problém s Ransomware
Napsal: 14 bře 2014 11:40
Mám policejní virus a tento návod mě nezabral http://forum.viry.cz/viewtopic.php?f=29&t=132523. Děkuji za pomoc.
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Eva (administrator) on ENH on 31-10-2013 08:29:19
Running from E:\
Microsoft Windows XP Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 7
Boot Mode: Safe Mode (minimal)
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [7700480 2006-10-22] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [86016 2006-10-22] (NVIDIA Corporation)
HKLM\...\Run: [avast!] - C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000 2009-11-25] (ALWIL Software)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1646216 2013-01-24] (Ask)
HKLM\...\Run: [NBAgent] - C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2012-01-13] (Nero AG)
HKLM\...\Run: [BluetoothAuthenticationAgent] - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [UserFaultCheck] - %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-842925246-764733703-1801674531-1003\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-842925246-764733703-1801674531-1003\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-06] (SUPERAntiSpyware)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Picture Package Menu.lnk
ShortcutTarget: Picture Package Menu.lnk -> C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Picture Package VCD Maker.lnk
ShortcutTarget: Picture Package VCD Maker.lnk -> C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
Startup: C:\Documents and Settings\Eva\Nabídka Start\Programy\Po spuštění\Cyber-shot Viewer Media Check Tool.lnk
ShortcutTarget: Cyber-shot Viewer Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
Startup: C:\Documents and Settings\Eva\Nabídka Start\Programy\Po spuštění\lhfsdknjcyqyfivyjew.lnk
ShortcutTarget: lhfsdknjcyqyfivyjew.lnk -> C:\Documents and Settings\Eva\Local Settings\Temp\wejyvifyqycjnkdsfhl.bfg (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=101916
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... 80ABD6E9EA
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... 80ABD6E9EA
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\gpyp40vj.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Nero.com/KM - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\gpyp40vj.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\gpyp40vj.default\searchplugins\askcomsearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: Nero Toolbar - C:\Documents and Settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\gpyp40vj.default\Extensions\toolbar@ask.com [2012-08-13]
========================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
S2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2009-11-25] (ALWIL Software)
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [138680 2009-11-25] (ALWIL Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [254040 2009-11-25] (ALWIL Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [352920 2009-11-25] (ALWIL Software)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170408 2012-12-27] (Oracle Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [687400 2011-11-25] (Nero AG)
S2 winmgmt; C:\DOCUME~1\ALLUSE~1\DATAAP~1\wejyvifyqycjnkdsfhl.bfg [X]
==================== Drivers (Whitelisted) ====================
S1 Aavmker4; C:\WINDOWS\system32\Drivers\Aavmker4.sys [27408 2009-11-25] (ALWIL Software)
S2 aswFsBlk; C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys [20560 2009-11-25] (ALWIL Software)
S2 aswMon2; C:\WINDOWS\system32\Drivers\aswMon2.sys [94160 2009-11-25] (ALWIL Software)
S3 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [23120 2009-11-25] (ALWIL Software)
S1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [114768 2009-11-25] (ALWIL Software)
S1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [48560 2009-11-25] (ALWIL Software)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 cdrbsvsd; C:\WINDOWS\system32\Drivers\cdrbsvsd.sys [13566 2003-12-03] (B.H.A Corporation)
S3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [417999 2002-09-30] (C-Media Inc)
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 sonypvs1; C:\WINDOWS\System32\DRIVERS\sonypvs1.sys [102220 2002-10-15] (Sony Corporation)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-31 08:29 - 2013-10-31 08:29 - 00000000 ____D () C:\FRST
2013-10-31 08:20 - 2013-10-31 08:20 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2013-10-31 07:42 - 2013-10-31 08:20 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\HitmanPro
2013-10-31 03:03 - 2013-10-31 03:03 - 00000000 ____D () C:\Documents and Settings\Eva\Data aplikací\SUPERAntiSpyware.com
2013-10-31 03:02 - 2013-10-31 03:03 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2013-10-31 03:02 - 2013-10-31 03:02 - 00001678 _____ () C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
2013-10-31 03:02 - 2013-10-31 03:02 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2013-10-31 02:29 - 2013-10-31 08:20 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP
2013-10-31 02:29 - 2013-10-31 02:29 - 00000000 ____D () C:\Program Files\Enigma Software Group
2013-10-31 02:28 - 2013-10-31 02:28 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2013-10-31 00:48 - 2014-03-13 12:47 - 03062248 ____N (Symantec Corporation) C:\Documents and Settings\Eva\Plocha\NPE.exe
2013-10-31 00:48 - 2013-10-31 01:24 - 00000000 ____D () C:\Documents and Settings\Eva\Local Settings\Data aplikací\NPE
2013-10-31 00:48 - 2013-10-31 00:48 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Norton
2013-10-31 00:45 - 2013-10-31 08:10 - 00000000 __SHD () C:\WINDOWS\CSC
==================== One Month Modified Files and Folders =======
2014-03-13 12:47 - 2013-10-31 00:48 - 03062248 ____N (Symantec Corporation) C:\Documents and Settings\Eva\Plocha\NPE.exe
2013-10-31 08:29 - 2013-10-31 08:29 - 00000000 ____D () C:\FRST
2013-10-31 08:25 - 2012-08-22 13:29 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2013-10-31 08:25 - 2012-08-13 19:24 - 00000000 ____D () C:\Documents and Settings\Eva\Local Settings\Data aplikací\AskToolbar
2013-10-31 08:25 - 2009-08-10 07:44 - 00065578 _____ () C:\WINDOWS\system32\nvapps.xml
2013-10-31 08:21 - 2009-08-10 07:37 - 00000272 ___SH () C:\Documents and Settings\Eva\ntuser.ini
2013-10-31 08:21 - 2009-08-10 07:28 - 00086544 _____ () C:\WINDOWS\WindowsUpdate.log
2013-10-31 08:20 - 2013-10-31 08:20 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2013-10-31 08:20 - 2013-10-31 07:42 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\HitmanPro
2013-10-31 08:20 - 2013-10-31 02:29 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP
2013-10-31 08:10 - 2013-10-31 00:45 - 00000000 __SHD () C:\WINDOWS\CSC
2013-10-31 08:09 - 2009-08-10 09:05 - 01114112 _____ () C:\WINDOWS\system32\config\Antivirus.Evt
2013-10-31 07:42 - 2009-08-10 09:17 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2013-10-31 07:39 - 2009-08-10 09:17 - 00728594 _____ () C:\WINDOWS\setupapi.log
2013-10-31 07:29 - 2012-08-13 19:24 - 00000230 _____ () C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
2013-10-31 06:59 - 2009-08-10 07:34 - 00032544 _____ () C:\WINDOWS\SchedLgU.Txt
2013-10-31 06:55 - 2009-08-10 07:34 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2013-10-31 03:03 - 2013-10-31 03:03 - 00000000 ____D () C:\Documents and Settings\Eva\Data aplikací\SUPERAntiSpyware.com
2013-10-31 03:03 - 2013-10-31 03:02 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2013-10-31 03:02 - 2013-10-31 03:02 - 00001678 _____ () C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
2013-10-31 03:02 - 2013-10-31 03:02 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2013-10-31 03:02 - 2009-08-10 09:18 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start
2013-10-31 03:02 - 2009-08-10 09:18 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2013-10-31 03:02 - 2009-08-10 08:35 - 00000000 ____D () C:\Documents and Settings\Eva\Dokumenty\Stažené soubory
2013-10-31 03:00 - 2009-08-10 07:37 - 00000000 ___RD () C:\Documents and Settings\Eva\Nabídka Start\Programy
2013-10-31 03:00 - 2009-08-10 07:37 - 00000000 ____D () C:\Documents and Settings\Eva\Plocha
2013-10-31 02:58 - 2009-08-10 08:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2013-10-31 02:45 - 2009-08-10 07:37 - 00001599 _____ () C:\Documents and Settings\Eva\Nabídka Start\Programy\Vzdálená pomoc.lnk
2013-10-31 02:42 - 2009-08-10 07:30 - 00001599 _____ () C:\Documents and Settings\Default User\Nabídka Start\Programy\Vzdálená pomoc.lnk
2013-10-31 02:42 - 2009-08-10 07:30 - 00001507 _____ () C:\Documents and Settings\All Users\Nabídka Start\Windows Update.lnk
2013-10-31 02:29 - 2013-10-31 02:29 - 00000000 ____D () C:\Program Files\Enigma Software Group
2013-10-31 02:28 - 2013-10-31 02:28 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2013-10-31 02:20 - 2009-08-11 11:21 - 00000000 ____D () C:\Documents and Settings\Eva\Data aplikací\Skype
2013-10-31 01:32 - 2009-08-10 09:18 - 00945884 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-31 01:26 - 2009-08-10 07:25 - 00004633 _____ () C:\WINDOWS\wmsetup.log
2013-10-31 01:25 - 2009-08-10 09:16 - 00000211 _____ () C:\boot.ini
2013-10-31 01:24 - 2013-10-31 00:48 - 00000000 ____D () C:\Documents and Settings\Eva\Local Settings\Data aplikací\NPE
2013-10-31 01:00 - 2004-08-17 15:49 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2013-10-31 00:48 - 2013-10-31 00:48 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Norton
2013-10-31 00:48 - 2009-08-10 07:37 - 00000000 ___HD () C:\Documents and Settings\Eva\Local Settings\Data aplikací
2013-10-31 00:45 - 2009-08-10 09:17 - 00194948 _____ () C:\WINDOWS\setupact.log
2013-10-31 00:45 - 2001-10-25 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
Files to move or delete:
====================
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Some content of TEMP:
====================
C:\Documents and Settings\Eva\Local Settings\Temp\APNStub.exe
C:\Documents and Settings\Eva\Local Settings\Temp\AutoRun.exe
C:\Documents and Settings\Eva\Local Settings\Temp\AutoRunGUI.dll
C:\Documents and Settings\Eva\Local Settings\Temp\FP_PL_PFS_INSTALLER.exe
C:\Documents and Settings\Eva\Local Settings\Temp\setup.exe
C:\Documents and Settings\Eva\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\Eva\Local Settings\Temp\SHSetup.exe
C:\Documents and Settings\Eva\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Eva\Local Settings\Temp\wejyvifyqycjnkdsfhl.bfg
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe
[2004-08-17 15:49] - [2008-04-14 07:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1
C:\WINDOWS\system32\winlogon.exe
[2004-08-17 15:49] - [2008-04-14 07:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea
C:\WINDOWS\system32\svchost.exe
[2004-08-17 15:49] - [2008-04-14 07:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93
C:\WINDOWS\system32\services.exe
[2004-08-17 15:49] - [2008-04-14 07:52] - 0108544 ____A (Microsoft Corporation) f0d2ae69035092bf22dad6b50fab85c2
C:\WINDOWS\system32\User32.dll
[2004-08-17 15:49] - [2008-04-14 07:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53
C:\WINDOWS\system32\userinit.exe
[2004-08-17 15:49] - [2008-04-14 07:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239
C:\WINDOWS\system32\rpcss.dll
[2004-08-17 15:49] - [2008-04-14 07:51] - 0399360 ____A (Microsoft Corporation) c868f3ae15cf71a93f2aa3a32856d839
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2004-08-17 15:44] - [2008-04-14 06:42] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1
==================== End Of Log ============================
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Eva (administrator) on ENH on 31-10-2013 08:29:19
Running from E:\
Microsoft Windows XP Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 7
Boot Mode: Safe Mode (minimal)
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [7700480 2006-10-22] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [86016 2006-10-22] (NVIDIA Corporation)
HKLM\...\Run: [avast!] - C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000 2009-11-25] (ALWIL Software)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1646216 2013-01-24] (Ask)
HKLM\...\Run: [NBAgent] - C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2012-01-13] (Nero AG)
HKLM\...\Run: [BluetoothAuthenticationAgent] - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [UserFaultCheck] - %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-842925246-764733703-1801674531-1003\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-842925246-764733703-1801674531-1003\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-06] (SUPERAntiSpyware)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Picture Package Menu.lnk
ShortcutTarget: Picture Package Menu.lnk -> C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Picture Package VCD Maker.lnk
ShortcutTarget: Picture Package VCD Maker.lnk -> C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
Startup: C:\Documents and Settings\Eva\Nabídka Start\Programy\Po spuštění\Cyber-shot Viewer Media Check Tool.lnk
ShortcutTarget: Cyber-shot Viewer Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
Startup: C:\Documents and Settings\Eva\Nabídka Start\Programy\Po spuštění\lhfsdknjcyqyfivyjew.lnk
ShortcutTarget: lhfsdknjcyqyfivyjew.lnk -> C:\Documents and Settings\Eva\Local Settings\Temp\wejyvifyqycjnkdsfhl.bfg (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=101916
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... 80ABD6E9EA
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... 80ABD6E9EA
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\gpyp40vj.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Nero.com/KM - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\gpyp40vj.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\gpyp40vj.default\searchplugins\askcomsearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: Nero Toolbar - C:\Documents and Settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\gpyp40vj.default\Extensions\toolbar@ask.com [2012-08-13]
========================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
S2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2009-11-25] (ALWIL Software)
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [138680 2009-11-25] (ALWIL Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [254040 2009-11-25] (ALWIL Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [352920 2009-11-25] (ALWIL Software)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170408 2012-12-27] (Oracle Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [687400 2011-11-25] (Nero AG)
S2 winmgmt; C:\DOCUME~1\ALLUSE~1\DATAAP~1\wejyvifyqycjnkdsfhl.bfg [X]
==================== Drivers (Whitelisted) ====================
S1 Aavmker4; C:\WINDOWS\system32\Drivers\Aavmker4.sys [27408 2009-11-25] (ALWIL Software)
S2 aswFsBlk; C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys [20560 2009-11-25] (ALWIL Software)
S2 aswMon2; C:\WINDOWS\system32\Drivers\aswMon2.sys [94160 2009-11-25] (ALWIL Software)
S3 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [23120 2009-11-25] (ALWIL Software)
S1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [114768 2009-11-25] (ALWIL Software)
S1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [48560 2009-11-25] (ALWIL Software)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 cdrbsvsd; C:\WINDOWS\system32\Drivers\cdrbsvsd.sys [13566 2003-12-03] (B.H.A Corporation)
S3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [417999 2002-09-30] (C-Media Inc)
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 sonypvs1; C:\WINDOWS\System32\DRIVERS\sonypvs1.sys [102220 2002-10-15] (Sony Corporation)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-31 08:29 - 2013-10-31 08:29 - 00000000 ____D () C:\FRST
2013-10-31 08:20 - 2013-10-31 08:20 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2013-10-31 07:42 - 2013-10-31 08:20 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\HitmanPro
2013-10-31 03:03 - 2013-10-31 03:03 - 00000000 ____D () C:\Documents and Settings\Eva\Data aplikací\SUPERAntiSpyware.com
2013-10-31 03:02 - 2013-10-31 03:03 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2013-10-31 03:02 - 2013-10-31 03:02 - 00001678 _____ () C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
2013-10-31 03:02 - 2013-10-31 03:02 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2013-10-31 02:29 - 2013-10-31 08:20 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP
2013-10-31 02:29 - 2013-10-31 02:29 - 00000000 ____D () C:\Program Files\Enigma Software Group
2013-10-31 02:28 - 2013-10-31 02:28 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2013-10-31 00:48 - 2014-03-13 12:47 - 03062248 ____N (Symantec Corporation) C:\Documents and Settings\Eva\Plocha\NPE.exe
2013-10-31 00:48 - 2013-10-31 01:24 - 00000000 ____D () C:\Documents and Settings\Eva\Local Settings\Data aplikací\NPE
2013-10-31 00:48 - 2013-10-31 00:48 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Norton
2013-10-31 00:45 - 2013-10-31 08:10 - 00000000 __SHD () C:\WINDOWS\CSC
==================== One Month Modified Files and Folders =======
2014-03-13 12:47 - 2013-10-31 00:48 - 03062248 ____N (Symantec Corporation) C:\Documents and Settings\Eva\Plocha\NPE.exe
2013-10-31 08:29 - 2013-10-31 08:29 - 00000000 ____D () C:\FRST
2013-10-31 08:25 - 2012-08-22 13:29 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2013-10-31 08:25 - 2012-08-13 19:24 - 00000000 ____D () C:\Documents and Settings\Eva\Local Settings\Data aplikací\AskToolbar
2013-10-31 08:25 - 2009-08-10 07:44 - 00065578 _____ () C:\WINDOWS\system32\nvapps.xml
2013-10-31 08:21 - 2009-08-10 07:37 - 00000272 ___SH () C:\Documents and Settings\Eva\ntuser.ini
2013-10-31 08:21 - 2009-08-10 07:28 - 00086544 _____ () C:\WINDOWS\WindowsUpdate.log
2013-10-31 08:20 - 2013-10-31 08:20 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2013-10-31 08:20 - 2013-10-31 07:42 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\HitmanPro
2013-10-31 08:20 - 2013-10-31 02:29 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP
2013-10-31 08:10 - 2013-10-31 00:45 - 00000000 __SHD () C:\WINDOWS\CSC
2013-10-31 08:09 - 2009-08-10 09:05 - 01114112 _____ () C:\WINDOWS\system32\config\Antivirus.Evt
2013-10-31 07:42 - 2009-08-10 09:17 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2013-10-31 07:39 - 2009-08-10 09:17 - 00728594 _____ () C:\WINDOWS\setupapi.log
2013-10-31 07:29 - 2012-08-13 19:24 - 00000230 _____ () C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
2013-10-31 06:59 - 2009-08-10 07:34 - 00032544 _____ () C:\WINDOWS\SchedLgU.Txt
2013-10-31 06:55 - 2009-08-10 07:34 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2013-10-31 03:03 - 2013-10-31 03:03 - 00000000 ____D () C:\Documents and Settings\Eva\Data aplikací\SUPERAntiSpyware.com
2013-10-31 03:03 - 2013-10-31 03:02 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2013-10-31 03:02 - 2013-10-31 03:02 - 00001678 _____ () C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
2013-10-31 03:02 - 2013-10-31 03:02 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2013-10-31 03:02 - 2009-08-10 09:18 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start
2013-10-31 03:02 - 2009-08-10 09:18 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2013-10-31 03:02 - 2009-08-10 08:35 - 00000000 ____D () C:\Documents and Settings\Eva\Dokumenty\Stažené soubory
2013-10-31 03:00 - 2009-08-10 07:37 - 00000000 ___RD () C:\Documents and Settings\Eva\Nabídka Start\Programy
2013-10-31 03:00 - 2009-08-10 07:37 - 00000000 ____D () C:\Documents and Settings\Eva\Plocha
2013-10-31 02:58 - 2009-08-10 08:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2013-10-31 02:45 - 2009-08-10 07:37 - 00001599 _____ () C:\Documents and Settings\Eva\Nabídka Start\Programy\Vzdálená pomoc.lnk
2013-10-31 02:42 - 2009-08-10 07:30 - 00001599 _____ () C:\Documents and Settings\Default User\Nabídka Start\Programy\Vzdálená pomoc.lnk
2013-10-31 02:42 - 2009-08-10 07:30 - 00001507 _____ () C:\Documents and Settings\All Users\Nabídka Start\Windows Update.lnk
2013-10-31 02:29 - 2013-10-31 02:29 - 00000000 ____D () C:\Program Files\Enigma Software Group
2013-10-31 02:28 - 2013-10-31 02:28 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2013-10-31 02:20 - 2009-08-11 11:21 - 00000000 ____D () C:\Documents and Settings\Eva\Data aplikací\Skype
2013-10-31 01:32 - 2009-08-10 09:18 - 00945884 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-31 01:26 - 2009-08-10 07:25 - 00004633 _____ () C:\WINDOWS\wmsetup.log
2013-10-31 01:25 - 2009-08-10 09:16 - 00000211 _____ () C:\boot.ini
2013-10-31 01:24 - 2013-10-31 00:48 - 00000000 ____D () C:\Documents and Settings\Eva\Local Settings\Data aplikací\NPE
2013-10-31 01:00 - 2004-08-17 15:49 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2013-10-31 00:48 - 2013-10-31 00:48 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Norton
2013-10-31 00:48 - 2009-08-10 07:37 - 00000000 ___HD () C:\Documents and Settings\Eva\Local Settings\Data aplikací
2013-10-31 00:45 - 2009-08-10 09:17 - 00194948 _____ () C:\WINDOWS\setupact.log
2013-10-31 00:45 - 2001-10-25 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
Files to move or delete:
====================
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Some content of TEMP:
====================
C:\Documents and Settings\Eva\Local Settings\Temp\APNStub.exe
C:\Documents and Settings\Eva\Local Settings\Temp\AutoRun.exe
C:\Documents and Settings\Eva\Local Settings\Temp\AutoRunGUI.dll
C:\Documents and Settings\Eva\Local Settings\Temp\FP_PL_PFS_INSTALLER.exe
C:\Documents and Settings\Eva\Local Settings\Temp\setup.exe
C:\Documents and Settings\Eva\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\Eva\Local Settings\Temp\SHSetup.exe
C:\Documents and Settings\Eva\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Eva\Local Settings\Temp\wejyvifyqycjnkdsfhl.bfg
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe
[2004-08-17 15:49] - [2008-04-14 07:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1
C:\WINDOWS\system32\winlogon.exe
[2004-08-17 15:49] - [2008-04-14 07:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea
C:\WINDOWS\system32\svchost.exe
[2004-08-17 15:49] - [2008-04-14 07:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93
C:\WINDOWS\system32\services.exe
[2004-08-17 15:49] - [2008-04-14 07:52] - 0108544 ____A (Microsoft Corporation) f0d2ae69035092bf22dad6b50fab85c2
C:\WINDOWS\system32\User32.dll
[2004-08-17 15:49] - [2008-04-14 07:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53
C:\WINDOWS\system32\userinit.exe
[2004-08-17 15:49] - [2008-04-14 07:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239
C:\WINDOWS\system32\rpcss.dll
[2004-08-17 15:49] - [2008-04-14 07:51] - 0399360 ____A (Microsoft Corporation) c868f3ae15cf71a93f2aa3a32856d839
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2004-08-17 15:44] - [2008-04-14 06:42] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1
==================== End Of Log ============================
