10:35:48 ----A---- C:\Windows\system32\schedsvc.dll
2013-11-06 10:35:47 ----A---- C:\Windows\system32\wmicmiplugin.dll
2013-11-06 10:35:47 ----A---- C:\Windows\system32\taskeng.exe
2013-11-06 10:35:47 ----A---- C:\Windows\system32\taskcomp.dll
2013-11-06 10:32:43 ----A---- C:\Windows\system32\tsbyuv.dll
2013-11-06 10:32:43 ----A---- C:\Windows\system32\msyuv.dll
2013-11-06 10:32:43 ----A---- C:\Windows\system32\msvidc32.dll
2013-11-06 10:32:43 ----A---- C:\Windows\system32\msrle32.dll
2013-11-06 10:32:42 ----A---- C:\Windows\system32\msvfw32.dll
2013-11-06 10:32:42 ----A---- C:\Windows\system32\mciavi32.dll
2013-11-06 10:32:42 ----A---- C:\Windows\system32\iyuv_32.dll
2013-11-06 10:32:42 ----A---- C:\Windows\system32\avifil32.dll
2013-11-06 10:30:12 ----A---- C:\Windows\system32\wmpmde.dll
2013-11-06 10:30:11 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2013-11-06 10:30:10 ----A---- C:\Windows\system32\WSDApi.dll
2013-11-06 10:30:06 ----A---- C:\Windows\system32\sbeio.dll
2013-11-06 10:30:06 ----A---- C:\Windows\system32\sbe.dll
2013-11-06 10:30:00 ----A---- C:\Windows\system32\consent.exe
2013-11-06 10:29:59 ----A---- C:\Windows\system32\inetcomm.dll
2013-11-06 10:29:57 ----A---- C:\Windows\system32\msasn1.dll
2013-11-06 10:29:34 ----A---- C:\Windows\system32\rastls.dll
2013-11-06 10:08:13 ----D---- C:\Windows\system32\MRT
2013-11-06 10:07:48 ----A---- C:\Windows\system32\browserchoice.exe
2013-11-06 10:07:12 ----A---- C:\Windows\system32\nshhttp.dll
2013-11-06 10:07:10 ----A---- C:\Windows\system32\httpapi.dll
2013-11-06 10:01:25 ----N---- C:\Windows\system32\MpSigStub.exe
2013-11-06 09:57:15 ----A---- C:\Windows\system32\cabview.dll
2013-11-06 09:48:41 ----A---- C:\Windows\system32\agremove.exe
2013-11-06 08:38:25 ----D---- C:\Users\Alenka\AppData\Roaming\Macromedia
2013-11-06 08:38:02 ----D---- C:\Users\Alenka\AppData\Roaming\Identities
2013-11-06 08:34:28 ----DC---- C:\Windows\system32\DRVSTORE
2013-11-06 08:33:41 ----A---- C:\Windows\system32\d3dx9_32.dll
2013-11-06 08:31:34 ----D---- C:\Program Files\Common Files\Windows Live
2013-11-06 08:29:51 ----D---- C:\Program Files\Adobe
2013-11-06 08:27:24 ----SD---- C:\Users\Alenka\AppData\Roaming\Microsoft
2013-11-06 08:27:24 ----D---- C:\Users\Alenka\AppData\Roaming\Media Center Programs

======List of files/folders modified in the last 1 months======

2013-11-08 13:17:21 ----RD---- C:\Program Files
2013-11-08 13:17:15 ----D---- C:\Windows\Temp
2013-11-08 13:09:46 ----D---- C:\Windows\winsxs
2013-11-08 12:31:49 ----D---- C:\Windows\System32
2013-11-08 12:31:49 ----D---- C:\Windows\inf
2013-11-08 12:31:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-11-08 12:30:01 ----D---- C:\Windows\rescache
2013-11-08 09:17:35 ----D---- C:\Windows\Panther
2013-11-08 09:17:31 ----D---- C:\Windows\Logs
2013-11-08 09:17:31 ----D---- C:\Windows
2013-11-08 08:36:13 ----D---- C:\Windows\Microsoft.NET
2013-11-08 08:36:12 ----RSD---- C:\Windows\assembly
2013-11-08 08:30:05 ----D---- C:\Windows\system32\WDI
2013-11-08 00:54:42 ----SHD---- C:\Windows\Installer
2013-11-08 00:54:33 ----D---- C:\Program Files\Common Files
2013-11-08 00:54:27 ----HD---- C:\ProgramData
2013-11-08 00:49:31 ----D---- C:\Windows\system32\catroot
2013-11-08 00:49:20 ----D---- C:\Windows\system32\catroot2
2013-11-08 00:43:24 ----D---- C:\Windows\system32\el-GR
2013-11-07 22:54:23 ----RSD---- C:\Windows\Fonts
2013-11-07 22:45:26 ----D---- C:\Windows\system32\Tasks
2013-11-07 22:40:38 ----D---- C:\Windows\system32\sk-SK
2013-11-07 22:40:38 ----D---- C:\Windows\system32\ro-RO
2013-11-07 22:40:38 ----D---- C:\Windows\system32\en-US
2013-11-07 22:40:38 ----D---- C:\Windows\system32\cs-CZ
2013-11-07 22:40:36 ----D---- C:\Windows\system32\drivers
2013-11-07 22:40:35 ----D---- C:\Windows\AppPatch
2013-11-07 22:40:35 ----D---- C:\Program Files\Internet Explorer
2013-11-07 22:40:25 ----D---- C:\Windows\system32\wbem
2013-11-07 22:40:22 ----D---- C:\Windows\system32\zh-TW
2013-11-07 22:40:22 ----D---- C:\Windows\system32\uk-UA
2013-11-07 22:40:22 ----D---- C:\Windows\system32\tr-TR
2013-11-07 22:40:22 ----D---- C:\Windows\system32\th-TH
2013-11-07 22:40:22 ----D---- C:\Windows\system32\sv-SE
2013-11-07 22:40:22 ----D---- C:\Windows\system32\sr-Latn-CS
2013-11-07 22:40:22 ----D---- C:\Windows\system32\sl-SI
2013-11-07 22:40:22 ----D---- C:\Windows\system32\pt-PT
2013-11-07 22:40:22 ----D---- C:\Windows\system32\pt-BR
2013-11-07 22:40:22 ----D---- C:\Windows\system32\pl-PL
2013-11-07 22:40:22 ----D---- C:\Windows\system32\nl-NL
2013-11-07 22:40:22 ----D---- C:\Windows\system32\nb-NO
2013-11-07 22:40:22 ----D---- C:\Windows\system32\lv-LV
2013-11-07 22:40:22 ----D---- C:\Windows\system32\lt-LT
2013-11-07 22:40:22 ----D---- C:\Windows\system32\ko-KR
2013-11-07 22:40:22 ----D---- C:\Windows\system32\ja-JP
2013-11-07 22:40:22 ----D---- C:\Windows\system32\it-IT
2013-11-07 22:40:22 ----D---- C:\Windows\system32\hu-HU
2013-11-07 22:40:22 ----D---- C:\Windows\system32\hr-HR
2013-11-07 22:40:22 ----D---- C:\Windows\system32\he-IL
2013-11-07 22:40:22 ----D---- C:\Windows\system32\fr-FR
2013-11-07 22:40:22 ----D---- C:\Windows\system32\fi-FI
2013-11-07 22:40:22 ----D---- C:\Windows\system32\et-EE
2013-11-07 22:40:22 ----D---- C:\Windows\system32\es-ES
2013-11-07 22:40:22 ----D---- C:\Windows\system32\de-DE
2013-11-07 22:40:22 ----D---- C:\Windows\system32\da-DK
2013-11-07 22:40:22 ----D---- C:\Windows\system32\bg-BG
2013-11-07 22:40:22 ----D---- C:\Windows\system32\ar-SA
2013-11-07 22:40:21 ----D---- C:\Windows\system32\zh-HK
2013-11-07 22:40:21 ----D---- C:\Windows\system32\zh-CN
2013-11-07 22:40:21 ----D---- C:\Windows\system32\ru-RU
2013-11-07 22:39:56 ----RD---- C:\Windows\Offline Web Pages
2013-11-07 22:39:56 ----D---- C:\Windows\system32\migration
2013-11-07 22:39:56 ----D---- C:\Windows\PolicyDefinitions
2013-11-07 22:39:48 ----SD---- C:\Windows\Downloaded Program Files
2013-11-07 22:39:37 ----D---- C:\Windows\system32\XPSViewer
2013-11-07 22:39:37 ----D---- C:\Windows\ehome
2013-11-07 22:39:35 ----D---- C:\Program Files\Windows Mail
2013-11-07 22:39:24 ----D---- C:\Program Files\Common Files\System
2013-11-07 22:39:14 ----D---- C:\Program Files\Windows Journal
2013-11-07 20:33:15 ----D---- C:\Windows\Prefetch
2013-11-06 23:51:19 ----D---- C:\Program Files\Google
2013-11-06 23:51:01 ----D---- C:\Windows\Tasks
2013-11-06 23:42:06 ----SD---- C:\ProgramData\Microsoft
2013-11-06 23:02:38 ----D---- C:\Windows\system32\Asus_Camera_ScreenSaver dir
2013-11-06 22:59:50 ----D---- C:\Program Files\ASUS
2013-11-06 22:56:02 ----D---- C:\Program Files\CyberLink
2013-11-06 22:55:20 ----HD---- C:\Program Files\InstallShield Installation Information
2013-11-06 22:48:25 ----D---- C:\Program Files\Common Files\microsoft shared
2013-11-06 22:33:15 ----D---- C:\Program Files\Common Files\PX Storage Engine
2013-11-06 22:22:43 ----A---- C:\Windows\system32\acovcnt.exe
2013-11-06 22:14:02 ----D---- C:\ProgramData\Norton
2013-11-06 21:53:37 ----D---- C:\ProgramData\Microsoft Help
2013-11-06 21:53:23 ----D---- C:\Program Files\Microsoft.NET
2013-11-06 21:53:18 ----D---- C:\Windows\ShellNew
2013-11-06 21:49:06 ----A---- C:\Windows\win.ini
2013-11-06 21:46:37 ----D---- C:\Windows\Debug
2013-11-06 20:59:42 ----D---- C:\Windows\system32\NDF
2013-11-06 15:54:42 ----SHD---- C:\Boot
2013-11-06 15:48:11 ----D---- C:\Program Files\Windows Calendar
2013-11-06 15:48:11 ----D---- C:\Program Files\Movie Maker
2013-11-06 15:48:09 ----D---- C:\Program Files\Windows Sidebar
2013-11-06 15:48:08 ----D---- C:\Program Files\Windows Media Player
2013-11-06 15:48:07 ----D---- C:\Program Files\Windows Photo Gallery
2013-11-06 15:48:07 ----D---- C:\Program Files\Windows Collaboration
2013-11-06 15:47:58 ----D---- C:\Windows\servicing
2013-11-06 15:47:58 ----D---- C:\Program Files\Windows Defender
2013-11-06 15:47:38 ----D---- C:\Windows\IME
2013-11-06 15:47:27 ----D---- C:\Windows\system32\oobe
2013-11-06 15:47:23 ----D---- C:\Windows\system32\setup
2013-11-06 15:47:23 ----D---- C:\Windows\system32\cs
2013-11-06 15:47:23 ----D---- C:\Windows\system32\AdvancedInstallers
2013-11-06 15:47:20 ----D---- C:\Windows\system32\SLUI
2013-11-06 15:47:19 ----D---- C:\Windows\system32\en
2013-11-06 15:47:18 ----D---- C:\Windows\system32\manifeststore
2013-11-06 15:47:11 ----D---- C:\Windows\system32\migwiz
2013-11-06 15:46:22 ----D---- C:\Windows\system32\Boot
2013-11-06 09:56:46 ----D---- C:\Windows\SoftwareDistribution
2013-11-06 08:38:19 ----SHD---- C:\$RECYCLE.BIN
2013-11-06 08:30:10 ----D---- C:\ProgramData\Adobe
2013-11-06 08:29:56 ----D---- C:\Program Files\Common Files\Adobe
2013-11-06 08:27:24 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2013-10-10 137208]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2013-10-10 37352]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2011-06-21 32768]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2013-10-10 28520]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2013-06-13 452120]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2013-10-10 89376]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-20 1093120]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 CRFILTER;USB Mass Storage Filter; C:\Windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-03-13 140800]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-11-03 13880]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-12-16 48128]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2008-12-24 14392]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-08-11 1752704]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound; C:\Windows\system32\drivers\srs_PremiumSound_i386.sys [2009-01-14 230952]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-03-20 984064]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S1 SRTSP;SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS []
S1 SRTSPX;SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS []
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 131000]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2013-10-10 440392]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2013-10-10 440392]
R2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-10-10 1164360]
R2 APNMCP;Ask Update Service; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-10-23 166352]
R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2008-08-14 100920]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [2013-04-08 1320496]
R2 PDF Architect Service;PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [2013-04-08 799280]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files\Spyware Terminator\st_rsser.exe [2013-10-22 587912]
R2 vsmon;TrueVector Internet Monitor; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2013-10-25 2445816]
R2 ZAPrivacyService;ZoneAlarm Privacy Service; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-10-15 50704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-06 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-07-25 162672]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-06 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-26 119408]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]

-----------------EOF-----------------

Re: vir v NB

Napsal: 08 lis 2013 18:19
od Rudy
Zdravím!
Nejprve zkuste otestovat soubor C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe online na www.virustotal.com . Výsledek oznamte.

Re: vir v NB

Napsal: 08 lis 2013 21:54
od David7
ANALYSIS
SHA256: 2d2651b13451c5c4a8518d05e008226382cbb367d5aab417637a47db0e4aa229
SHA1: a9e15cf39619faa1804b71dc111c0ad5f7c33ba9
MD5: a07584d982c7cff303eba84a1ad17252
File size: 627.5 KB ( 642560 bytes )
File name: autochk.exe
File type: Win32 EXE
Detection ratio: 25 / 47
Analysis date: 2013-11-08 20:40:00 UTC ( 0 minut ago )

FILE DETAIL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-04-01 19:50:33
Link date 8:50 PM 4/1/2008
Entry Point 0x000016CE
Number of sections 4
PE sections
Name Virtual address Virtual size Raw size Entropy MD5
.text 4096 2510 2560 6.08 f79fa0ab6012b0cfd746ed67fad8d973
.cdata 8192 17408 17408 6.01 47e9891857e39bad056e14461de82289
.mdata 28672 768 1024 1.92 8b50b3fcd1631955ab9eaa6e7d218145
.reloc 32768 96 512 1.50 87d172432d9bd3f5d77c15a1143104ee

ADDITIONAL INFORMATION
File identification
MD5 a07584d982c7cff303eba84a1ad17252
SHA1 a9e15cf39619faa1804b71dc111c0ad5f7c33ba9
SHA256 2d2651b13451c5c4a8518d05e008226382cbb367d5aab417637a47db0e4aa229
ssdeep12288:cWVDqlaA/v5Lze6Z02L7lN2/07qCAEC6+sPZ/AhFN:cWVDq1X5HL22W/8qCvX+sah3
File size 627.5 KB ( 642560 bytes )
File type Win32 EXE
Magic literalPE32 executable for MS Windows (native) Intel 80386 32-bit
TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
VirusTotal metadata
First submission 2012-10-14 20:22:58 UTC ( 1 rok ago )
Last submission 2013-11-08 20:40:00 UTC ( 9 minut ago )
File names autochk.exe
autochk.exe
autochk.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight



V příloze je tisk obrazovky

Re: vir v NB

Napsal: 08 lis 2013 22:25
od Rudy
OK. Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Re: vir v NB

Napsal: 08 lis 2013 22:59
od David7
ComboFix 13-11-07.01 - Alenka 08.11.2013 22:46:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3036.1184 [GMT 1:00]
Spuštěný z: c:\users\Alenka\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Alenka\AppData\Local\uninstall.tmp
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-08 do 2013-11-08 )))))))))))))))))))))))))))))))
.
.
2013-11-08 21:53 . 2013-11-08 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-08 12:17 . 2013-11-08 12:17 -------- d-----w- c:\program files\trend micro
2013-11-08 12:17 . 2013-11-08 12:17 -------- d-----w- C:\rsit
2013-11-07 23:54 . 2013-11-07 23:54 -------- d-----w- c:\program files\Common Files\Skype
2013-11-07 23:54 . 2013-11-07 23:54 -------- d-----r- c:\program files\Skype
2013-11-07 23:54 . 2013-11-07 23:54 -------- d-----w- c:\programdata\Skype
2013-11-07 22:50 . 2013-11-07 22:50 -------- d-----w- c:\program files\PDF Architect
2013-11-07 22:49 . 2013-04-09 14:13 95416 ----a-w- c:\windows\system32\pdfcmon.dll
2013-11-07 22:49 . 2013-01-09 14:52 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2013-11-07 22:49 . 2012-05-05 10:54 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2013-11-07 22:49 . 2012-05-05 10:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2013-11-07 22:49 . 2013-11-08 08:17 -------- d-----w- c:\program files\PDFCreator
2013-11-07 22:49 . 2012-05-05 10:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2013-11-07 22:41 . 2013-11-07 22:45 -------- d-----w- c:\program files\IrfanView
2013-11-07 22:36 . 2013-11-07 22:37 -------- d-----w- c:\program files\7-Zip
2013-11-07 22:30 . 2013-11-07 22:32 -------- d-----w- c:\program files\GIMP 2
2013-11-07 22:22 . 2013-11-07 22:27 -------- d-----w- c:\programdata\Ashampoo
2013-11-07 22:22 . 2013-11-07 22:22 -------- d-----w- c:\program files\Ashampoo
2013-11-07 22:21 . 2013-11-07 22:21 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-11-07 22:09 . 2013-11-07 22:09 -------- d-----w- c:\program files\VideoLAN
2013-11-07 21:57 . 2013-11-07 21:58 -------- d-----w- C:\totalcmd
2013-11-07 21:54 . 2013-11-07 21:54 -------- d-----w- c:\program files\LibreOffice 4
2013-11-07 21:40 . 2013-11-07 21:40 -------- d-----w- c:\program files\Windows Portable Devices
2013-11-07 21:40 . 2013-11-07 21:40 -------- d-----w- c:\windows\system32\drivers\UMDF\sk-SK
2013-11-07 21:40 . 2013-11-07 21:40 -------- d-----w- c:\windows\system32\drivers\UMDF\ro-RO
2013-11-07 21:26 . 2013-09-23 20:01 304128 ----a-w- c:\program files\Internet Explorer\ieuser.exe
2013-11-07 21:13 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2013-11-07 21:13 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2013-11-07 21:13 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2013-11-07 21:09 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2013-11-07 21:09 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2013-11-07 21:09 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2013-11-07 21:09 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2013-11-07 21:09 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2013-11-07 21:09 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2013-11-07 21:09 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2013-11-07 21:09 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2013-11-07 21:09 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2013-11-07 21:09 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2013-11-07 21:09 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2013-11-07 21:09 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2013-11-07 20:51 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2013-11-07 20:51 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 20:51 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-11-07 20:37 . 2013-11-07 20:37 586240 ----a-w- c:\windows\system32\stobject.dll
2013-11-07 20:23 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-11-07 20:23 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-11-07 20:23 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-11-07 20:23 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-11-07 20:23 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-11-07 20:23 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2013-11-07 20:23 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-11-07 20:23 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-11-07 20:23 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-11-07 20:23 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-11-07 20:06 . 2013-08-29 07:36 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-11-07 20:06 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2013-11-07 20:06 . 2013-07-05 03:20 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-11-07 20:06 . 2013-07-05 01:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-11-07 20:06 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2013-11-07 20:06 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-07 20:05 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2013-11-07 20:05 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-11-07 20:05 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-11-07 20:05 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-07 20:05 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-11-07 20:05 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2013-11-07 20:05 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2013-11-07 20:05 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-11-07 20:05 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2013-11-07 20:03 . 2013-06-26 23:01 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-11-07 20:02 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-11-07 19:44 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2013-11-07 19:33 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-11-07 19:33 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-11-07 19:33 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-11-07 19:33 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-11-07 19:33 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-11-07 19:33 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-11-07 19:33 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-11-07 19:33 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-11-07 19:33 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-11-06 23:24 . 2013-11-06 23:24 -------- d-----w- c:\programdata\AskPartnerNetwork
2013-11-06 23:24 . 2013-11-06 23:24 -------- d-----w- c:\program files\AskPartnerNetwork
2013-11-06 23:22 . 2013-11-06 23:22 -------- d-----w- c:\programdata\APN
2013-11-06 22:13 . 2013-11-06 22:13 -------- d-----w- c:\programdata\ASUS
2013-11-06 21:54 . 2013-11-06 21:54 -------- d-----w- c:\users\Public\CyberLink
2013-11-06 21:54 . 2013-11-06 22:08 -------- d-----w- c:\programdata\LightScribe
2013-11-06 20:45 . 2013-11-06 20:45 -------- d-----w- c:\program files\CCleaner
2013-11-06 15:07 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-11-06 15:07 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2013-11-06 15:07 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2013-11-06 15:07 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2013-11-06 15:07 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2013-11-06 14:46 . 2013-11-06 14:47 -------- d-----w- c:\windows\system32\ca-ES
2013-11-06 14:46 . 2013-11-06 14:47 -------- d-----w- c:\windows\system32\eu-ES
2013-11-06 14:46 . 2013-11-06 14:47 -------- d-----w- c:\windows\system32\vi-VN
2013-11-06 13:59 . 2013-11-06 13:59 -------- d-----w- c:\windows\system32\EventProviders
2013-11-06 10:54 . 2013-11-06 10:54 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-11-06 09:52 . 2009-04-11 06:28 406528 ----a-w- c:\windows\system32\msvcp60.dll
2013-11-06 09:51 . 2009-04-11 06:28 444416 ----a-w- c:\windows\system32\dsound.dll
2013-11-06 09:50 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2013-11-06 09:50 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2013-11-06 09:50 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2013-11-06 09:50 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2013-11-06 09:50 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2013-11-06 09:50 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-11-06 09:50 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2013-11-06 09:50 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2013-11-06 09:50 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2013-11-06 09:50 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2013-11-06 09:49 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2013-11-06 09:42 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-11-06 09:42 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-11-06 09:42 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2013-11-06 09:42 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2013-11-06 09:42 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2013-11-06 09:42 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2013-11-06 09:42 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2013-11-06 09:42 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2013-11-06 09:42 . 2009-04-11 06:28 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2013-11-06 09:42 . 2009-04-11 06:28 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll
2013-11-06 09:42 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-06 09:42 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2013-11-06 09:42 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-07 20:38 . 2013-11-07 20:38 203776 ----a-w- c:\windows\system32\webcheck.dll
2013-11-07 20:37 . 2013-11-07 20:37 4096 ----a-w- c:\windows\system32\drivers\sk-SK\dxgkrnl.sys.mui
2013-11-07 20:37 . 2013-11-07 20:37 4096 ----a-w- c:\windows\system32\drivers\ro-RO\dxgkrnl.sys.mui
2013-11-07 20:37 . 2013-11-07 20:37 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2013-11-07 20:37 . 2013-11-07 20:37 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\dxgkrnl.sys.mui
2013-11-06 21:22 . 2009-07-27 15:52 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-09-24 03:07 . 2013-11-07 21:26 53760 ----a-w- c:\windows\apppatch\iebrshim.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-10-23 18:43 12240 ----a-w- c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-10-23 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-03-20 3261688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-03-23 17149952]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-09-30 237568]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-27 3054136]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-03-06 424352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-25 73832]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2013-10-22 2777736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-10-10 681032]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-10-23 1673680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-06 22:51 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-06 22:50]
.
2013-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-06 22:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=en&gu=c39a2a5de1cd4455a335afc44e093ed1&tu=10G9y00At2C01g0&sku=&tstsId=&ver=&
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Alenka\AppData\Roaming\Mozilla\Firefox\Profiles\ydsgxzdp.default\
FF - ExtSQL: 2013-11-07 21:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-08 22:53
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2013-11-08 22:54:50
ComboFix-quarantined-files.txt 2013-11-08 21:54
.
Před spuštěním: Volných bajtů: 130 723 885 056
Po spuštění: Volných bajtů: 130 777 874 432
.
- - End Of File - - 87E488DBE6BB8F8464E4456325937E7A
64B1E91C5C6C2157642651010728F90F

Re: vir v NB

Napsal: 08 lis 2013 23:05
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Collect::
c:\windows\system32\acovcnt.exe

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\AskPartnerNetwork

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"=-
[-HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: vir v NB

Napsal: 08 lis 2013 23:37
od David7
nepovedlo se odeslat soubor na web pro ověření malware. Mám udělat ručně.


ComboFix 13-11-07.01 - Alenka 08.11.2013 23:15:53.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3036.1321 [GMT 1:00]
Spuštěný z: c:\users\Alenka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Alenka\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
file zipped: c:\windows\system32\acovcnt.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AskPartnerNetwork
c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe
c:\program files\AskPartnerNetwork\Toolbar\APNSetup.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1031.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1033.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1034.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1036.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1040.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1041.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1043.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1045.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1049.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\2070.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.6.0_AVIRA-V7.msi
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\ToolbarCR.crx
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
c:\program files\AskPartnerNetwork\Toolbar\searchhook.dll
c:\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe
c:\program files\AskPartnerNetwork\Toolbar\SO.dll
c:\program files\AskPartnerNetwork\Toolbar\toolbar.dll
c:\program files\AskPartnerNetwork\Toolbar\Toolbar.exe
c:\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll
c:\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe
c:\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml
c:\program files\AskPartnerNetwork\Toolbar\Updater\AVIRA-V7\config.xml
c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
c:\windows\system32\acovcnt.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_APNMCP
-------\Service_APNMCP
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-08 do 2013-11-08 )))))))))))))))))))))))))))))))
.
.
2013-11-08 12:17 . 2013-11-08 12:17 -------- d-----w- c:\program files\trend micro
2013-11-08 12:17 . 2013-11-08 12:17 -------- d-----w- C:\rsit
2013-11-07 23:54 . 2013-11-07 23:54 -------- d-----w- c:\program files\Common Files\Skype
2013-11-07 23:54 . 2013-11-07 23:54 -------- d-----r- c:\program files\Skype
2013-11-07 23:54 . 2013-11-07 23:54 -------- d-----w- c:\programdata\Skype
2013-11-07 22:50 . 2013-11-07 22:50 -------- d-----w- c:\program files\PDF Architect
2013-11-07 22:49 . 2013-04-09 14:13 95416 ----a-w- c:\windows\system32\pdfcmon.dll
2013-11-07 22:49 . 2013-01-09 14:52 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2013-11-07 22:49 . 2012-05-05 10:54 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2013-11-07 22:49 . 2012-05-05 10:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2013-11-07 22:49 . 2013-11-08 08:17 -------- d-----w- c:\program files\PDFCreator
2013-11-07 22:49 . 2012-05-05 10:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2013-11-07 22:41 . 2013-11-07 22:45 -------- d-----w- c:\program files\IrfanView
2013-11-07 22:36 . 2013-11-07 22:37 -------- d-----w- c:\program files\7-Zip
2013-11-07 22:30 . 2013-11-07 22:32 -------- d-----w- c:\program files\GIMP 2
2013-11-07 22:22 . 2013-11-07 22:27 -------- d-----w- c:\programdata\Ashampoo
2013-11-07 22:22 . 2013-11-07 22:22 -------- d-----w- c:\program files\Ashampoo
2013-11-07 22:21 . 2013-11-07 22:21 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-11-07 22:09 . 2013-11-07 22:09 -------- d-----w- c:\program files\VideoLAN
2013-11-07 21:57 . 2013-11-07 21:58 -------- d-----w- C:\totalcmd
2013-11-07 21:54 . 2013-11-07 21:54 -------- d-----w- c:\program files\LibreOffice 4
2013-11-07 21:40 . 2013-11-07 21:40 -------- d-----w- c:\program files\Windows Portable Devices
2013-11-07 21:40 . 2013-11-07 21:40 -------- d-----w- c:\windows\system32\drivers\UMDF\sk-SK
2013-11-07 21:40 . 2013-11-07 21:40 -------- d-----w- c:\windows\system32\drivers\UMDF\ro-RO
2013-11-07 21:26 . 2013-09-23 20:01 304128 ----a-w- c:\program files\Internet Explorer\ieuser.exe
2013-11-07 21:13 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2013-11-07 21:13 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2013-11-07 21:13 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2013-11-07 21:09 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2013-11-07 21:09 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2013-11-07 21:09 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2013-11-07 21:09 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2013-11-07 21:09 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2013-11-07 21:09 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2013-11-07 21:09 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2013-11-07 21:09 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2013-11-07 21:09 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2013-11-07 21:09 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2013-11-07 21:09 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2013-11-07 21:09 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2013-11-07 20:51 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2013-11-07 20:51 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 20:51 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-11-07 20:37 . 2013-11-07 20:37 586240 ----a-w- c:\windows\system32\stobject.dll
2013-11-07 20:23 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-11-07 20:23 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-11-07 20:23 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-11-07 20:23 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-11-07 20:23 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-11-07 20:23 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2013-11-07 20:23 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-11-07 20:23 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-11-07 20:23 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-11-07 20:23 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-11-07 20:06 . 2013-08-29 07:36 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-11-07 20:06 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2013-11-07 20:06 . 2013-07-05 03:20 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-11-07 20:06 . 2013-07-05 01:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-11-07 20:06 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2013-11-07 20:06 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-07 20:05 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2013-11-07 20:05 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-11-07 20:05 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-11-07 20:05 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-07 20:05 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-11-07 20:05 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2013-11-07 20:05 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2013-11-07 20:05 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-11-07 20:05 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2013-11-07 20:03 . 2013-06-26 23:01 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-11-07 20:02 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-11-07 19:44 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2013-11-07 19:33 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-11-07 19:33 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-11-07 19:33 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-11-07 19:33 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-11-07 19:33 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-11-07 19:33 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-11-07 19:33 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-11-07 19:33 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-11-07 19:33 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-11-06 23:24 . 2013-11-06 23:24 -------- d-----w- c:\programdata\AskPartnerNetwork
2013-11-06 23:22 . 2013-11-06 23:22 -------- d-----w- c:\programdata\APN
2013-11-06 22:13 . 2013-11-06 22:13 -------- d-----w- c:\programdata\ASUS
2013-11-06 21:54 . 2013-11-06 21:54 -------- d-----w- c:\users\Public\CyberLink
2013-11-06 21:54 . 2013-11-06 22:08 -------- d-----w- c:\programdata\LightScribe
2013-11-06 20:45 . 2013-11-06 20:45 -------- d-----w- c:\program files\CCleaner
2013-11-06 15:07 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-11-06 15:07 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2013-11-06 15:07 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2013-11-06 15:07 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2013-11-06 15:07 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2013-11-06 14:46 . 2013-11-06 14:47 -------- d-----w- c:\windows\system32\ca-ES
2013-11-06 14:46 . 2013-11-06 14:47 -------- d-----w- c:\windows\system32\eu-ES
2013-11-06 14:46 . 2013-11-06 14:47 -------- d-----w- c:\windows\system32\vi-VN
2013-11-06 13:59 . 2013-11-06 13:59 -------- d-----w- c:\windows\system32\EventProviders
2013-11-06 10:54 . 2013-11-06 10:54 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-11-06 09:52 . 2009-04-11 06:28 406528 ----a-w- c:\windows\system32\msvcp60.dll
2013-11-06 09:51 . 2009-04-11 06:28 444416 ----a-w- c:\windows\system32\dsound.dll
2013-11-06 09:50 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2013-11-06 09:50 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2013-11-06 09:50 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2013-11-06 09:50 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2013-11-06 09:50 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2013-11-06 09:50 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-11-06 09:50 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2013-11-06 09:50 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2013-11-06 09:50 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2013-11-06 09:50 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2013-11-06 09:49 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2013-11-06 09:42 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-11-06 09:42 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-11-06 09:42 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2013-11-06 09:42 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2013-11-06 09:42 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2013-11-06 09:42 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2013-11-06 09:42 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2013-11-06 09:42 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2013-11-06 09:42 . 2009-04-11 06:28 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2013-11-06 09:42 . 2009-04-11 06:28 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll
2013-11-06 09:42 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-06 09:42 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2013-11-06 09:42 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2013-11-06 09:40 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2013-11-06 09:40 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-07 20:38 . 2013-11-07 20:38 203776 ----a-w- c:\windows\system32\webcheck.dll
2013-11-07 20:37 . 2013-11-07 20:37 4096 ----a-w- c:\windows\system32\drivers\sk-SK\dxgkrnl.sys.mui
2013-11-07 20:37 . 2013-11-07 20:37 4096 ----a-w- c:\windows\system32\drivers\ro-RO\dxgkrnl.sys.mui
2013-11-07 20:37 . 2013-11-07 20:37 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2013-11-07 20:37 . 2013-11-07 20:37 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\dxgkrnl.sys.mui
2013-09-24 03:07 . 2013-11-07 21:26 53760 ----a-w- c:\windows\apppatch\iebrshim.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-03-20 3261688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-03-23 17149952]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-09-30 237568]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-27 3054136]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-03-06 424352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-25 73832]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2013-10-22 2777736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-10-10 681032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-06 22:51 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=en&gu=c39a2a5de1cd4455a335afc44e093ed1&tu=10G9y00At2C01g0&sku=&tstsId=&ver=&
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Alenka\AppData\Roaming\Mozilla\Firefox\Profiles\ydsgxzdp.default\
FF - ExtSQL: 2013-11-07 21:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-ApnTBMon - c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-08 23:25
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\WLANExt.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\PDF Architect\HelperService.exe
c:\program files\PDF Architect\ConversionService.exe
c:\program files\Spyware Terminator\st_rsser.exe
c:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\mcbuilder.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2013-11-08 23:29:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-08 22:29
ComboFix2.txt 2013-11-08 21:54
.
Před spuštěním: Volných bajtů: 130 789 466 112
Po spuštění: Volných bajtů: 130 555 121 664
.
- - End Of File - - 0D78C41FDFDF8D2E1C4C2FE20C9A080E
64B1E91C5C6C2157642651010728F90F

Re: vir v NB

Napsal: 08 lis 2013 23:41
od David7
analýza z webu (Zašlete vzorky malware Bleeping Computeru k další analýze. )


Malware Submission
Your file was successfully submitted. Please let the user helping you know that you have submitted the file.

Re: vir v NB

Napsal: 09 lis 2013 11:16
od Rudy
Nemusíte, zřejmě mají nějaký problém na serveru. Jinak vše smazáno.

Re: vir v NB

Napsal: 09 lis 2013 18:57
od David7
Avira mi hlásí pořád problém s tím souborem autochk.exe

Mám to ignorovat a brát to tak, že je to chybná detekce?

Re: vir v NB

Napsal: 09 lis 2013 19:24
od Rudy
Spusťte znovu CF tímto skriptem:
KillAll::

Collect::
C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: vir v NB

Napsal: 09 lis 2013 20:28
od David7
zase se automaticky nepovedlo poslat vzorky malware Bleeping Computeru k další analýze.

Odeslal jsem ho ručně, akorát nevím, jak vytáhnout výsledek. Zobrazuje se mi jen:
Malware Submission
Your file was successfully submitted. Please let the user helping you know that you have submitted the file.


ComboFix 13-11-07.01 - Alenka 09.11.2013 20:07:47.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3036.1674 [GMT 1:00]
Spuštěný z: c:\users\Alenka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Alenka\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
file zipped: c:\windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-09 do 2013-11-09 )))))))))))))))))))))))))))))))
.
.
2013-11-09 19:13 . 2013-11-09 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-08 20:51 . 2013-08-27 01:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-11-08 20:51 . 2013-08-27 02:47 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-11-08 20:51 . 2013-08-27 02:47 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-11-08 20:51 . 2013-08-27 02:47 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-11-08 20:51 . 2013-08-27 02:47 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-11-08 20:51 . 2013-08-27 01:50 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-11-08 20:51 . 2013-08-27 01:32 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-11-08 20:51 . 2013-08-27 01:28 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-11-08 20:51 . 2013-08-27 01:28 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-11-08 20:51 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2013-11-08 12:17 . 2013-11-08 12:17 -------- d-----w- c:\program files\trend micro
2013-11-08 12:17 . 2013-11-08 12:17 -------- d-----w- C:\rsit
2013-11-07 23:54 . 2013-11-07 23:54 -------- d-----w- c:\program files\Common Files\Skype
2013-11-07 23:54 . 2013-11-07 23:54 -------- d-----r- c:\program files\Skype
2013-11-07 23:54 . 2013-11-07 23:54 -------- d-----w- c:\programdata\Skype
2013-11-07 22:50 . 2013-11-07 22:50 -------- d-----w- c:\program files\PDF Architect
2013-11-07 22:49 . 2013-04-09 14:13 95416 ----a-w- c:\windows\system32\pdfcmon.dll
2013-11-07 22:49 . 2013-01-09 14:52 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2013-11-07 22:49 . 2012-05-05 10:54 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2013-11-07 22:49 . 2012-05-05 10:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2013-11-07 22:49 . 2013-11-08 08:17 -------- d-----w- c:\program files\PDFCreator
2013-11-07 22:49 . 2012-05-05 10:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2013-11-07 22:41 . 2013-11-07 22:45 -------- d-----w- c:\program files\IrfanView
2013-11-07 22:36 . 2013-11-07 22:37 -------- d-----w- c:\program files\7-Zip
2013-11-07 22:30 . 2013-11-07 22:32 -------- d-----w- c:\program files\GIMP 2
2013-11-07 22:22 . 2013-11-07 22:27 -------- d-----w- c:\programdata\Ashampoo
2013-11-07 22:22 . 2013-11-07 22:22 -------- d-----w- c:\program files\Ashampoo
2013-11-07 22:21 . 2013-11-07 22:21 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-11-07 22:09 . 2013-11-07 22:09 -------- d-----w- c:\program files\VideoLAN
2013-11-07 21:57 . 2013-11-07 21:58 -------- d-----w- C:\totalcmd
2013-11-07 21:54 . 2013-11-07 21:54 -------- d-----w- c:\program files\LibreOffice 4
2013-11-07 21:40 . 2013-11-07 21:40 -------- d-----w- c:\program files\Windows Portable Devices
2013-11-07 21:26 . 2013-09-23 20:01 304128 ----a-w- c:\program files\Internet Explorer\ieuser.exe
2013-11-07 21:13 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2013-11-07 21:13 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2013-11-07 21:13 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2013-11-07 21:09 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2013-11-07 21:09 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2013-11-07 21:09 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2013-11-07 21:09 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2013-11-07 21:09 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2013-11-07 21:09 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2013-11-07 21:09 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2013-11-07 21:09 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2013-11-07 21:09 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2013-11-07 21:09 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2013-11-07 21:09 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2013-11-07 21:09 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2013-11-07 20:51 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2013-11-07 20:51 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 20:51 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-11-07 20:37 . 2013-11-07 20:37 586240 ----a-w- c:\windows\system32\stobject.dll
2013-11-07 20:23 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-11-07 20:23 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-11-07 20:23 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-11-07 20:23 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-11-07 20:23 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-11-07 20:23 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2013-11-07 20:23 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-11-07 20:23 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-11-07 20:23 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-11-07 20:23 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-11-07 20:06 . 2013-08-29 07:36 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-11-07 20:06 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2013-11-07 20:06 . 2013-07-05 03:20 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-11-07 20:06 . 2013-07-05 01:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-11-07 20:06 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2013-11-07 20:06 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-07 20:05 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2013-11-07 20:05 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-11-07 20:05 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-11-07 20:05 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-07 20:05 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-11-07 20:05 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-11-07 20:05 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2013-11-07 20:03 . 2013-06-26 23:01 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-11-07 20:02 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-11-07 19:44 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2013-11-07 19:33 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-11-07 19:33 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-11-07 19:33 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-11-07 19:33 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-11-07 19:33 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-11-07 19:33 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-11-07 19:33 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-11-07 19:33 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-11-07 19:33 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-11-06 23:24 . 2013-11-06 23:24 -------- d-----w- c:\programdata\AskPartnerNetwork
2013-11-06 23:22 . 2013-11-06 23:22 -------- d-----w- c:\programdata\APN
2013-11-06 22:13 . 2013-11-06 22:13 -------- d-----w- c:\programdata\ASUS
2013-11-06 21:54 . 2013-11-06 21:54 -------- d-----w- c:\users\Public\CyberLink
2013-11-06 21:54 . 2013-11-06 22:08 -------- d-----w- c:\programdata\LightScribe
2013-11-06 20:45 . 2013-11-06 20:45 -------- d-----w- c:\program files\CCleaner
2013-11-06 15:07 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-11-06 15:07 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2013-11-06 15:07 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2013-11-06 15:07 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2013-11-06 15:07 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2013-11-06 14:46 . 2013-11-06 14:47 -------- d-----w- c:\windows\system32\ca-ES
2013-11-06 14:46 . 2013-11-06 14:47 -------- d-----w- c:\windows\system32\eu-ES
2013-11-06 14:46 . 2013-11-06 14:47 -------- d-----w- c:\windows\system32\vi-VN
2013-11-06 13:59 . 2013-11-06 13:59 -------- d-----w- c:\windows\system32\EventProviders
2013-11-06 10:54 . 2013-11-06 10:54 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-11-06 09:52 . 2009-04-11 06:28 406528 ----a-w- c:\windows\system32\msvcp60.dll
2013-11-06 09:51 . 2009-04-11 06:28 444416 ----a-w- c:\windows\system32\dsound.dll
2013-11-06 09:50 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2013-11-06 09:50 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2013-11-06 09:50 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2013-11-06 09:50 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2013-11-06 09:50 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2013-11-06 09:50 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-11-06 09:50 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2013-11-06 09:50 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2013-11-06 09:50 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2013-11-06 09:50 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2013-11-06 09:49 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2013-11-06 09:42 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-11-06 09:42 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-11-06 09:42 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2013-11-06 09:42 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2013-11-06 09:42 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2013-11-06 09:42 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2013-11-06 09:42 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2013-11-06 09:42 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-07 20:38 . 2013-11-07 20:38 203776 ----a-w- c:\windows\system32\webcheck.dll
2013-11-07 20:37 . 2013-11-07 20:37 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\dxgkrnl.sys.mui
2013-09-24 03:07 . 2013-11-07 21:26 53760 ----a-w- c:\windows\apppatch\iebrshim.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-03-20 3261688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-03-23 17149952]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-09-30 237568]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-27 3054136]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-03-06 424352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-25 73832]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2013-10-22 2777736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-10-10 681032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-06 22:51 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=en&gu=c39a2a5de1cd4455a335afc44e093ed1&tu=10G9y00At2C01g0&sku=&tstsId=&ver=&
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Alenka\AppData\Roaming\Mozilla\Firefox\Profiles\ydsgxzdp.default\
FF - ExtSQL: 2013-11-07 21:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-09 20:16
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(520)
c:\program files\Elantech\ETDApix.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\WLANExt.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\PDF Architect\HelperService.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\PDF Architect\ConversionService.exe
c:\program files\Spyware Terminator\st_rsser.exe
c:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\windows\System32\WUDFHost.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2013-11-09 20:21:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-09 19:20
ComboFix2.txt 2013-11-08 22:29
ComboFix3.txt 2013-11-08 21:54
.
Před spuštěním: Volných bajtů: 131 144 310 784
Po spuštění: Volných bajtů: 131 156 615 168
.
- - End Of File - - 0EF4626A81FDAD39DF17F039877EF2D4
64B1E91C5C6C2157642651010728F90F

Re: vir v NB

Napsal: 09 lis 2013 20:46
od Rudy
Podstatné je, zda zmizel ten problém s virem.

Re: vir v NB

Napsal: 09 lis 2013 21:54
od David7
tím si nejsem právě jist. Původně se nijak neprojevoval, ale začal jsem to řešit na základě detekce viru.

Teď výstraha zabezpečení systému windows hlásí, "Ochrana proti malware, antivirový program, program Avira Desktop hlásí že je vypnutý."

Pokud se ale podívám na status Aviry, tak ta se tváří že funguje a je aktivní.

Když jsem v centru zabezpečení u Aviry dal volbuZapnout nyní, tak spadl systém. Spustil jsem ho obvyklým způsobem.
I po tomto restartu tento rozkol stále trvá.

Zkusil jsem tedy v Aviře spustit scan systému a ten se vůbec nerozběhne a nic neotestuje.

Re: vir v NB

Napsal: 09 lis 2013 22:27
od Rudy
CF odinstalujte pomocí T-Cleaneru: http://vyosek.ic.cz/pro_usery/T-Cleaner.exe . Zbývá už jen sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Po akci dejte log.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz