Win32/Olmarik.TDL4.trojan - prosim o pomoc

[buhtak]

Dobrý deň prajem. ESET NOD32 antivirus mi našiel tento typ trojskeho koňa a už som sa pokúšal zmazať ho rôznymi programami ale nič nepomohlo stále ho mám v PC a mám pocit že sťahuje ďalšie vírusy...
Mám Windows 7 Home edition 32bit, vírus ho viackrát zhodil a zjavila sa aj BSOD.. navyše mi zmizli niektoré súbory z plochy a z ponuky štart... keď som zistil že mám tento vírus v PC hneď som hľadal možné riešenia na internete, našiel som jednu stránku a tam mi poradili vyskúšať viaceré software na odstránenie tohoto vírusu no niektoré vírus vôbec nenašli alebo ho nedokázali odstrániť..
programy tdsskiller a aswMBR mi vôbec nejdú spustiť mám dojem že je to práve tým vírusom. Ďalej som použil Gmer mbr ale tento vírus vôbec nenašiel... chcel by som podotknúť že mám nelegálny NOD ktorý som však neinštaloval ja a nevedel som že je nelegálny..

[vyosek]

Zdravim a pekny den preji

Nelegalni NOD pak dame do pryc - tohle tu nepodporujem - vizte pravidla fora

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

• Ulozte nejlepe na plochu
• Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Report
• Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

[buhtak]

prepáčte za zrdžanie, bol som preč ale už som späť

takže log z RogueKilleru:

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows 7 (6.1.7600 ) 32 bits version
Spustené v : Normálny režim
Užívateľ: chlopi [Práva Správcu]
Režim: Kontrola -- Dátum: 03/30/2012 15:24:14

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrov: 22 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : uTorrent ("C:\Users\chlopi\Desktop\uTorrent.exe" /MINIMIZED) -> FOUND
[SUSP PATH] HKCU\[...]\Run : Antivirus Protection 2012 SM (C:\Users\chlopi\AppData\Roaming\Antivirus Protection 2012\securitymanager.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1871977560-501710343-4259429351-1001[...]\Run : uTorrent ("C:\Users\chlopi\Desktop\uTorrent.exe" /MINIMIZED) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1871977560-501710343-4259429351-1001[...]\Run : Antivirus Protection 2012 SM (C:\Users\chlopi\AppData\Roaming\Antivirus Protection 2012\securitymanager.exe) -> FOUND
[SUSP PATH] {460C32A4-41F5-4A1B-A310-651D33DE83EA}.job @ : C:\Users\chlopi\Desktop\ChromeSetup.exe -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač: [NAHRATÉ] ¤¤¤
_INLINE_ : NtResumeThread -> HOOKED (Unknown @ 0x000000CC)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\DRIVERS\atapi.sys -> HOOKED ([INLINE] Unknown @ 0x86959FA9)

¤¤¤ Nákaza : Root.MBR ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721064CLA332 ATA Device +++++
--- User ---
[MBR] 72f22a34025dad34d0c32f422e472066
[BSP] 5082a8259f82b371c48ab2160f179237 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305617 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 626110464 | Size: 296300 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1232932864 | Size: 8452 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 4296d6887ca52a3e1b7461339c318336
[BSP] 2def955a408f4541371584911fa1fd97 : MaxSS MBR Code!
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305617 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 626110464 | Size: 296300 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1232932864 | Size: 8452 Mo

Dokončené : << RKreport[1].txt >>
RKreport[1].txt


a log z MBRScan-u:


MBRScan v1.1.1

OS : Windows 7 (32 bit)
PROCESSOR : x86 Family 6 Model 23 Stepping 10, GenuineIntel
BOOT : Normal Boot
DATE : 2012/03/30 (ISO 8601) at 15:55:15
________________________________________________________________________________

DISK : Device\Harddisk0\DR0 __Hitachi HDS721064CLA332 (JPGOA3BF)
BUS_TYPE : (0x03) P-ATA
USE_PIO : NO
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0 596.2 Go [Fixed] ==> MaxSS.SST.B MBR Code

MBR_MD5 : 4296D6887CA52A3E1B7461339C318336
MBR_SHA1 : 689CF55736C5B92EA3AF4E191EE336AC7AFAB5D9

Device\Harddisk0\Partition1 100.0 Mo 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 298.5 Go 0x07 NTFS / HPFS
Device\Harddisk0\Partition3 8.25 Go 0x07 NTFS / HPFS
Device\Harddisk0\Partition4 289.4 Go 0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER : C:\Windows\System32\Drivers\sptd.sys => LOCKED!
ADDRESS : 0x83AAE000
SIZE : 1.07 Mo

DRIVER : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x97911000
SIZE : 44.0 Ko

DRIVER : C:\Windows\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0x9791C000
SIZE : 36.0 Ko

DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x97925000
SIZE : 68.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions : NOEXECUTE=OPTIN IN MINT

________________________________________________________________________________

_____FAKED \Device\Harddisk0\DR0

0x00000000 31 C0 8E D0 BC 00 7C 0E 1F 0E 07 66 60 88 16 00 1À.м.|....f`...
0x00000010 7E C6 06 04 7E 1E B4 48 BE 04 7E CD 13 B0 50 0F ~Æ..~.´H¾.~Í.°P.
0x00000020 82 73 01 83 2E 13 04 14 A1 13 04 C1 E0 06 A3 02 .s......¡..Áà.£.
0x00000030 7E 83 EC 0E 6A 10 89 E5 BE 99 7D B9 05 00 66 31 ~.ì.j..å¾.}¹..f1
0x00000040 DB E8 F7 00 FF 36 02 7E 07 8C 46 06 8C 5E 04 E8 Ûè÷..6.~..F..^.è
0x00000050 08 00 83 C4 10 66 61 06 1E CB 66 60 57 66 FF 36 ...Ä.fa..Ëf`Wf.6
0x00000060 14 7E 66 8F 46 08 66 FF 36 18 7E 66 8F 46 0C 66 .~f.F.f.6.~f.F.f
0x00000070 8B 45 10 66 40 66 29 46 08 66 19 5E 0C 8B 45 14 .E.f@f)F.f.^..E.
0x00000080 89 46 02 B4 42 8A 16 00 7E 89 EE CD 13 B0 52 0F .F.´B...~.îÍ.°R.
0x00000090 82 03 01 31 C0 BA 04 04 BE B4 7D 88 9F 42 7E FE ...1Àº..¾´}..B~þ
0x000000A0 C3 75 F8 8A 8F 42 7E 02 04 E8 7E 00 46 FE CE 75 Ãuø..B~..è~.FþÎu
0x000000B0 04 29 D6 88 D6 FE C3 75 EA 31 C0 89 C3 8B 56 02 .)Ö.ÖþÃuê1À.Ã.V.
0x000000C0 C1 E2 09 8B 76 04 FE C3 8A 8F 42 7E E8 5B 00 00 Áâ..v.þÃ..B~è[..
0x000000D0 E9 30 ED 89 CF 8A 8D 42 7E 26 30 0C 46 4A 75 E6 é0í.Ï..B~&0.FJuæ
0x000000E0 5F 66 8B 4D 18 66 0F B7 56 04 81 F9 FF 7F B0 53 _f.M.f.·V..ù..°S
0x000000F0 0F 87 A2 00 66 FF 75 1C 66 31 C0 66 89 45 1C 66 ..¢.f.u.f1Àf.E.f
0x00000100 F7 D0 26 67 32 02 66 42 B3 08 66 D1 E8 73 06 66 ÷Ð&g2.fB³.fÑès.f
0x00000110 35 20 83 B8 ED FE CB 75 F1 E2 E7 66 F7 D0 66 5B 5 .¸íþËuñâçf÷Ðf[
0x00000120 66 39 D8 B0 43 75 6F 66 61 C3 00 C8 89 C7 8A AD f9Ø°CuofaÃ.È.Ç.­
0x00000130 42 7E 88 AF 42 7E 88 8D 42 7E C3 66 60 BF 00 80 B~.¯B~..B~Ãf`¿..
0x00000140 8C 4E 06 89 7E 04 66 89 D8 40 89 45 14 66 0F B7 .N..~.f.Ø@.E.f.·
0x00000150 06 B2 7D 66 89 45 10 B8 20 00 E8 FD FE 8B 7E 04 .²}f.E.¸ .èýþ.~.
0x00000160 8B 55 18 FC 60 F3 A6 83 7D FE 5C 74 0D E3 0D 61 .U.ü`ó¦.}þ\t.ã.a
0x00000170 01 C7 29 C2 77 EE B0 4E EB 1C 41 4E 5F 83 C4 0E .Ç)Âwî°Në.AN_.Ä.
0x00000180 60 89 FE BF 22 7E 59 57 89 C1 F3 A4 61 E3 02 EB `.þ¿"~YW.Áó¤aã.ë
0x00000190 C9 59 57 66 61 C3 F4 EB FD 5C 62 6F 6F 74 00 00 ÉYWfaÃôëý\boot..
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 02 00 14 91 E8 CA 9E 21 63 5D 00 00 80 20 ......èÊ.!c]...
0x000001C0 21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF !..ß....... ...ß
0x000001D0 14 0C 07 FE FF FF 00 28 03 00 00 88 4E 25 00 FE ...þ...(....N%.þ
0x000001E0 FF FF 0F FE FF FF 00 B0 51 25 00 60 2B 24 00 FE ...þ...°Q%.`+$.þ
0x000001F0 FF FF 07 FE FF FF 00 10 7D 49 B0 22 08 01 55 AA ...þ....}I°"..Uª

__ORIGINAL \Device\Harddisk0\DR0

0x00000000 33 C0 8E D0 BC 00 7C FB 8E C0 8E D8 8B F4 BF 00 3À.м.|û.À.Ø.ô¿.
0x00000010 06 B9 00 02 FC F3 A4 EA 60 06 00 00 00 00 00 00 .¹..üó¤ê`.......
0x00000020 52 65 63 6F 76 65 72 79 4D 67 72 20 00 10 7D 49 RecoveryMgr ..}I
0x00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0D 0A ................
0x00000050 00 00 00 00 57 00 00 00 FF FF FF FF FF FF FF FF ....W...........
0x00000060 86 4C BD BE 30 06 AC B4 0E 33 DB CD 10 0A C0 75 .L½¾0.¬´.3ÛÍ..Àu
0x00000070 F5 E3 0B FE 06 13 06 53 53 E8 70 00 EB 39 B4 11 õã.þ...SSèp.ë9´.
0x00000080 CD 16 74 2D B4 10 CD 16 80 FC 85 75 F1 3C 00 75 Í.t-´.Í..ü.uñ<.u
0x00000090 ED EB 24 8B 16 6C 04 FA 66 A1 1C 06 BF 54 06 B1 íë$..l.úf¡..¿T.±
0x000000A0 03 F2 66 AF FB 3D 00 00 6C 04 2B C2 83 F8 24 76 .òf¯û=..l.+Â.ø$v
0x000000B0 E6 B0 01 84 C0 75 1C BB C6 7D 66 8B 37 66 8B 3E æ°..Àu.»Æ}f.7f.>
0x000000C0 2C 06 66 3B F7 74 07 80 C3 10 73 EE EB 05 BB 28 ,.f;÷t..Ã.sîë.»(
0x000000D0 06 EB 10 BB C2 7D 80 7F FC 00 78 07 80 C3 10 73 .ë.»Â}..ü.x..Ã.s
0x000000E0 F5 EB FE 66 FF 77 04 E8 02 00 FF E4 C8 10 00 00 õëþf.w.è...äÈ...
0x000000F0 B4 08 B2 80 CD 13 8A C1 24 3F FE C6 8A D8 F6 E6 ´.².Í..Á$?þÆ.Øöæ
0x00000100 C0 E9 06 86 CD 41 91 F7 E1 39 56 06 8B 56 06 8B Àé..ÍA.÷á9V..V..
0x00000110 46 04 73 1C F7 F1 91 92 F6 F3 86 CD C0 E1 06 02 F.s.÷ñ..öó.ÍÀá..
0x00000120 CC 41 8A F0 B8 01 02 BB 00 7C 86 26 13 06 EB 14 ÌA.ð¸..».|.&..ë.
0x00000130 83 C4 10 0E 0E 52 50 0E 68 00 7C 6A 01 6A 10 8B .Ä...RP.h.|j.j..
0x00000140 F4 B8 00 42 B2 80 CD 13 C9 C2 04 00 1E 50 53 0E ô¸.B².Í.ÉÂ...PS.
0x00000150 1F BB 1B 06 A0 17 04 24 0F 88 47 04 E4 60 3C E0 .».....$..G.ä`<à
0x00000160 74 1A 3C 1D 74 10 3C 2A 74 0C 3C 36 74 08 3C 38 t.<.t.<*t.<6t.<8
0x00000170 74 04 84 C0 79 06 66 83 27 00 EB 06 FE 07 02 1F t..Ày.f.'.ë.þ...
0x00000180 88 07 5B 58 1F EA 00 00 00 00 00 00 00 00 00 00 ..[X.ê..........
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 00 00 00 9E 21 63 5D 00 00 80 20 .........!c]...
0x000001C0 21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF !..ß....... ...ß
0x000001D0 14 0C 07 FE FF FF 00 28 03 00 00 88 4E 25 00 FE ...þ...(....N%.þ
0x000001E0 FF FF 0F FE FF FF 00 B0 51 25 00 60 2B 24 00 FE ...þ...°Q%.`+$.þ
0x000001F0 FF FF 07 FE FF FF 00 10 7D 49 B0 22 08 01 55 AA ...þ....}I°"..Uª


Môžem dávať logy do code?

[vyosek]

Ne logy do code nedavejte

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Kliknete na volbu Change parametrs
• V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
• Kliknete na OK
• Utilite prikazte, at skenuje - klik na Start Scan
• Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
• Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
• Pokud mate vsude Skip, kliknete na Continue
• Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

[buhtak]

tu je vlastne ten problém, TDSSKiller som stiahol je normálne na ploche, ale keď naň kliknem tak sa vôbec nespustí len akoby sa načítaval a potom nič..

[vyosek]

Spustte znovu RogueKiller

• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
• Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte
• Pak kliknete na Oprava Proxy a Zprava - otevre se log, ten sem vlozte

[buhtak]

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows 7 (6.1.7600 ) 32 bits version
Spustené v : Normálny režim
Užívateľ: chlopi [Práva Správcu]
Režim: Odebrať -- Dátum: 03/30/2012 16:44:10

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrov: 22 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : uTorrent ("C:\Users\chlopi\Desktop\uTorrent.exe" /MINIMIZED) -> DELETED
[SUSP PATH] HKCU\[...]\Run : Antivirus Protection 2012 SM (C:\Users\chlopi\AppData\Roaming\Antivirus Protection 2012\securitymanager.exe) -> DELETED
[SUSP PATH] {3141B459-4826-4BAF-95C8-E9B9FFA1B612}.job @ : C:\Users\chlopi\Desktop\tdsskiller.exe -> DELETED
[SUSP PATH] {3943AF5E-726F-4ACC-881D-E92D3C8039AB}.job @ : C:\Users\chlopi\Desktop\tdsskiller.exe -> DELETED
[SUSP PATH] {460C32A4-41F5-4A1B-A310-651D33DE83EA}.job @ : C:\Users\chlopi\Desktop\ChromeSetup.exe -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Users\chlopi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg)
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač: [NAHRATÉ] ¤¤¤
_INLINE_ : NtResumeThread -> HOOKED (Unknown @ 0x000000CC)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\DRIVERS\atapi.sys -> HOOKED ([INLINE] Unknown @ 0x86959FA9)

¤¤¤ Nákaza : Root.MBR ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721064CLA332 ATA Device +++++
--- User ---
[MBR] 72f22a34025dad34d0c32f422e472066
[BSP] 5082a8259f82b371c48ab2160f179237 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305617 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 626110464 | Size: 296300 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1232932864 | Size: 8452 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 4296d6887ca52a3e1b7461339c318336
[BSP] 2def955a408f4541371584911fa1fd97 : MaxSS MBR Code!
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305617 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 626110464 | Size: 296300 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1232932864 | Size: 8452 Mo

Dokončené : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt





RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows 7 (6.1.7600 ) 32 bits version
Spustené v : Normálny režim
Užívateľ: chlopi [Práva Správcu]
Režim: Oprava HOSTS -- Dátum: 03/30/2012 16:47:21

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Ovládač: [NAHRATÉ] ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončené : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt





RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows 7 (6.1.7600 ) 32 bits version
Spustené v : Normálny režim
Užívateľ: chlopi [Práva Správcu]
Režim: Oprava Proxy -- Dátum: 03/30/2012 16:49:00

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Ovládač: [NAHRATÉ] ¤¤¤

¤¤¤ Záznamy Registrov: 0 ¤¤¤

Dokončené : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

[vyosek]

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[buhtak]

použil som RKill, všetko ok, potom som spustil Combofix presn podľa návodu... obnovili sa mi ikony na ploche a PC pracuje trochu rýchlejšie ale ešte mám problémy..napríklad Skype mi nešiel spustiť odkedy som mal ten vírus a ani teraz nejde (prestane pracovať po tom čo ho spustím) a ďalej antivírus ma ďalej upozorňuje na vírusy ako Win32/PSW.Agent.NTM.trojan , Win32/Kryptik.EJH.trojan .

Combofix log:

ComboFix 12-03-31.02 - chlopi . 03. 2012 14:00:02.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.421.1051.18.3071.2119 [GMT 2:00]
Running from: c:\users\chlopi\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\chlopi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection 2012.lnk
c:\windows\PFRO.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\result.txt
c:\windows\system32\tmp9195.tmp
c:\windows\system32\tmp9196.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
.
.
2012-03-31 12:38 . 2012-03-31 12:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 18:25 . 2012-03-29 20:54 -------- d-----w- c:\users\chlopi\AppData\Roaming\Antivirus Protection 2012
2012-03-29 15:50 . 2012-03-29 16:16 -------- d-----w- C:\sh4ldr
2012-03-29 15:50 . 2012-03-29 15:50 -------- d-----w- c:\program files\Enigma Software Group
2012-03-29 15:50 . 2012-03-29 16:16 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-29 15:32 . 2012-03-29 15:32 -------- d-sh--w- c:\users\chlopi\%APPDATA%
2012-03-25 20:03 . 2012-03-25 20:03 -------- d-----w- c:\users\chlopi\AppData\Roaming\Malwarebytes
2012-03-25 20:03 . 2012-03-25 20:03 -------- d-----w- c:\programdata\Malwarebytes
2012-03-25 20:03 . 2012-03-25 20:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-25 19:28 . 2012-03-25 19:28 -------- d-----w- c:\program files\ERUNT
2012-03-25 18:04 . 2012-03-25 18:04 -------- d-----w- c:\users\chlopi\AppData\Roaming\TrojanHunter
2012-03-25 17:58 . 2012-03-25 18:32 -------- d-----w- c:\program files\TrojanHunter 5.3
2012-03-25 17:46 . 2012-03-25 18:32 -------- d-----w- c:\program files\Trojan Remover
2012-03-24 21:31 . 2012-03-24 21:46 -------- d-----w- c:\program files\PC Drummer Trial Edition
2012-03-20 16:05 . 2012-03-20 16:05 -------- d-----w- c:\program files\ASIO4ALL v2
2012-03-20 16:05 . 2012-03-20 16:05 -------- d-----w- c:\program files\VstPlugins
2012-03-20 16:05 . 2002-07-07 22:14 1294336 ----a-w- c:\windows\system32\vorbis.acm
2012-03-20 16:05 . 2012-03-20 16:05 -------- d-----w- c:\program files\Outsim
2012-03-20 16:04 . 2012-03-20 16:05 -------- d-----w- c:\program files\Image-Line
2012-03-10 22:10 . 2012-03-10 22:11 -------- d-----w- c:\program files\GuitArt
2012-03-08 16:01 . 2012-03-08 16:01 687653 ----a-w- c:\windows\Counter-Strike 1.6 Standalone Uninstaller.exe
2012-03-08 16:00 . 2012-03-29 17:21 -------- d-----w- c:\program files\Counter-Strike 1.6 Standalone
2012-03-08 16:00 . 2012-03-08 16:00 -------- d-----w- c:\program files\Common Files\Thraex Software
2012-03-06 20:21 . 2012-03-06 20:21 -------- d-----w- c:\program files\Common Files\Skype
2012-03-06 16:18 . 2012-03-06 16:18 -------- d-----w- c:\program files\Porrasturvat
2012-03-04 14:44 . 2012-03-04 14:44 -------- d-----w- c:\program files\Rockstar Games
2012-03-02 10:54 . 2012-03-02 10:54 5164704 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-11 12:25 . 2010-12-01 14:26 140496 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-11 12:25 . 2010-12-01 14:26 280736 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-11 12:25 . 2010-10-05 18:03 280736 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-01-04 09:56 . 2010-10-23 14:39 2516 --sha-w- c:\programdata\KGyGaAvL.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-01-17 175912]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-31 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic-Eng7\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-01-31 10:00 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-01-17 175912]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-31 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-01-17 175912]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-31 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"EADM"="c:\program files\Origin\Origin.exe" [2011-09-23 27763336]
"Facebook Update"="c:\users\chlopi\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-19 137536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"uTorrent"="c:\users\chlopi\Desktop\uTorrent.exe" [2012-03-03 740216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"ats"="c:\windows\system32\asd\loadqm.exe" [2005-08-26 659456]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 460872]
.
c:\users\chlopi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-03-04 12:31 311296 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BATINDICATOR]
2009-05-08 23:39 2068992 ----a-w- c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP KEYBOARDx]
2010-02-11 17:07 710656 ----a-w- c:\program files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchHPOSIAPP]
2009-04-04 01:24 385024 ----a-w- c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2009-10-14 22:53 563736 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-14 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-31 652360]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 BopItU2U;BopIt Serial port driver;c:\windows\system32\DRIVERS\BopItU2U.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-14 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys [2008-07-31 82048]
R3 OxSer;OxSer;c:\windows\system32\DRIVERS\OxSer.sys [2009-09-16 83888]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-26 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-03-20 436792]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-08 176128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-08 8606208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-08 248832]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 10:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1871977560-501710343-4259429351-1001Core.job
- c:\users\chlopi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 16:37]
.
2012-03-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1871977560-501710343-4259429351-1001UA.job
- c:\users\chlopi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 16:37]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-14 07:24]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-14 07:24]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1871977560-501710343-4259429351-1001Core.job
- c:\users\chlopi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 11:41]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1871977560-501710343-4259429351-1001UA.job
- c:\users\chlopi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 11:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bing.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: di.slik.es - the Facebook Dislike Button: dislikes@dige - %profile%\extensions\dislikes@dige
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\17.0.963.83\Installer\setup.exe
AddRemove-Antivirus Protection 2012 - c:\users\chlopi\AppData\Roaming\Antivirus Protection 2012\securityhelper.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1871977560-501710343-4259429351-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3f,b2,3c,ad,5d,e2,ab,b4,29,7e,d3,bf,b4,c3,99,99,8f,19,a7,86,71,0b,64,
57,5e,74,3f,67,6e,70,a0,f5,34,93,3a,73,78,42,c5,a1,0d,4e,3a,44,8c,16,4d,f8,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1871977560-501710343-4259429351-1001\Software\SecuROM\License information*]
"datasecu"=hex:3f,31,f4,66,28,9f,91,6f,2c,04,bb,d3,78,2f,4b,af,f6,0c,3d,cb,84,
bf,f5,0b,98,cd,50,44,fd,56,fd,7a,da,28,e4,6e,8f,16,5b,99,e5,34,95,45,76,97,\
"rkeysecu"=hex:76,f9,6d,c7,83,25,2e,f5,e9,63,63,cb,48,e5,44,34
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4952)
c:\windows\System32\netprofm.dll
c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2012-03-31 15:03:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-31 13:03
.
Pre-Run: 11 245 154 304 bytes free
Post-Run: 14 527 320 064 bytes free
.
- - End Of File - - 81CD702632F671F31A4F71C561010555

[vyosek]

Odinstalujte TrojanHunter a Trojan Remover

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  c:\users\chlopi\AppData\Roaming\Antivirus Protection 2012
  c:\users\chlopi\%APPDATA%
  c:\users\chlopi\AppData\Roaming\TrojanHunter
  c:\program files\TrojanHunter 5.3
  c:\program files\Trojan Remover
  c:\program files\uTorrentBar
  c:\program files\Ask.com
  c:\users\chlopi\AppData\Local\Facebook\Update
  
  File::
  c:\program files\Softonic-Eng7\prxtbSof2.dll
  c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1871977560-501710343-4259429351-1001Core.job
  c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1871977560-501710343-4259429351-1001UA.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1871977560-501710343-4259429351-1001Core.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1871977560-501710343-4259429351-1001UA.job
  
  DDS::
  Trusted Zone: //about.htm/
  Trusted Zone: //Exclude.htm/
  Trusted Zone: //FWEvent.htm/
  Trusted Zone: //LanguageSelection.htm/
  Trusted Zone: //Message.htm/
  Trusted Zone: //MyAgttryCmd.htm/
  Trusted Zone: //MyAgttryNag.htm/
  Trusted Zone: //MyNotification.htm/
  Trusted Zone: //NOCLessUpdate.htm/
  Trusted Zone: //quarantine.htm/
  Trusted Zone: //ScanNow.htm/
  Trusted Zone: //strings.vbs/
  Trusted Zone: //Template.htm/
  Trusted Zone: //Update.htm/
  Trusted Zone: //VirFound.htm/
  Trusted Zone: mcafee.com\*
  Trusted Zone: mcafeeasap.com\betavscan
  Trusted Zone: mcafeeasap.com\vs
  Trusted Zone: mcafeeasap.com\www
  
  Firefox::
  FF - ProfilePath - c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\
  FF - Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
  FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
  FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
  FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
  FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
  FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
  FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
  FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
  
  RegNull::
  [HKEY_USERS\S-1-5-21-1871977560-501710343-4259429351-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  [HKEY_USERS\S-1-5-21-1871977560-501710343-4259429351-1001\Software\SecuROM\License information*]
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  Registry::
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"=-
  "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
  [-HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
  [-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"=-
  "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  [-HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
  [-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
  [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
  [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
  [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"=-
  "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "AlcoholAutomount"=-
  "Facebook Update"=-
  "Skype"=-
  "uTorrent"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "AdobeAAMUpdater-1.0"=-
  "SwitchBoard"=-
  "AdobeCS5ServiceManager"=-
  "ApnUpdater"=-
  "ISUSScheduler"=-
  "SunJavaUpdateSched"=-
  "DivXUpdate"=-
  "Malwarebytes' Anti-Malware"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
  
  Driver::
  gupdate
  gupdatem
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[buhtak]

No ten log po reštarte nevypadol tak neviem kde by mohol byť..ale už ma to štve, vírus tam ešte stále je a robí skazu asi mi zistil nejaké prihlasovacie údaje to som zistil včera lebo mi prišiel mail že sa mi niekto prihlásil na FB.. hneď som si na druhom pc zmenil heslá

[vyosek]

Ano, tohle tyhle mrchy rady delaji = kradou hesla a povidaji si o nich s okolim

Zkuste spustit TDSSKiller

[buhtak]

nič nerobí.. spustíl som ho na ploche a nič

[vyosek]

Aplikujte skript pro ComboFix v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

[buhtak]

oukej tu je log

ComboFix 12-03-31.02 - chlopi . 04. 2012 16:56:41.3.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.421.1051.18.3071.2558 [GMT 2:00]
Running from: c:\users\chlopi\Desktop\ComboFix.exe
Command switches used :: c:\users\chlopi\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\program files\Softonic-Eng7\prxtbSof2.dll"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1871977560-501710343-4259429351-1001Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1871977560-501710343-4259429351-1001UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1871977560-501710343-4259429351-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1871977560-501710343-4259429351-1001UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Trojan Remover
c:\program files\TrojanHunter 5.3
c:\program files\uTorrentBar
c:\users\chlopi\%APPDATA%
c:\users\chlopi\AppData\Local\Facebook\Update
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_et.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fa.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fi.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fil.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fr.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_gu.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hi.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hr.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hu.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_id.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_is.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_it.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_iw.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ja.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_kn.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ko.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lt.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lv.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ml.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_mr.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ms.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_nl.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_no.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_or.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pl.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-BR.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-PT.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ro.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ru.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sk.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sl.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sr.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sv.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ta.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_te.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_th.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_tr.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_uk.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ur.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_vi.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-CN.dll
c:\users\chlopi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-TW.dll
c:\users\chlopi\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\users\chlopi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Protection 2012
c:\users\chlopi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Protection 2012\Activate Antivirus Protection 2012.lnk
c:\users\chlopi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Protection 2012\Antivirus Protection 2012.lnk
c:\users\chlopi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Protection 2012\Help Antivirus Protection 2012.lnk
c:\users\chlopi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Protection 2012\How to Activate Antivirus Protection 2012.lnk
c:\users\chlopi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Protection
c:\users\chlopi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Protection.lnk
c:\users\chlopi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus Protection\Activate Antivirus Protection.lnk
c:\users\chlopi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus Protection\Antivirus Protection.lnk
c:\users\chlopi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus Protection\Help Antivirus Protection.lnk
c:\users\chlopi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Protection\How to Activate Antivirus Protection.lnk
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\ConduitAutoCompleteSearch.js
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\ConduitAutoCompleteSearch.xpt
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.xpt
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko10.dll
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko19.dll
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko5.dll
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko6.dll
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko7.dll
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko8.dll
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko9.dll
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\defaults\alertSettingsComponent.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\defaults\appContextMenu.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\defaults\fbAlert.js
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\defaults\getAppsContextMenu.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\defaults\postAppsContextMenu.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\defaults\toolbarContextMenu.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\defaults\unsharedAppsContextMenu.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\chrome.manifest
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\chrome\softonic-eng7.jar
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\install.rdf
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\META-INF\manifest.mf
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\META-INF\zigbert.rsa
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\META-INF\zigbert.sf
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\DataStructures.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\EBEncryption.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\ExternalLibraryLoader.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\HTTP.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\Chat.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\IO.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\Log.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\MainSingleton.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\MD5.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\Notifications.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\ObserversAndEvents.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\Prefs.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\SearchProtector.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\SearchSuggestIO.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\String.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\TEAEncryption.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\Timer.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\Twitter.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\URL.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\Windows.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\modules\XML.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\searchplugin\conduit.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\version.txt
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.xpt
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko10.dll
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko7.dll
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko8.dll
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko9.dll
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\alertSettingsComponent.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\appContextMenu.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\fbAlert.js
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\getAppsContextMenu.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\postAppsContextMenu.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\toolbarContextMenu.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\unsharedAppsContextMenu.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome.manifest
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\install.rdf
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\manifest.mf
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.rsa
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.sf
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\DataStructures.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\EBEncryption.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\ExternalLibraryLoader.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\HTTP.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Chat.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\IO.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Log.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\MainSingleton.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\MD5.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Notifications.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\ObserversAndEvents.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Prefs.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\SearchProtector.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\SearchSuggestIO.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\String.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\TEAEncryption.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Timer.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Twitter.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\URL.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Windows.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\XML.jsm
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\version.txt
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\components\ConduitToolbar.idl
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\components\ConduitToolbar.js
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\defaults\appContextMenu.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\defaults\engineSettings.json
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\defaults\fbAlert.js
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\DualPackage\install.rdf
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\chrome.manifest
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\chrome\conduitengine.jar
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\install.rdf
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\lib\xpcom.js
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\META-INF\manifest.mf
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\META-INF\zigbert.rsa
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\META-INF\zigbert.sf
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\searchplugin\conduit.gif
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\searchplugin\conduit.ico
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\searchplugin\conduit.PNG
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\searchplugin\conduit.src
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\searchplugin\conduit.xml
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\engine@conduit.com\version.txt
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\plugin2@gameplaylabs.com
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\plugin2@gameplaylabs.com\defaults\preferences\prefs.js
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\plugin2@gameplaylabs.com\chrome.manifest
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\plugin2@gameplaylabs.com\chrome\content\ff-overlay.xul
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\plugin2@gameplaylabs.com\chrome\content\icon.png
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\plugin2@gameplaylabs.com\chrome\locale\en-US\overlay.properties
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\plugin2@gameplaylabs.com\install.rdf
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\plugin2@gameplaylabs.com\setup.ini
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\datastore\cache.sqlite
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\defaults.js.bak
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\defaults\preferences\defaults.js
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\defaults\preferences\defaults.js.bak
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\chrome.manifest
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-02-Mar-2012-22-33-12-GMT\ff-config.zip
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-13-May-2011-11-44-07-GMT\ff-config.zip
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-15-Apr-2011-23-12-55-GMT\ff-config.zip
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-30-May-2011-11-45-32-GMT\ff-config.zip
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-30-Jul-2011-15-29-10-GMT\ff-config.zip
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-31-Mar-2012-19-42-07-GMT\ff-config.zip
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-12-Feb-2012-16-45-06-GMT\ff-config.zip
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-17-Nov-2011-16-34-48-GMT\ff-config.zip
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-22-Mar-2012-12-40-21-GMT\ff-config.zip
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-26-May-2011-16-20-02-GMT\ff-config.zip
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-28-Apr-2011-12-54-45-GMT\ff-config.zip
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-03-Jan-2012-19-17-26-GMT\ff-config.zip
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-06-Sep-2011-17-13-09-GMT\ff-config.zip
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-08-Nov-2011-13-51-28-GMT\ff-config.zip
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-13-Sep-2011-18-36-54-GMT\ff-config.zip
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\icon.png
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\install.rdf
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333027918449.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333029927903.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333034498891.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333034509355.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333035667860.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333037848245.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333041690679.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333043392622.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333044139014.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333046995873.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333111647326.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333127952259.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333130114060.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333131843943.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333174068340.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333222447012.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333222524455.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333222595318.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333222925522.html
c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\extensions\toolbar@ask.com\logs\asktb-log-1333222950975.html
c:\users\chlopi\AppData\Roaming\TrojanHunter
c:\users\chlopi\AppData\Roaming\TrojanHunter\TreeState.dat
c:\users\chlopi\Desktop\Internet Security.lnk
c:\windows\system32\asd
c:\windows\system32\asd\AccurateShutdown.exe
c:\windows\system32\asd\adkt.dll
c:\windows\system32\asd\date.cfg
c:\windows\system32\asd\doit.exe
c:\windows\system32\asd\help.chm
c:\windows\system32\asd\images\but0.gif
c:\windows\system32\asd\images\but1.gif
c:\windows\system32\asd\images\but2.gif
c:\windows\system32\asd\images\but3.gif
c:\windows\system32\asd\images\ch0.gif
c:\windows\system32\asd\images\ch1.gif
c:\windows\system32\asd\images\ch2.gif
c:\windows\system32\asd\images\ch3.gif
c:\windows\system32\asd\images\ch4.gif
c:\windows\system32\asd\images\ch5.gif
c:\windows\system32\asd\images\ch6.gif
c:\windows\system32\asd\images\ch7.gif
c:\windows\system32\asd\images\i30.gif
c:\windows\system32\asd\images\i31.gif
c:\windows\system32\asd\images\i310.gif
c:\windows\system32\asd\images\i311.gif
c:\windows\system32\asd\images\i32.gif
c:\windows\system32\asd\images\i33.gif
c:\windows\system32\asd\images\i34.gif
c:\windows\system32\asd\images\i35.gif
c:\windows\system32\asd\images\i36.gif
c:\windows\system32\asd\images\i37.gif
c:\windows\system32\asd\images\i38.gif
c:\windows\system32\asd\images\i39.gif
c:\windows\system32\asd\images\iclose0.gif
c:\windows\system32\asd\images\iclose1.gif
c:\windows\system32\asd\images\opt0.gif
c:\windows\system32\asd\images\opt1.gif
c:\windows\system32\asd\images\opt2.gif
c:\windows\system32\asd\images\opt3.gif
c:\windows\system32\asd\images\opt4.gif
c:\windows\system32\asd\images\opt5.gif
c:\windows\system32\asd\images\opt6.gif
c:\windows\system32\asd\images\opt7.gif
c:\windows\system32\asd\images\tbk.gif
c:\windows\system32\asd\images\tit.gif
c:\windows\system32\asd\images\title.gif
c:\windows\system32\asd\loadqm.exe
c:\windows\system32\asd\mylng.cfg
c:\windows\system32\asd\newsdsave.dll
c:\windows\system32\asd\rule.cfg
c:\windows\system32\asd\unins00.dat
c:\windows\system32\asd\unins00.exe
c:\windows\system32\asd\unins000.exe
c:\windows\system32\asd\w1.wav
c:\windows\system32\asd\YFSysKeys.ocx
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1871977560-501710343-4259429351-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1871977560-501710343-4259429351-1001UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1871977560-501710343-4259429351-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1871977560-501710343-4259429351-1001UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-03 16:02 . 2012-04-03 16:06 -------- d-----w- c:\users\chlopi\AppData\Local\temp
2012-04-03 16:02 . 2012-04-03 16:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 15:50 . 2012-03-29 16:16 -------- d-----w- C:\sh4ldr
2012-03-29 15:50 . 2012-03-29 15:50 -------- d-----w- c:\program files\Enigma Software Group
2012-03-29 15:50 . 2012-03-29 16:16 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-25 20:03 . 2012-03-25 20:03 -------- d-----w- c:\users\chlopi\AppData\Roaming\Malwarebytes
2012-03-25 20:03 . 2012-03-25 20:03 -------- d-----w- c:\programdata\Malwarebytes
2012-03-25 20:03 . 2012-03-25 20:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-25 19:28 . 2012-03-25 19:28 -------- d-----w- c:\program files\ERUNT
2012-03-24 21:31 . 2012-03-24 21:46 -------- d-----w- c:\program files\PC Drummer Trial Edition
2012-03-20 16:05 . 2012-03-20 16:05 -------- d-----w- c:\program files\ASIO4ALL v2
2012-03-20 16:05 . 2012-03-20 16:05 -------- d-----w- c:\program files\VstPlugins
2012-03-20 16:05 . 2002-07-07 22:14 1294336 ----a-w- c:\windows\system32\vorbis.acm
2012-03-20 16:05 . 2012-03-20 16:05 -------- d-----w- c:\program files\Outsim
2012-03-20 16:04 . 2012-03-20 16:05 -------- d-----w- c:\program files\Image-Line
2012-03-08 16:01 . 2012-03-08 16:01 687653 ----a-w- c:\windows\Counter-Strike 1.6 Standalone Uninstaller.exe
2012-03-08 16:00 . 2012-03-29 17:21 -------- d-----w- c:\program files\Counter-Strike 1.6 Standalone
2012-03-08 16:00 . 2012-03-08 16:00 -------- d-----w- c:\program files\Common Files\Thraex Software
2012-03-06 20:21 . 2012-03-06 20:21 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-11 12:25 . 2010-12-01 14:26 140496 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-11 12:25 . 2010-12-01 14:26 280736 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-11 12:25 . 2010-10-05 18:03 280736 ----a-w- c:\windows\system32\PnkBstrB.xtr
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-31_12.43.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-21 16:13 . 2012-04-03 11:50 52144 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-04-03 16:07 46184 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-21 15:33 . 2012-04-03 16:07 14840 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1871977560-501710343-4259429351-1001_UserData.bin
- 2010-09-22 00:23 . 2012-03-31 12:44 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-22 00:23 . 2012-04-01 07:57 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-22 00:23 . 2012-04-01 07:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-22 00:23 . 2012-03-31 12:44 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2012-04-01 07:57 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2012-03-31 12:44 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-21 15:41 . 2012-04-03 16:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-21 15:41 . 2012-03-31 12:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-25 17:43 . 2012-04-03 16:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-25 17:43 . 2012-03-31 12:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-25 17:43 . 2012-04-03 16:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-03-25 17:43 . 2012-03-31 12:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-03-25 17:43 . 2012-03-31 12:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2012-03-25 17:43 . 2012-04-03 16:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2010-09-21 15:41 . 2012-04-03 16:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-21 15:41 . 2012-03-31 12:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-21 15:41 . 2012-03-31 12:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-21 15:41 . 2012-04-03 16:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-21 15:41 . 2012-03-31 12:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-21 15:41 . 2012-04-03 16:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-21 15:41 . 2012-03-31 12:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-21 15:41 . 2012-04-03 16:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-31 05:36 . 2012-03-31 12:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-03 11:48 . 2012-04-03 16:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-03 11:48 . 2012-04-03 16:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-31 05:36 . 2012-03-31 12:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2012-04-03 13:55 618714 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2012-03-31 11:32 618714 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2012-04-03 13:55 107034 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2012-03-31 11:32 107034 c:\windows\System32\perfc009.dat
+ 2011-07-06 18:18 . 2012-04-03 13:51 262144 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2011-07-06 18:18 . 2012-03-30 15:46 262144 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:47 . 2012-03-30 23:05 483560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-04-02 20:14 483560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:03 . 2012-03-31 11:39 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2012-04-03 13:42 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2012-01-13 13:15 . 2012-01-13 13:15 3745280 c:\windows\Installer\1087f6.msi
+ 2012-01-13 13:15 . 2012-04-01 09:00 3745280 c:\windows\Installer\1087f6.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
"EADM"="c:\program files\Origin\Origin.exe" [2011-09-23 27763336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
.
c:\users\chlopi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-03-04 12:31 311296 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BATINDICATOR]
2009-05-08 23:39 2068992 ----a-w- c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP KEYBOARDx]
2010-02-11 17:07 710656 ----a-w- c:\program files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchHPOSIAPP]
2009-04-04 01:24 385024 ----a-w- c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2009-10-14 22:53 563736 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-31 652360]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 BopItU2U;BopIt Serial port driver;c:\windows\system32\DRIVERS\BopItU2U.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys [2008-07-31 82048]
R3 OxSer;OxSer;c:\windows\system32\DRIVERS\OxSer.sys [2009-09-16 83888]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-26 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-03-20 436792]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-08 176128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-08 8606208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-08 248832]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 10:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bing.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\chlopi\AppData\Roaming\Mozilla\Firefox\Profiles\sg9zka62.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: di.slik.es - the Facebook Dislike Button: dislikes@dige - %profile%\extensions\dislikes@dige
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-886vo8wswek2 - c:\users\chlopi\AppData\Roaming\Antivirus Protection\securityhelper.exe
HKCU-Run-Antivirus Protection 2012 SM - c:\users\chlopi\AppData\Roaming\Antivirus Protection\securitymanager.exe
HKCU-Run-Antivirus Protection 2012 SH - c:\users\chlopi\AppData\Roaming\Antivirus Protection\securityhelper.exe
HKCU-Run-Internet Security - c:\users\chlopi\AppData\Roaming\isecurity.exe
HKLM-Run-ats - c:\windows\system32\asd\loadqm.exe
AddRemove-Accurate Shutdown_is1 - c:\windows\system32\asd\unins000.exe
AddRemove-uTorrentBar Toolbar - c:\progra~1\uTorrentBar\UNWISE.EXE
AddRemove-Antivirus Protection - c:\users\chlopi\AppData\Roaming\Antivirus Protection\securityhelper.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5228)
c:\windows\system32\actxprxy.dll
c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-04-03 18:24:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-03 16:24
ComboFix2.txt 2012-03-31 13:03
.
Pre-Run: 20 808 962 048 bytes free
Post-Run: 21 462 446 080 bytes free
.
- - End Of File - - 5B8CDECE1F5ACED3A5B8696CEF12E882