ESET hlási viry a není platna aplikace typu win32

Zpráva

bellian · #1 Příspěvek od **bellian** » 20 úno 2012 18:23

Zdravím vás,

po stáhnutí češtiny do Hry Neverwinter Nights mi behem 2 minut nahlasil ESET smart security 5 (originální) 270 souborů uloženo do karantény. Nyni když chci spustit nějaky exe soubor, tak mi napíše "není platna aplikace typu win32".

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jarek at 2012-02-20 18:16:22
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 12 GB (15%) free of 76 GB
Total RAM: 8175 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:47:41, on 12.10.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
D:\FirefoxPortable\FirefoxPortable.exe
D:\FirefoxPortable\App\firefox\firefox.exe
D:\FirefoxPortable\App\firefox\plugin-container.exe
C:\Program Files\trend micro\Jarek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Splashtop Connect VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1183887383-364438216-238060764-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1183887383-364438216-238060764-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9849 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
taskeng.exe {6ABA7245-BE9D-4786-9EC5-745A00794D39}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe" /s
"C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe"
"C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe"
"C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1808
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Users\Jarek\Desktop\CoreTemp32\Core Temp.exe"
"C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"C:\Program Files (x86)\Winamp\winampa.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3972.eefcc60.900633473 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 3972 "\\.\pipe\gecko-crash-server-pipe.3972" plugin
"C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Users\Jarek\Desktop\SALAMAND.EXE"
C:\Windows\system32\wbem\wmiprvse.exe
"c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 3B73B326-C1DA-0DEC-0631-76C2DC9AAFE3 -Reinvoke
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Jarek\Downloads\111.exe"
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\s48togoj.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
npwachk.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\s48togoj.default\extensions\
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
GBHO.BHO - C:\Windows\system32\mscoree.dll [2010-11-21 444752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-02-09 79240]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}]
Splashtop Connect VisualBookmark - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll [2011-01-21 345968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2011-05-13 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-08 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1d09c093-f71e-43c3-b948-19316cbd695e} - Smart Recovery 2 - C:\Windows\system32\mscoree.dll [2010-11-21 444752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-01-04 11772520]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 4035152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-01-19 3477312]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ZyngaGamesAgent"=C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [2010-11-15 841544]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-10-09 283160]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2011-10-10 113288]
"ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2011-10-10 81920]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2011-12-09 74752]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-02-20 843712]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"STCAgent"=C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe []

C:\Users\Jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Core Temp – zástupce.lnk - C:\Users\Jarek\Desktop\CoreTemp32\Core Temp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll

======File associations======

.exe - open - C:\Windows\svchost.com "%1" %*
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-02-20 18:16:22 ----D---- C:\rsit
2012-02-20 18:05:11 ----A---- C:\Windows\svchost.com
2012-02-18 21:02:19 ----D---- C:\Program Files (x86)\1C Company
2012-02-15 18:54:56 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-02-15 18:54:56 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-02-15 18:54:56 ----A---- C:\Windows\system32\mshtmled.dll
2012-02-15 18:54:56 ----A---- C:\Windows\system32\jscript9.dll
2012-02-15 18:54:56 ----A---- C:\Windows\system32\iertutil.dll
2012-02-15 18:54:55 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-02-15 18:54:55 ----A---- C:\Windows\SYSWOW64\url.dll
2012-02-15 18:54:55 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-02-15 18:54:55 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-02-15 18:54:55 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-02-15 18:54:55 ----A---- C:\Windows\system32\urlmon.dll
2012-02-15 18:54:55 ----A---- C:\Windows\system32\url.dll
2012-02-15 18:54:55 ----A---- C:\Windows\system32\jscript.dll
2012-02-15 18:54:55 ----A---- C:\Windows\system32\ieui.dll
2012-02-15 18:54:54 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-02-15 18:54:54 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-02-15 18:54:54 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-02-15 18:54:54 ----A---- C:\Windows\system32\wininet.dll
2012-02-15 18:54:54 ----A---- C:\Windows\system32\jsproxy.dll
2012-02-15 18:54:53 ----A---- C:\Windows\system32\mshtml.dll
2012-02-15 18:54:52 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-02-15 18:54:52 ----A---- C:\Windows\system32\ieframe.dll
2012-02-15 18:16:19 ----A---- C:\Windows\system32\shell32.dll
2012-02-15 18:16:18 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-02-15 18:16:17 ----A---- C:\Windows\SYSWOW64\ntshrui.dll
2012-02-15 18:16:17 ----A---- C:\Windows\system32\ntshrui.dll
2012-02-15 18:16:13 ----A---- C:\Windows\system32\win32k.sys
2012-02-15 18:16:12 ----A---- C:\Windows\system32\drivers\afd.sys
2012-02-15 18:16:06 ----A---- C:\Windows\SYSWOW64\msvcrt.dll
2012-02-15 18:16:06 ----A---- C:\Windows\system32\msvcrt.dll
2012-02-12 15:10:01 ----D---- C:\Program Files (x86)\Atari
2012-02-12 15:04:17 ----A---- C:\Windows\SYSWOW64\CmdLineExt.dll
2012-02-10 17:53:15 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-02-09 21:19:49 ----A---- C:\Windows\system32\npdeployJava1.dll
2012-02-09 21:19:49 ----A---- C:\Windows\system32\javaws.exe
2012-02-09 21:19:49 ----A---- C:\Windows\system32\javaw.exe
2012-02-09 21:19:49 ----A---- C:\Windows\system32\java.exe
2012-02-09 21:19:49 ----A---- C:\Windows\system32\deployJava1.dll
2012-02-09 21:19:47 ----D---- C:\Program Files\Java
2012-02-09 21:16:50 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2012-02-09 16:44:34 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2012-02-09 16:44:34 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2012-02-09 16:44:34 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2012-02-09 16:44:34 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2012-02-09 16:44:34 ----A---- C:\Windows\system32\XAudio2_7.dll
2012-02-09 16:44:34 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2012-02-09 16:44:34 ----A---- C:\Windows\system32\xactengine3_7.dll
2012-02-09 16:44:34 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2012-02-09 16:44:33 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2012-02-09 16:44:33 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2012-02-09 16:44:33 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2012-02-09 16:44:33 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2012-02-09 16:44:33 ----A---- C:\Windows\system32\D3DX9_43.dll
2012-02-09 16:44:33 ----A---- C:\Windows\system32\d3dx11_43.dll
2012-02-09 16:44:33 ----A---- C:\Windows\system32\d3dx10_43.dll
2012-02-09 16:44:33 ----A---- C:\Windows\system32\d3dcsx_43.dll
2012-02-08 20:24:40 ----D---- C:\Windows\Sun
2012-02-08 20:24:24 ----D---- C:\ProgramData\Sun
2012-02-08 20:24:21 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-02-08 20:24:21 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-02-08 20:24:21 ----A---- C:\Windows\SYSWOW64\java.exe
2012-02-08 20:24:21 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-02-08 20:24:18 ----D---- C:\Program Files (x86)\Java
2012-02-02 19:11:47 ----A---- C:\Windows\system32\rtvcvfw32.dll
2012-02-02 19:11:43 ----D---- C:\Program Files (x86)\MSI Afterburner
2012-02-01 21:55:16 ----D---- C:\ProgramData\ESET
2012-02-01 21:55:16 ----D---- C:\Program Files\ESET
2012-01-22 19:48:46 ----D---- C:\Program Files (x86)\X-Com

======List of files/folders modified in the last 1 month======

2012-02-20 18:16:26 ----D---- C:\Program Files\trend micro
2012-02-20 18:16:23 ----D---- C:\Windows\Temp
2012-02-20 18:12:13 ----D---- C:\Windows
2012-02-20 18:06:00 ----D---- C:\ProgramData\Comodo Downloader
2012-02-20 18:05:52 ----D---- C:\Program Files (x86)\Winamp Detect
2012-02-20 18:05:52 ----D---- C:\Program Files (x86)\Winamp
2012-02-20 18:05:51 ----D---- C:\Program Files (x86)\Ufo
2012-02-20 18:05:45 ----D---- C:\Program Files (x86)\The KMPlayer
2012-02-20 18:05:44 ----D---- C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-02-20 18:05:43 ----D---- C:\Program Files (x86)\OpenAL
2012-02-20 18:05:41 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-02-20 18:05:40 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-02-20 18:05:38 ----D---- C:\Program Files (x86)\GameSpy Arcade
2012-02-20 18:05:36 ----D---- C:\Program Files (x86)\FileHippo.com
2012-02-20 18:05:25 ----D---- C:\Fraps
2012-02-20 17:41:01 ----D---- C:\Windows\System32
2012-02-20 17:41:01 ----D---- C:\Windows\inf
2012-02-20 17:41:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-02-20 17:22:40 ----D---- C:\Windows\system32\config
2012-02-20 17:22:14 ----D---- C:\ProgramData\NVIDIA
2012-02-18 21:04:48 ----RD---- C:\Program Files (x86)
2012-02-18 21:04:04 ----SHD---- C:\Windows\Installer
2012-02-18 21:04:03 ----D---- C:\Windows\winsxs
2012-02-18 21:03:53 ----SHD---- C:\System Volume Information
2012-02-18 21:02:19 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-02-16 07:02:05 ----D---- C:\Windows\Microsoft.NET
2012-02-16 07:02:04 ----RSD---- C:\Windows\assembly
2012-02-15 19:16:02 ----D---- C:\Windows\SYSWOW64\migration
2012-02-15 19:16:02 ----D---- C:\Windows\SysWOW64
2012-02-15 19:16:02 ----D---- C:\Windows\system32\migration
2012-02-15 19:16:02 ----D---- C:\Windows\system32\drivers
2012-02-15 19:16:02 ----D---- C:\Program Files\Internet Explorer
2012-02-15 19:16:02 ----D---- C:\Program Files (x86)\Internet Explorer
2012-02-15 18:56:38 ----D---- C:\ProgramData\Microsoft Help
2012-02-15 18:55:17 ----D---- C:\Windows\debug
2012-02-15 18:55:16 ----A---- C:\Windows\system32\MRT.exe
2012-02-15 18:55:00 ----D---- C:\Windows\system32\catroot2
2012-02-15 18:55:00 ----D---- C:\Windows\system32\catroot
2012-02-12 14:59:54 ----D---- C:\Windows\system32\Tasks
2012-02-12 09:18:05 ----D---- C:\Users\Jarek\AppData\Roaming\DAEMON Tools Lite
2012-02-11 15:30:13 ----D---- C:\Users\Jarek\AppData\Roaming\Winamp
2012-02-11 10:12:55 ----SD---- C:\ProgramData\Microsoft
2012-02-11 10:12:55 ----D---- C:\Program Files (x86)\Microsoft
2012-02-11 10:10:30 ----RD---- C:\Program Files
2012-02-10 17:53:22 ----D---- C:\Windows\system32\DriverStore
2012-02-09 21:19:24 ----D---- C:\Program Files\WinRAR
2012-02-09 21:14:07 ----D---- C:\Windows\Logs
2012-02-09 16:44:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-02-08 20:24:24 ----HD---- C:\ProgramData
2012-02-08 20:24:24 ----D---- C:\Program Files (x86)\Common Files
2012-02-06 19:10:26 ----SD---- C:\Users\Jarek\AppData\Roaming\Microsoft
2012-02-01 21:00:31 ----D---- C:\ProgramData\AVAST Software
2012-01-29 19:02:21 ----D---- C:\Program Files\CCleaner
2012-01-27 00:52:58 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-10 283200]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-10-24 314016]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-10-24 43680]
R3 ALSysIO;ALSysIO; \??\C:\Users\Jarek\AppData\Local\Temp\ALSysIO64.sys []
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2012-02-20 25640]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-01-04 2697448]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2011-07-08 174184]
R3 RTCore64;RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-12-24 412264]
S3 cpuz130;cpuz130; \??\C:\Users\Jarek\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2011-05-13 48488]
S3 GPU-Z;GPU-Z; \??\C:\Users\Jarek\AppData\Local\Temp\GPU-Z.sys []
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2011-10-07 30528]
S3 MSICDSetup;MSICDSetup; \??\E:\CDriver64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 DES2 Service;DES2 Service for Energy Saving.; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1640768]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 SCBackService;Splashtop Connect Service; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
R2 Smart TimeLock;Smart TimeLock Service; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service; C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-02-20 1492840]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-02-20 128928]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2012-02-20 69632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-09 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 20 úno 2012 19:21

Zdravim a pekny den preji

Aplikujte exeHelper by Raktor

Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

bellian · #3 Příspěvek od **bellian** » 20 úno 2012 19:33

ComboFix 12-02-19.02 - Jarek 20.02.2012 19:29:21.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8175.6627 [GMT 1:00]
Spuštěný z: c:\users\Jarek\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\directx.sys
c:\windows\svchost.com
D:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-20 do 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-20 17:34 . 2012-02-20 17:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-20 17:16 . 2012-02-20 17:16 -------- d-----w- C:\rsit
2012-02-18 20:02 . 2012-02-18 20:02 -------- d-----w- c:\program files (x86)\1C Company
2012-02-17 16:35 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6434799-622E-4B7C-94FA-935293162316}\mpengine.dll
2012-02-15 17:16 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 17:16 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 17:16 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 17:16 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 17:16 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 17:16 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 17:16 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 17:16 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-12 14:10 . 2012-02-12 14:10 -------- d-----w- c:\program files (x86)\Atari
2012-02-12 14:04 . 2012-02-12 14:04 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2012-02-12 13:55 . 2004-07-15 23:20 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-02-12 13:55 . 2004-07-15 23:20 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-02-12 13:55 . 2004-07-15 23:19 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-02-12 13:55 . 2004-07-15 23:18 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-02-12 13:55 . 2004-07-15 23:18 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-02-12 13:38 . 2004-04-18 22:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-02-12 13:38 . 2004-04-18 22:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-02-12 13:38 . 2004-04-18 22:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-02-12 13:38 . 2004-04-18 22:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-02-12 13:38 . 2004-04-18 22:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-02-12 13:38 . 2012-02-12 13:38 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-02-12 13:38 . 2012-02-12 13:38 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-02-11 08:54 . 2012-02-11 08:54 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-02-11 08:54 . 2012-02-11 08:54 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2012-02-10 16:53 . 2012-02-10 16:53 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-09 20:19 . 2012-02-09 20:19 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-09 20:19 . 2012-02-09 20:19 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-09 20:19 . 2012-02-09 20:19 -------- d-----w- c:\program files\Java
2012-02-09 20:16 . 2012-02-20 17:05 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-02-09 15:51 . 2012-02-09 15:51 -------- d-----w- c:\users\Jarek\AppData\Local\IsolatedStorage
2012-02-09 15:51 . 2012-02-09 15:51 -------- d-----w- c:\users\Jarek\AppData\Local\Futuremark_Corporation
2012-02-08 19:24 . 2012-02-08 19:24 -------- d-----w- c:\users\Jarek\SystemRequirementsLab
2012-02-08 19:24 . 2012-02-08 19:24 -------- d-----w- c:\windows\Sun
2012-02-08 19:24 . 2012-02-08 19:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-08 19:24 . 2012-02-08 19:24 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-08 19:24 . 2012-02-08 19:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-08 19:24 . 2012-02-08 19:24 -------- d-----w- c:\program files (x86)\Java
2012-02-08 19:10 . 2012-02-08 19:10 -------- d-----w- c:\program files (x86)\Common Files\Futuremark Shared
2012-02-02 18:11 . 2010-10-27 01:43 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll
2012-02-02 18:11 . 2012-02-20 17:05 -------- d-----w- c:\program files (x86)\MSI Afterburner
2012-02-01 20:55 . 2012-02-01 20:55 -------- d-----w- c:\program files\ESET
2012-02-01 16:06 . 2012-02-18 19:58 -------- d-----w- c:\users\Jarek\AppData\Local\dxhr
2012-02-01 16:03 . 2012-02-01 16:03 -------- d-----w- c:\users\Jarek\AppData\Local\28050
2012-01-22 18:48 . 2012-02-20 17:05 -------- d-----w- c:\program files (x86)\X-Com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 18:31 . 2011-10-12 14:43 25640 ----a-w- c:\windows\gdrv.sys
2012-01-26 23:52 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-20 15:52 . 2012-01-20 15:52 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-01-20 15:52 . 2011-11-04 16:16 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-20 15:52 . 2011-11-04 16:16 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-01-20 15:52 . 2011-11-04 16:16 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-10 14:24 . 2011-10-11 16:34 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2011-10-10 16:49 256960 ----a-w- c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-01-21 165776]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-09 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-10-10 113288]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2011-10-10 81920]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-02-20 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Core Temp – zástupce.lnk - c:\users\Jarek\Desktop\CoreTemp32\Core Temp.exe [2010-8-29 439824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 cpuz130;cpuz130;c:\users\Jarek\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-02-20 128928]
R3 GPU-Z;GPU-Z;c:\users\Jarek\AppData\Local\Temp\GPU-Z.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-10-07 30528]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 ALSysIO;ALSysIO;c:\users\Jarek\AppData\Local\Temp\ALSysIO64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.100.254
TCP: Interfaces\{E3AA77E2-E401-4545-8F9F-789DFB68DB47}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\s48togoj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-STCAgent - c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe
AddRemove-InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996} - c:\program files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\SETUP.EXE
AddRemove-{675F86A8-E093-4002-87D5-915CC2C45571} - c:\program files (x86)\InstallShield Installation Information\{675F86A8-E093-4002-87D5-915CC2C45571}\Setup.exe
AddRemove-{8833FFB6-5B0C-4764-81AA-06DFEED9A476} - c:\program files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.Exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1183887383-364438216-238060764-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1183887383-364438216-238060764-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1183887383-364438216-238060764-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:88,50,c4,76,05,4e,01,88,92,74,66,85,fc,38,04,2a,d1,91,89,84,f1,52,58,
f1,a6,2d,3f,cc,74,89,34,69,c7,88,34,d5,b0,0c,56,06,1d,7c,22,8c,f9,87,66,53,\
"??"=hex:4e,8c,2e,a6,d5,70,5a,d7,60,b7,0d,6e,cd,19,27,98
.
[HKEY_USERS\S-1-5-21-1183887383-364438216-238060764-1000\Software\SecuROM\License information*]
"datasecu"=hex:d2,91,a5,a3,c1,26,81,5e,9a,20,5c,08,68,05,5c,f1,a9,17,26,21,40,
22,87,6a,a9,e4,8a,61,61,0e,f0,4a,77,de,b3,bb,d6,61,9d,18,ff,3f,8e,d0,ca,8f,\
"rkeysecu"=hex:ba,2a,60,dd,f3,3e,2b,a8,56,0e,0a,5a,92,a3,b7,58
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\DAEMON Tools Lite\DTShellHlp.exe
c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
.
**************************************************************************
.
Celkový čas: 2012-02-20 19:32:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-20 18:32
.
Před spuštěním: Volných bajtů: 12 145 070 080
Po spuštění: Volných bajtů: 11 891 240 960
.
- - End Of File - - 4683D1C114B8213F3A88B8194640B648

#4 Příspěvek od **vyosek** » 20 úno 2012 19:54

Poprosim o log z DDS

Stahnete DDS odsud http://download.bleepingcomputer.com/sUBs/dds.com a ulozte na plochu
Spustte a kliknete na Start
Po chvili vyskoci log, ten rad uvidim

bellian · #5 Příspěvek od **bellian** » 20 úno 2012 19:55

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Jarek at 19:55:06 on 2012-02-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8175.6489 [GMT 1:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Jarek\Desktop\CoreTemp32\Core Temp.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Users\Jarek\Desktop\SALAMAND.EXE
C:\PROGRA~2\THEKMP~1\KMPlayer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.cz/
uURLSearchHooks: Splashtop Connect SearchHook: {0f3dc9e0-c459-4a40-bcf8-747bd9322e10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
BHO: Splashtop Connect VisualBookmark: {0e5680d1-bf44-4929-94af-fd30d784ad1d} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Pomocná služba pro přihlášení ke službě Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Jarek\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CORETE~1.LNK - C:\Users\Jarek\Desktop\CoreTemp32\Core Temp.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.100.254
TCP: Interfaces\{E3AA77E2-E401-4545-8F9F-789DFB68DB47} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E3AA77E2-E401-4545-8F9F-789DFB68DB47} : DhcpNameServer = 192.168.100.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\s48togoj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-10-7 68136]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-7 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-20 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-10 2253120]
R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-10-7 114688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-3-24 493384]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-27 14648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-2-9 128928]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-10-7 30528]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-20 18:31:39 -------- d-----w- C:\$RECYCLE.BIN
2012-02-20 18:28:45 98816 ----a-w- C:\Windows\sed.exe
2012-02-20 18:28:45 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-20 18:28:45 256000 ----a-w- C:\Windows\PEV.exe
2012-02-20 18:28:45 208896 ----a-w- C:\Windows\MBR.exe
2012-02-20 17:34:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-18 20:02:19 -------- d-----w- C:\Program Files (x86)\1C Company
2012-02-17 16:35:17 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B6434799-622E-4B7C-94FA-935293162316}\mpengine.dll
2012-02-15 17:16:17 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 17:16:17 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 17:16:14 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 17:16:14 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 17:16:13 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 17:16:12 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 17:16:06 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 17:16:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-12 14:10:01 -------- d-----w- C:\Program Files (x86)\Atari
2012-02-12 14:04:17 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll
2012-02-12 13:55:08 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-02-12 13:55:08 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-02-12 13:55:08 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-02-12 13:55:08 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-02-12 13:55:08 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-02-12 13:38:51 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-02-12 13:38:51 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-02-12 13:38:51 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-02-12 13:38:51 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-02-12 13:38:51 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-02-12 13:38:48 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-02-12 13:38:48 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-02-11 08:54:22 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-02-11 08:54:22 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2012-02-10 16:53:15 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-02-09 20:19:49 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-02-09 20:19:49 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2012-02-09 20:16:50 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-02-09 15:51:43 -------- d-----w- C:\Users\Jarek\AppData\Local\IsolatedStorage
2012-02-09 15:51:43 -------- d-----w- C:\Users\Jarek\AppData\Local\Futuremark_Corporation
2012-02-08 19:24:46 -------- d-----w- C:\Users\Jarek\SystemRequirementsLab
2012-02-08 19:24:21 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-08 19:24:21 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-08 19:10:23 -------- d-----w- C:\Program Files (x86)\Common Files\Futuremark Shared
2012-02-02 18:11:47 110592 ----a-w- C:\Windows\System32\rtvcvfw32.dll
2012-02-02 18:11:43 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2012-02-01 20:55:16 -------- d-----w- C:\Program Files\ESET
2012-02-01 16:06:27 -------- d-----w- C:\Users\Jarek\AppData\Local\dxhr
2012-02-01 16:03:12 -------- d-----w- C:\Users\Jarek\AppData\Local\28050
2012-01-22 18:48:46 -------- d-----w- C:\Program Files (x86)\X-Com
.
==================== Find3M ====================
.
2012-02-20 18:31:37 25640 ----a-w- C:\Windows\gdrv.sys
2012-01-26 23:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-20 15:52:21 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-01-20 15:52:21 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-01-20 15:52:21 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-01-20 15:52:21 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-10 14:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 19:55:15,80 ===============

#6 Příspěvek od **vyosek** » 20 úno 2012 20:24

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

DDS::
mRun: [ZyngaGamesAgent]
mRun: [WinampAgent]
mRun: [Adobe ARM]
mRun: [SunJavaUpdateSched]
mRun: [Malwarebytes' Anti-Malware]
mRun-x64: [ZyngaGamesAgent]
mRun-x64: [ISUSScheduler]
mRun-x64: [WinampAgent]
mRun-x64: [Adobe ARM]
mRun-x64: [SunJavaUpdateSched]
mRun-x64: [Malwarebytes' Anti-Malware]

Driver::
ALSysIO
GPU-Z
MSICDSetup

File::
c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll

Registry::
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"=-
[-HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[-HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[-HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-

RegNull::
[HKEY_USERS\S-1-5-21-1183887383-364438216-238060764-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-1183887383-364438216-238060764-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_USERS\S-1-5-21-1183887383-364438216-238060764-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
[HKEY_USERS\S-1-5-21-1183887383-364438216-238060764-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

bellian · #7 Příspěvek od **bellian** » 20 úno 2012 20:31

ComboFix 12-02-19.02 - Jarek 20.02.2012 20:27:50.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8175.6770 [GMT 1:00]
Spuštěný z: c:\users\Jarek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jarek\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ALSYSIO
-------\Legacy_GPU-Z
-------\Legacy_MSICDSETUP
-------\Service_ALSysIO
-------\Service_GPU-Z
-------\Service_MSICDSetup
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-20 do 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-20 19:29 . 2012-02-20 19:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-20 17:34 . 2012-02-20 17:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-20 17:16 . 2012-02-20 17:16 -------- d-----w- C:\rsit
2012-02-18 20:02 . 2012-02-18 20:02 -------- d-----w- c:\program files (x86)\1C Company
2012-02-17 16:35 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6434799-622E-4B7C-94FA-935293162316}\mpengine.dll
2012-02-15 17:16 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 17:16 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 17:16 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 17:16 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 17:16 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 17:16 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 17:16 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 17:16 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-12 14:10 . 2012-02-20 19:04 -------- d-----w- c:\program files (x86)\Atari
2012-02-12 14:04 . 2012-02-12 14:04 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2012-02-12 13:55 . 2004-07-15 23:20 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-02-12 13:55 . 2004-07-15 23:20 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-02-12 13:55 . 2004-07-15 23:19 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-02-12 13:55 . 2004-07-15 23:18 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-02-12 13:55 . 2004-07-15 23:18 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-02-12 13:38 . 2004-04-18 22:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-02-12 13:38 . 2004-04-18 22:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-02-12 13:38 . 2004-04-18 22:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-02-12 13:38 . 2004-04-18 22:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-02-12 13:38 . 2004-04-18 22:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-02-12 13:38 . 2012-02-12 13:38 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-02-12 13:38 . 2012-02-12 13:38 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-02-11 08:54 . 2012-02-11 08:54 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-02-11 08:54 . 2012-02-11 08:54 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2012-02-10 16:53 . 2012-02-10 16:53 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-09 20:19 . 2012-02-09 20:19 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-09 20:19 . 2012-02-09 20:19 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-09 20:19 . 2012-02-09 20:19 -------- d-----w- c:\program files\Java
2012-02-09 20:16 . 2012-02-20 17:05 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-02-09 15:51 . 2012-02-09 15:51 -------- d-----w- c:\users\Jarek\AppData\Local\IsolatedStorage
2012-02-09 15:51 . 2012-02-09 15:51 -------- d-----w- c:\users\Jarek\AppData\Local\Futuremark_Corporation
2012-02-08 19:24 . 2012-02-08 19:24 -------- d-----w- c:\users\Jarek\SystemRequirementsLab
2012-02-08 19:24 . 2012-02-08 19:24 -------- d-----w- c:\windows\Sun
2012-02-08 19:24 . 2012-02-08 19:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-08 19:24 . 2012-02-08 19:24 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-08 19:24 . 2012-02-08 19:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-08 19:24 . 2012-02-08 19:24 -------- d-----w- c:\program files (x86)\Java
2012-02-08 19:10 . 2012-02-08 19:10 -------- d-----w- c:\program files (x86)\Common Files\Futuremark Shared
2012-02-02 18:11 . 2010-10-27 01:43 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll
2012-02-02 18:11 . 2012-02-20 19:01 -------- d-----w- c:\program files (x86)\MSI Afterburner
2012-02-01 20:55 . 2012-02-01 20:55 -------- d-----w- c:\program files\ESET
2012-02-01 16:06 . 2012-02-18 19:58 -------- d-----w- c:\users\Jarek\AppData\Local\dxhr
2012-02-01 16:03 . 2012-02-01 16:03 -------- d-----w- c:\users\Jarek\AppData\Local\28050
2012-01-22 18:48 . 2012-02-20 17:05 -------- d-----w- c:\program files (x86)\X-Com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 19:30 . 2011-10-12 14:43 25640 ----a-w- c:\windows\gdrv.sys
2012-01-26 23:52 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-20 15:52 . 2012-01-20 15:52 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-01-20 15:52 . 2011-11-04 16:16 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-20 15:52 . 2011-11-04 16:16 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-01-20 15:52 . 2011-11-04 16:16 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-10 14:24 . 2011-10-11 16:34 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2011-10-10 16:49 256960 ----a-w- c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-20_18.31.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-02-20 18:33 43384 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-20 19:27 33984 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-07 16:35 . 2012-02-20 19:27 7606 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1183887383-364438216-238060764-1000_UserData.bin
- 2012-02-20 18:31 . 2012-02-20 18:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-20 19:30 . 2012-02-20 19:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-02-20 18:37 615810 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-20 18:28 615810 c:\windows\system32\perfh009.dat
+ 2011-04-12 08:34 . 2012-02-20 18:37 631054 c:\windows\system32\perfh005.dat
- 2011-04-12 08:34 . 2012-02-20 18:28 631054 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2012-02-20 18:28 106190 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-02-20 18:37 106190 c:\windows\system32\perfc009.dat
+ 2011-04-12 08:34 . 2012-02-20 18:37 121708 c:\windows\system32\perfc005.dat
- 2011-04-12 08:34 . 2012-02-20 18:28 121708 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2012-02-20 18:31 384276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-20 19:29 384276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-09 08:49 . 2012-02-20 19:29 18525404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1183887383-364438216-238060764-1000-12288.dat
- 2011-10-09 08:49 . 2012-02-20 18:31 18525404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1183887383-364438216-238060764-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-09 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-10-10 113288]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2011-10-10 81920]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [BU]
.
c:\users\Jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Core Temp – zástupce.lnk - c:\users\Jarek\Desktop\CoreTemp32\Core Temp.exe [2010-8-29 439824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 cpuz130;cpuz130;c:\users\Jarek\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-02-20 128928]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-10-07 30528]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 ALSysIO;ALSysIO;c:\users\Jarek\AppData\Local\Temp\ALSysIO64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ALSYSIO
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"combofix"="c:\combofix\CF8158.3XE" [2010-11-21 345088]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.100.254
TCP: Interfaces\{E3AA77E2-E401-4545-8F9F-789DFB68DB47}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\s48togoj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\DAEMON Tools Lite\DTShellHlp.exe
.
**************************************************************************
.
Celkový čas: 2012-02-20 20:31:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-20 19:31
ComboFix2.txt 2012-02-20 18:32
.
Před spuštěním: Volných bajtů: 30 180 433 920
Po spuštění: Volných bajtů: 29 424 001 024
.
- - End Of File - - E11B4A23F311D2DF91E5EFA25938DEF1

#8 Příspěvek od **vyosek** » 20 úno 2012 20:35

Jak se chova PC

bellian · #9 Příspěvek od **bellian** » 20 úno 2012 20:42

Jeví se celkem bez problémů, zatím se zdá že vš funguje dobře.
Jen mě trochu straší, že mi eset dal do karantény 274 souborů a mezi nimi jsou i věci z Program Files nvidia a další podobné.

Nevím zda je můžu obnovit a nebo ne

.

A teď mi na chvíli vypnul monitor a když se zapnul, tak mi vpravo dole nskočila hláška, ž ovladač nvidia přestal pracovat a byl obnoven

.

#10 Příspěvek od **vyosek** » 20 úno 2012 20:52

Dejte prosim screen karanteny, at mrkneme jako co je oznacil

bellian · #11 Příspěvek od **bellian** » 20 úno 2012 20:57

Prakticky během dvou minut tam naskákali, vždy to napsalo "Soubor byl vyléčen a uložen do karantény".

#12 Příspěvek od **vyosek** » 21 úno 2012 12:25

Neshta je pekna mrcha - tzv. fileinfector - napada exe soubory

Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Obnovte soubory z karanteny ESETu - on je presunul ale nejsou polecene, chybi

Udelejte sken avptoolem http://forum.viry.cz/viewtopic.php?f=29&t=58179

bellian · #13 Příspěvek od **bellian** » 21 úno 2012 12:34

Momentálně nejsem u napadeného PC. Až kolem 16:00.

Ten scan avptoolem mám udělat v nouzovém režimu a nebo po obnovení věcí z karanténu, můžu PC spustit normálně?

Děkuji a také vám děkuji za vaší ochotu

.

#14 Příspěvek od **vyosek** » 21 úno 2012 12:40

Prave ze vse v nouzaku - tam nepobezi ani ESET (aby nam jej nahazel zpatky do karanteny) a ani havet by nemela byt aktivni

Jinak neni zac, tohle je leceni vzdy tak trochu risk...urcite zazalohujte dulezita data

bellian · #15 Příspěvek od **bellian** » 21 úno 2012 20:49

Status: Disinfected (events: 201)
21.2.2012 19:40:07 Disinfected virus Virus.Win32.Neshta.a c:\program files (x86)\nvidia corporation\3d vision\nvstview.exe High
21.2.2012 19:40:15 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\All Users\Adobe\ARM\Reader_10.1.1\13449\AcrobatUpdater.exe High
21.2.2012 19:40:16 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\All Users\Adobe\ARM\Reader_10.1.1\13449\ADOBEARM.EXE High
21.2.2012 19:40:16 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\All Users\Adobe\ARM\Reader_10.1.1\13449\AdobeARMHelper.exe High
21.2.2012 19:40:16 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\All Users\Adobe\ARM\Reader_10.1.1\13449\ReaderUpdater.exe High
21.2.2012 19:40:16 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1029-7B44-AA1000000001}\SETUP.EXE High
21.2.2012 19:40:22 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\All Users\Comodo Downloader\geekbuddy.exe High
21.2.2012 19:40:25 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\All Users\NVIDIA\Updatus\Download\3FB908F6\drsupdate.r275_21-10165912_RUNASUSER.exe High
21.2.2012 19:40:25 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\All Users\NVIDIA\Updatus\WLMERGER.EXE High
21.2.2012 19:40:25 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\All Users\NVIDIA\Updatus\Download\8789D51\drsupdate.r285_58-11403901_RUNASUSER.exe High
21.2.2012 19:40:49 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\Jarek\Desktop\.CPU-Z & GPU-Z\GPU-Z.0.5.3.exe High
21.2.2012 19:40:50 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\Jarek\Desktop\.CPU-Z & GPU-Z\cpuz32.exe High
21.2.2012 19:40:50 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\Jarek\Desktop\.CPU-Z & GPU-Z\cpuz64.exe High
21.2.2012 19:40:50 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\Jarek\Desktop\OCCT\OCCT.exe High
21.2.2012 19:40:51 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\Jarek\Desktop\MSI Afterburner & Kombustor\MSIAfterburnerSetup.exe High
21.2.2012 19:40:51 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\Jarek\Desktop\OCCT\unins000.exe High
21.2.2012 19:40:51 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\Jarek\Desktop\OCCT\bin\CUDAMemTest\CUDAMemTest.exe High
21.2.2012 19:40:51 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\Jarek\Desktop\OCCT\bin\linpack\32\linpack_xeon32.exe High
21.2.2012 19:40:51 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\Jarek\Desktop\OCCT\bin\linpack\64\linpack_xeon64.exe High
21.2.2012 19:40:51 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\Jarek\Desktop\OCCT\bin\OCCTGPU\crysis.exe High
21.2.2012 19:40:51 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\Jarek\Desktop\OCCT\bin\OCCTGPU\OCCTGPU.exe High
21.2.2012 19:40:52 Disinfected virus Virus.Win32.Neshta.a C:\Documents and Settings\Jarek\Desktop\OCCT\bin\OCCTTest\occttest.exe High
21.2.2012 19:41:02 Disinfected virus Virus.Win32.Neshta.a C:\MSOCache\All Users\{90140000-006E-0405-1000-0000000FF1CE}-C\dwtrig20.exe High
21.2.2012 19:41:03 Disinfected virus Virus.Win32.Neshta.a C:\MSOCache\All Users\{90140000-006E-0405-1000-0000000FF1CE}-C\DW20.EXE High
21.2.2012 19:41:03 Disinfected virus Virus.Win32.Neshta.a C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe High
21.2.2012 19:41:03 Disinfected virus Virus.Win32.Neshta.a C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7_64\International\setup.exe High
21.2.2012 19:41:03 Disinfected virus Virus.Win32.Neshta.a C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7_64\International\Display.Driver\dbInstaller.exe High
21.2.2012 19:41:03 Disinfected virus Virus.Win32.Neshta.a C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe High
21.2.2012 19:41:04 Disinfected virus Virus.Win32.Neshta.a C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7_64\International\Display.Update\nvlhr.exe High
21.2.2012 19:41:04 Disinfected virus Virus.Win32.Neshta.a C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7_64\International\Display.Update\ComUpdatus.exe High
21.2.2012 19:41:04 Disinfected virus Virus.Win32.Neshta.a C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7_64\International\Display.Update\WLMerger.exe High
21.2.2012 19:41:05 Disinfected virus Virus.Win32.Neshta.a C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7_64\International\Display.Update\daemonu.exe High
21.2.2012 19:41:05 Disinfected virus Virus.Win32.Neshta.a C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7_64\International\DisplayControlPanel\nvSmartMaxapp.exe High
21.2.2012 19:41:05 Disinfected virus Virus.Win32.Neshta.a C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7_64\International\DisplayControlPanel\nvSmartMaxapp64.exe High
21.2.2012 19:41:05 Disinfected virus Virus.Win32.Neshta.a C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7_64\International\DisplayControlPanel\nvvsvc.exe High
21.2.2012 19:41:05 Disinfected virus Virus.Win32.Neshta.a C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7_64\International\DisplayControlPanel\nvTray.exe High
21.2.2012 19:41:06 Disinfected virus Virus.Win32.Neshta.a C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7_64\International\DisplayControlPanel\nvcplui.exe High
21.2.2012 19:41:08 Disinfected virus Virus.Win32.Neshta.a C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7_64\International\DisplayControlPanel\nvxdsync.exe High
21.2.2012 19:41:32 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\1C Company\NecroVisioN Lost Company\Bin\NECROV~1.EXE High
21.2.2012 19:41:32 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\1C Company\NecroVisioN Lost Company\Bin\NVServer.exe High
21.2.2012 19:41:32 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\1C Company\NecroVisioN Lost Company\Bin\disp.exe High
21.2.2012 19:41:32 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\1C Company\NecroVisioN Lost Company\Bin\protect.exe High
21.2.2012 19:41:32 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Adobe\Reader 10.0\Reader\64BitMAPIBroker.exe High
21.2.2012 19:41:33 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroBroker.exe High
21.2.2012 19:41:33 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroTextExtractor.exe High
21.2.2012 19:41:33 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Eula.exe High
21.2.2012 19:41:33 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Adobe\Reader 10.0\Reader\LogTransport2.exe High
21.2.2012 19:41:33 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe High
21.2.2012 19:41:33 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Adobe\Reader 10.0\Reader\wow_helper.exe High
21.2.2012 19:41:33 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Atari\NEVERW~1\nwn2.exe High
21.2.2012 19:41:34 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Atari\NEVERW~1\nwloader.exe High
21.2.2012 19:41:34 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Atari\NEVERW~1\Loader.exe High
21.2.2012 19:41:34 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Atari\NEVERW~1\NWN2LA~1.EXE High
21.2.2012 19:41:34 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Atari\NEVERW~1\NWN2SC~1.EXE High
21.2.2012 19:41:35 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Atari\NEVERW~1\nwn2main.exe High
21.2.2012 19:41:35 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Atari\NEVERW~1\NWN2MA~1.EXE High
21.2.2012 19:41:35 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Atari\NEVERW~1\NWN2SE~1.EXE High
21.2.2012 19:41:35 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Atari\NEVERW~1\NWN2TO~1.EXE High
21.2.2012 19:41:35 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Atari\NEVERW~1\nwupdate.exe High
21.2.2012 19:41:35 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Atari\NEVERW~1\SERVER~1.EXE High
21.2.2012 19:41:36 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Atari\NEVERW~1\Uninstal.exe High
21.2.2012 19:41:36 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Atari\NEVERW~1\Utils\nwn2stub.exe High
21.2.2012 19:41:36 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Atari\NEVERW~1\Utils\DEBUGS~1.EXE High
21.2.2012 19:41:36 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe High
21.2.2012 19:41:36 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe High
21.2.2012 19:41:36 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe High
21.2.2012 19:41:36 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\ReaderUpdater.exe High
21.2.2012 19:41:36 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\EasyFMSI.exe High
21.2.2012 19:41:36 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSICompat.exe High
21.2.2012 19:41:36 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSIScan.exe High
21.2.2012 19:41:36 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSIX.exe High
21.2.2012 19:41:36 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver2.exe High
21.2.2012 19:41:36 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe High
21.2.2012 19:41:36 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriver2.exe High
21.2.2012 19:41:36 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\ISBEW64.exe High
21.2.2012 19:41:36 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe High
21.2.2012 19:41:37 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe High
21.2.2012 19:41:37 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\Java\Java Update\jaucheck.exe High
21.2.2012 19:41:37 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe High
21.2.2012 19:41:38 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe High
21.2.2012 19:41:38 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe High
21.2.2012 19:41:38 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\PX Storage Engine\pxcpya64.exe High
21.2.2012 19:41:38 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\PX Storage Engine\pxcpyi64.exe High
21.2.2012 19:41:38 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\PX Storage Engine\pxhpinst.exe High
21.2.2012 19:41:38 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\PX Storage Engine\pxinsa64.exe High
21.2.2012 19:41:38 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\PX Storage Engine\pxinsi64.exe High
21.2.2012 19:41:38 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\Windows Live\.cache\24a99da81cc9f0701\DXSETUP.exe High
21.2.2012 19:41:38 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\Windows Live\.cache\2909108d1cc9f0702\DXSETUP.exe High
21.2.2012 19:41:39 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\DAEMON Tools Lite\DTHelper.exe High
21.2.2012 19:41:39 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\DAEMON Tools Lite\dtsoftbusinst64.exe High
21.2.2012 19:41:40 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\DAEMON Tools Lite\InstallGadget.exe High
21.2.2012 19:41:40 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\DAEMON Tools Lite\SPTDinst-x64.exe High
21.2.2012 19:41:40 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Common Files\Windows Live\.cache\38c3a1b21cc9f0704\bingbarsetup.exe High
21.2.2012 19:41:40 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\DAEMON Tools Lite\SPTDinst-x86.exe High
21.2.2012 19:41:41 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe High
21.2.2012 19:41:41 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\FileHippo.com\Uninstall.exe High
21.2.2012 19:41:41 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\GameSpy Arcade\fpupdate.exe High
21.2.2012 19:41:42 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\GameSpy Arcade\GSAPak.exe High
21.2.2012 19:41:42 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\GameSpy Arcade\UNWISE.EXE High
21.2.2012 19:41:42 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\GameSpy Arcade\RptCrash.exe High
21.2.2012 19:41:42 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\GameSpy Arcade\Services\_common\RWVoice.exe High
21.2.2012 19:41:43 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\InstallShield Installation Information\{53F4D~1\setup.exe High
21.2.2012 19:41:44 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe High
21.2.2012 19:41:44 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe High
21.2.2012 19:41:44 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\InstallShield Installation Information\{F20C1~1\setup.exe High
21.2.2012 19:41:45 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Java\jre6\bin\java.exe High
21.2.2012 19:41:45 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Java\jre6\bin\javacpl.exe High
21.2.2012 19:41:45 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Java\jre6\bin\javaw.exe High
21.2.2012 19:41:46 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Java\jre6\bin\javaws.exe High
21.2.2012 19:41:46 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Java\jre6\bin\jbroker.exe High
21.2.2012 19:41:46 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Java\jre6\bin\jqs.exe High
21.2.2012 19:41:46 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Java\jre6\bin\jqsnotify.exe High
21.2.2012 19:41:46 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Java\jre6\bin\unpack200.exe High
21.2.2012 19:41:47 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLClient.exe High
21.2.2012 19:41:48 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\dotNetFx40_Client_setup.exe High
21.2.2012 19:41:48 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe High
21.2.2012 19:41:48 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Redist\DirectX\DXSETUP.exe High
21.2.2012 19:41:48 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE High
21.2.2012 19:41:48 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe High
21.2.2012 19:41:48 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\coregen.exe High
21.2.2012 19:41:48 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\Silverlight.Configuration.exe High
21.2.2012 19:41:49 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe High
21.2.2012 19:41:49 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Mozilla Firefox\updater.exe High
21.2.2012 19:41:49 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe High
21.2.2012 19:41:49 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\MSI Afterburner\Uninstall.exe High
21.2.2012 19:41:50 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe High
21.2.2012 19:41:51 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\MSI Afterburner\Redist\vcredist_x86.exe High
21.2.2012 19:41:51 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\MSI Afterburner\SDK\Samples\SharedMemory\MACMSharedMemorySample\Release\MACMSharedMemorySample.exe High
21.2.2012 19:41:52 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NvStereoUtilityOGL.exe High
21.2.2012 19:41:52 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe High
21.2.2012 19:41:52 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe High
21.2.2012 19:41:52 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstreg.exe High
21.2.2012 19:41:52 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvsttest.exe High
21.2.2012 19:41:52 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\ComUpdatus.exe High
21.2.2012 19:41:52 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\Nvlhr.exe High
21.2.2012 19:41:53 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstwiz.exe High
21.2.2012 19:41:53 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\WLMerger.exe High
21.2.2012 19:41:53 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\OpenAL\oalinst.exe High
21.2.2012 19:41:56 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\The Elder Scrolls V Skyrim\DirectX10\DXSETUP.exe High
21.2.2012 19:41:56 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\The KMPlayer\KMPSetup.exe High
21.2.2012 19:41:57 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\The Elder Scrolls V Skyrim\VCRedist\vcredist_x86.exe High
21.2.2012 19:41:57 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\The KMPlayer\uninstall.exe High
21.2.2012 19:41:57 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Ufo\Uninstal.exe High
21.2.2012 19:41:58 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Ufo\dosbox.exe High
21.2.2012 19:41:58 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Ufo\C\DOS4GW.EXE High
21.2.2012 19:41:58 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Ufo\C\INSTALL.EXE High
21.2.2012 19:41:58 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Ufo\C\INTRO.EXE High
21.2.2012 19:41:58 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Ufo\C\MPSCOPY.EXE High
21.2.2012 19:41:58 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Ufo\C\UFOEDIT.EXE High
21.2.2012 19:41:59 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe High
21.2.2012 19:41:59 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Ufo\C\UFO2EXE\TACTICAL.EXE High
21.2.2012 19:41:59 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Ufo\C\UFOEXE\GEOSCAPE.EXE High
21.2.2012 19:41:59 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe High
21.2.2012 19:42:00 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Winamp\UninstWA.exe High
21.2.2012 19:42:01 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Windows Live\Companion\companionuser.exe High
21.2.2012 19:42:01 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Winamp Detect\UninstWaDetect.exe High
21.2.2012 19:42:02 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Windows Live\Installer\defmgr.exe High
21.2.2012 19:42:02 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Windows Live\Mesh\MOE.exe High
21.2.2012 19:42:02 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Windows Live\Photo Gallery\WLXCodecHost.exe High
21.2.2012 19:42:02 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Windows Live\Photo Gallery\WLXQuickTimeControlHost.exe High
21.2.2012 19:42:02 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Windows Live\Photo Gallery\WLXTranscode.exe High
21.2.2012 19:42:02 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe High
21.2.2012 19:42:02 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\Windows Live\Photo Gallery\WLXVideoAcquireWizard.exe High
21.2.2012 19:42:03 Disinfected virus Virus.Win32.Neshta.a C:\Program Files (x86)\X-Com\Uninstal.exe High
21.2.2012 19:44:19 Disinfected virus Virus.Win32.Neshta.a D:\install.exe High
21.2.2012 19:48:04 Disinfected virus Virus.Win32.Neshta.a D:\FirefoxPortable\FirefoxPortable.exe High
21.2.2012 19:48:15 Disinfected virus Virus.Win32.Neshta.a D:\FirefoxPortable\App\Firefox\firefox.exe High
21.2.2012 19:57:17 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\1\Armageddon.riders.Clutch\crack\Clutch.exe High
21.2.2012 19:57:22 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\1\DeusEx Human revolution (2011)\DeusEx_HR-nonsteam-ceština.exe High
21.2.2012 19:57:24 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\1\GTA.IV\Patch, Cestina, crack\gta4cestina02-0101\MagicIV.exe High
21.2.2012 19:57:24 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\1\GTA.IV\Patch, Cestina, crack\GTA_IV_1.0.4.0__Razor1911_patch___crack\GTA IV 1.0.4.0 patch + crack\crack 1.0.4.0 - Razor1911\LaunchGTAIV.exe High
21.2.2012 19:57:45 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\1\GTA.IV\Patch, Cestina, crack\gta4cestina02-0101\gta_iv_cestina_02.exe High
21.2.2012 19:58:06 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\1\S.T.A.L.K.E.R. - Shadow of Chernobyl\Crack v1.0006\XR_3DA.exe High
21.2.2012 19:58:30 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\1\S.T.A.L.K.E.R. - Shadow of Chernobyl\Patch v1.0005 na v1.0006\stk-sck-efigspc-patch-5-6.exe High
21.2.2012 20:00:11 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\Neverwinter Nights 2 Platinum Collection\CZ setup.exe High
21.2.2012 20:02:14 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\NFS.The.Run\FreeArc 0.666.exe High
21.2.2012 20:02:17 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\NFS.The.Run\Need for Speed - The Run\Need for Speed - The Run\Core\activation.exe High
21.2.2012 20:02:18 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\NFS.The.Run\Need for Speed - The Run\Need for Speed - The Run\Core\EACoreServer.exe High
21.2.2012 20:02:21 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\NFS.The.Run\Need for Speed - The Run\Need for Speed - The Run\Core\EAProxyInstaller.exe High
21.2.2012 20:02:22 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\NFS.The.Run\Need for Speed - The Run\Need for Speed - The Run\Core\PatchProgress.exe High
21.2.2012 20:02:51 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\NFS.The.Run\Need for Speed - The Run\Need for Speed - The Run\__Installer\Cleanup.exe High
21.2.2012 20:02:53 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\NFS.The.Run\Need for Speed - The Run\Need for Speed - The Run\__Installer\Touchup.exe High
21.2.2012 20:08:03 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\NFS.The.Run\Need for Speed - The Run\Need for Speed - The Run\__Installer\directx\redist\DXSETUP.exe High
21.2.2012 20:18:59 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\NFS.The.Run\Need for Speed - The Run\Need for Speed - The Run\__Installer\vc\vc2008sp1\redist\vcredist_x86.exe High
21.2.2012 20:19:03 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\S.T.A.L.K.E.R Clear Sky (cz) (pc) (2008)\Crack pro 64 Bit\xrEngine.exe High
21.2.2012 20:19:36 Disinfected virus Virus.Win32.Neshta.a D:\Hry\1\StarCraft 2 Wings Of Liberty (2010)\Starcraft 2-serial,patch,crack,skirmish crack,maps,Cz\Starcraft 2-serial,patch,crack,skirmish crack,maps,Cz\All in One skirmish crack\SC2ALLin1_setup1033.exe High
21.2.2012 20:40:40 Disinfected virus Virus.Win32.Neshta.a D:\Instalacky\3D Mark 11 + Keygen (WeedLoadz)\3D Mark 11\3D mark 11 keygen.exe High
21.2.2012 20:41:38 Disinfected virus Virus.Win32.Neshta.a D:\Zaloha\.CPU-Z & GPU-Z\cpuz32.exe High
21.2.2012 20:41:41 Disinfected virus Virus.Win32.Neshta.a D:\Zaloha\.CPU-Z & GPU-Z\cpuz64.exe High
21.2.2012 20:41:42 Disinfected virus Virus.Win32.Neshta.a D:\Zaloha\CoreTemp32\Core Temp.exe High
21.2.2012 20:41:43 Disinfected virus Virus.Win32.Neshta.a D:\Zaloha\.CPU-Z & GPU-Z\GPU-Z.0.5.3.exe High
21.2.2012 20:41:51 Disinfected virus Virus.Win32.Neshta.a D:\Zaloha\MSI Afterburner & Kombustor\MSIAfterburnerSetup.exe High
21.2.2012 20:41:52 Disinfected virus Virus.Win32.Neshta.a D:\Zaloha\OCCT\OCCT.exe High
21.2.2012 20:41:54 Disinfected virus Virus.Win32.Neshta.a D:\Zaloha\OCCT\unins000.exe High
21.2.2012 20:41:54 Disinfected virus Virus.Win32.Neshta.a D:\Zaloha\OCCT\bin\CUDAMemTest\CUDAMemTest.exe High
21.2.2012 20:41:55 Disinfected virus Virus.Win32.Neshta.a D:\Zaloha\OCCT\bin\linpack\32\linpack_xeon32.exe High
21.2.2012 20:41:55 Disinfected virus Virus.Win32.Neshta.a D:\Zaloha\OCCT\bin\OCCTGPU\crysis.exe High
21.2.2012 20:41:57 Disinfected virus Virus.Win32.Neshta.a D:\Zaloha\OCCT\bin\OCCTGPU\OCCTGPU.exe High
21.2.2012 20:42:01 Disinfected virus Virus.Win32.Neshta.a D:\Zaloha\OCCT\bin\linpack\64\linpack_xeon64.exe High
21.2.2012 20:42:03 Disinfected virus Virus.Win32.Neshta.a D:\Zaloha\OCCT\bin\OCCTTest\occttest.exe High
21.2.2012 20:42:08 Disinfected virus Virus.Win32.Neshta.a D:\Zaloha\Picture-Motion-Browser-53-CZ\PMB_5_3CZ.exe High
Status: Deleted (events: 2)
21.2.2012 19:40:30 Deleted virus EICAR-Test-File C:\Documents and Settings\Jarek\AppData\Local\Temp\Av-test.txt High
21.2.2012 19:42:53 Deleted virus Virus.Win32.Neshta.a C:\Windows\svchost.com High
Status: Detected (events: 16)
21.2.2012 19:57:19 Detected virus Virus.Win32.Neshta.a D:\Hry\1\1\Duke Nukem Forever (2011)\Duke_Nukem_Forever_SP_Cz_Final.exe High
21.2.2012 20:18:55 Detected virus Virus.Win32.Neshta.a D:\Hry\1\NFS.The.Run\Need for Speed - The Run\Need for Speed - The Run\__Installer\vc\vc2008sp1\redist\vcredist_x64.exe High
21.2.2012 20:18:57 Detected virus Virus.Win32.Neshta.a D:\Hry\1\S.T.A.L.K.E.R Clear Sky (cz) (pc) (2008)\Crack pro 32 Bit\xrEngine.exe High
21.2.2012 20:19:01 Detected virus Virus.Win32.Neshta.a D:\Hry\1\Serious Sam 3\unins000.exe High
21.2.2012 20:19:15 Detected virus Virus.Win32.Neshta.a D:\Hry\1\Serious Sam 3\Redist\DirectX\DXSETUP.exe High
21.2.2012 20:19:20 Detected virus Virus.Win32.Neshta.a D:\Hry\1\StarCraft 2 Wings Of Liberty (2010)\Starcraft 2-serial,patch,crack,skirmish crack,maps,Cz\Starcraft 2-serial,patch,crack,skirmish crack,maps,Cz\StarCraftII_CZ_1.1.3.exe High
21.2.2012 20:19:23 Detected virus Virus.Win32.Neshta.a D:\Hry\1\StarCraft 2 Wings Of Liberty (2010)\Starcraft 2-serial,patch,crack,skirmish crack,maps,Cz\Starcraft 2-serial,patch,crack,skirmish crack,maps,Cz\crack1.113\Crack\StarCraft II.exe High
21.2.2012 20:19:24 Detected virus Virus.Win32.Neshta.a D:\Hry\1\The Elder Scrolls\The Elder Scrolls III Complete.CZ\TES3_Complete_CZ\čeština\lgomorrowindczechaio108.exe High
21.2.2012 20:19:31 Detected virus Virus.Win32.Neshta.a D:\Hry\1\The Elder Scrolls\The Elder Scrolls IV Oblivion 5th\Crack\1\Oblivion.exe High
21.2.2012 20:19:37 Detected virus Virus.Win32.Neshta.a D:\Hry\1\The Elder Scrolls\The Elder Scrolls IV Oblivion 5th\Oblivion Plus\Oficiální DLC\Oblivion - Mehrunes Razor.exe High
21.2.2012 20:19:37 Detected virus Virus.Win32.Neshta.a D:\Hry\1\The Elder Scrolls\The Elder Scrolls IV Oblivion 5th\Oblivion Plus\Oficiální DLC\Oblivion - Spell Tomes.exe High
21.2.2012 20:19:37 Detected virus Virus.Win32.Neshta.a D:\Hry\1\The Elder Scrolls\The Elder Scrolls IV Oblivion 5th\Oblivion Plus\Oficiální DLC\Oblivion - Vile Lair.exe High
21.2.2012 20:19:38 Detected virus Virus.Win32.Neshta.a D:\Hry\1\The Elder Scrolls\The Elder Scrolls IV Oblivion 5th\Oblivion Plus\Oficiální DLC\Oblivion - Thieves Den.exe High
21.2.2012 20:19:38 Detected virus Virus.Win32.Neshta.a D:\Hry\1\The Elder Scrolls\The Elder Scrolls IV Oblivion 5th\Oblivion Plus\Oficiální DLC\Oblivion - Horse Armor Pack.exe High
21.2.2012 20:19:47 Detected virus Virus.Win32.Neshta.a D:\Hry\1\X-MenOriginsCz\X-MenOriginsCz.exe High
21.2.2012 20:19:47 Detected virus Virus.Win32.Neshta.a D:\Hry\NECROV~1\NECROV~1\Crack\NECROV~1.EXE High

VIRY.CZ

ESET hlási viry a není platna aplikace typu win32

ESET hlási viry a není platna aplikace typu win32

Re: ESET hlási viry a není platna aplikace typu win32

Re: ESET hlási viry a není platna aplikace typu win32

Re: ESET hlási viry a není platna aplikace typu win32

Re: ESET hlási viry a není platna aplikace typu win32

Re: ESET hlási viry a není platna aplikace typu win32

Re: ESET hlási viry a není platna aplikace typu win32

Re: ESET hlási viry a není platna aplikace typu win32

Re: ESET hlási viry a není platna aplikace typu win32

Re: ESET hlási viry a není platna aplikace typu win32

Re: ESET hlási viry a není platna aplikace typu win32

Re: ESET hlási viry a není platna aplikace typu win32

Re: ESET hlási viry a není platna aplikace typu win32

Re: ESET hlási viry a není platna aplikace typu win32

Re: ESET hlási viry a není platna aplikace typu win32