Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Kontrola logu.

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
blackflag
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 25 říj 2010 17:26

Kontrola logu.

#1 Příspěvek od blackflag »

Notebook Sony Vaio, win 7 home premium 64bit.
Poprosim o kontrolu logu z RougueKilleru:

RogueKiller V8.4.0 [Dec 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : De Luca [Práva Správcu]
Režim : Kontrola -- Dátum : 12/23/2012 23:35:23

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 6 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NÁJDENÉ
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> NÁJDENÉ
[HJ] HKLM\[...]\System : EnableLUA (0) -> NÁJDENÉ
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> NÁJDENÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NÁJDENÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÁJDENÉ

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST9320325AS +++++
--- User ---
[MBR] b6d06b095a085fe19bf9ec68ac1398f3
[BSP] 9d16187d9a839751867d0747d4a7944c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 158834 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 325498880 | Size: 146308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončené : << RKreport[1]_S_12232012_02d2335.txt >>
RKreport[1]_S_12232012_02d2335.txt
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Kontrola logu.

#2 Příspěvek od Márty84 »

Zdravim :)

:???: Proc jste pouzil RogueKiller? :shock:



:arrow: Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
blackflag
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 25 říj 2010 17:26

Re: Kontrola logu.

#3 Příspěvek od blackflag »

Rsit neslo stiahnut, tak som pozeral do navodov nieco ine :)

RogueKiller V8.4.0 [Dec 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : De Luca [Práva Správcu]
Režim : Odebrať -- Dátum : 12/23/2012 23:53:55

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 0 ¤¤¤

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST9320325AS +++++
--- User ---
[MBR] b6d06b095a085fe19bf9ec68ac1398f3
[BSP] 9d16187d9a839751867d0747d4a7944c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 158834 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 325498880 | Size: 146308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončené : << RKreport[4]_D_12232012_02d2353.txt >>
RKreport[1]_S_12232012_02d2335.txt ; RKreport[2]_D_12232012_02d2353.txt ; RKreport[3]_S_12232012_02d2353.txt ; RKreport[4]_D_12232012_02d2353.txt

po oprave host:

RogueKiller V8.4.0 [Dec 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : De Luca [Práva Správcu]
Režim : Oprava HOSTS -- Dátum : 12/23/2012 23:56:27

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 0 ¤¤¤

¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Resetovaný HOSTS: ¤¤¤


Dokončené : << RKreport[5]_H_12232012_02d2356.txt >>
RKreport[1]_S_12232012_02d2335.txt ; RKreport[2]_D_12232012_02d2353.txt ; RKreport[3]_S_12232012_02d2353.txt ; RKreport[4]_D_12232012_02d2353.txt ; RKreport[5]_H_12232012_02d2356.txt
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Kontrola logu.

#4 Příspěvek od Márty84 »

Logy jsou v poradku. Je s pc nejaky problem?
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
blackflag
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 25 říj 2010 17:26

Re: Kontrola logu.

#5 Příspěvek od blackflag »

Win7 nabiehali len do ciernej obrazovky s kurzorom , do nudzoveho rezimu ale nabehli. Po naslednom vypnuti znova len cierna obrazovka s kurzorom /Google Chrome bol presmerovany po spusteni na nejaku podozrivu adresu/.
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Kontrola logu.

#6 Příspěvek od Márty84 »

:arrow: Udelejte !!!uplnou!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
blackflag
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 25 říj 2010 17:26

Re: Kontrola logu.

#7 Příspěvek od blackflag »

tak podarilo sa mi to az teraz:

Malwarebytes Anti-Malware (Skúšobná verzia) 1.65.1.1000
www.malwarebytes.org

Verzia databázy: v2012.12.23.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
De Luca :: DELUCA-PC [administrátor]

Ochrana: Zapnuté

24. 12. 2012 0:44:13
mbam-log-2012-12-24 (08-44-13).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 297948
Uplynutý čas: 49 min, 16 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 9
HKCR\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} (PUP.Datamngr) -> Žiadna úloha nevykonaná.
HKCR\TypeLib\{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E} (PUP.Datamngr) -> Žiadna úloha nevykonaná.
HKCR\BrowserConnection.Loader.1 (PUP.Datamngr) -> Žiadna úloha nevykonaná.
HKCR\BrowserConnection.Loader (PUP.Datamngr) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Žiadna úloha nevykonaná.
HKCR\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Žiadna úloha nevykonaná.

Detegované registračné hodnoty: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Dáta: Search-Results Toolbar -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Dáta: -> Žiadna úloha nevykonaná.

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 2
C:\Program Files (x86)\Search Results Toolbar\Datamngr\BrowserConnection.dll (PUP.Datamngr) -> Žiadna úloha nevykonaná.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (PUP.Datamngr) -> Žiadna úloha nevykonaná.

(koniec)
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Kontrola logu.

#8 Příspěvek od Márty84 »

:arrow: Nalezy nechte odstranit.

:arrow: Zkuste sem dat log z RSIT. Jestli zase nepujde stahnout, dam vam jiny odkaz.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
blackflag
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 25 říj 2010 17:26

Re: Kontrola logu.

#9 Příspěvek od blackflag »

teraz uz isiel stiahnut :

Logfile of random's system information tool 1.09 (written by random/random)
Run by De Luca at 2012-12-24 09:21:45
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 124 GB (78%) free of 159 GB
Total RAM: 3950 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:21:50, on 24. 12. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\De Luca.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\De Luca\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Intel(R) Sample Collector (SampleCollector) - Sony of America Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7693 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
ctfmon.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/5/OneClickSignIn/Standard/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_11/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="1200.0.162255284\1673102601" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/5/OneClickSignIn/Standard/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_11/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --extension-process --renderer-print-preview --channel="1200.2.922862373\107559102" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\De Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll" --lang=sk --channel="1200.3.1064546924\2110605961" /prefetch:4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/5/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_11/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="1200.5.1553522504\687527408" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/5/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_11/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="1200.6.1300180955\1555343518" /prefetch:3
"C:\Users\De Luca\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-471821594-2178904998-331297355-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-471821594-2178904998-331297355-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2012-12-13 6304016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}]
DataMngr - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL [2012-12-05 103864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-12-13 4527888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-11-15 2277992]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2010-07-01 221480]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-11-15 2277992]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2012-09-12 1289704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-11-09 17877168]
"Facebook Update"=C:\Users\De Luca\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-02 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-03-05 1928976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-11-25 98304]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-03-03 284696]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-09-29 766536]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"midi5"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv
"midi6"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"midi7"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-12-24 09:21:46 ----D---- C:\Program Files\trend micro
2012-12-24 09:21:45 ----D---- C:\rsit
2012-12-24 00:42:50 ----D---- C:\Users\De Luca\AppData\Roaming\Malwarebytes
2012-12-24 00:41:44 ----D---- C:\ProgramData\Malwarebytes
2012-12-24 00:41:42 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-12-24 00:41:41 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-23 23:12:50 ----A---- C:\Windows\ntbtlog.txt
2012-12-23 21:00:28 ----A---- C:\Windows\system32\mshtmled.dll
2012-12-23 21:00:27 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-12-23 21:00:27 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-12-23 21:00:26 ----A---- C:\Windows\SYSWOW64\url.dll
2012-12-23 21:00:26 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-12-23 21:00:26 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-12-23 21:00:26 ----A---- C:\Windows\system32\url.dll
2012-12-23 21:00:26 ----A---- C:\Windows\system32\ieUnatt.exe
2012-12-23 21:00:26 ----A---- C:\Windows\system32\ieui.dll
2012-12-23 21:00:25 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-12-23 21:00:25 ----A---- C:\Windows\system32\urlmon.dll
2012-12-23 21:00:24 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-12-23 21:00:24 ----A---- C:\Windows\system32\msfeeds.dll
2012-12-23 21:00:24 ----A---- C:\Windows\system32\jscript9.dll
2012-12-23 21:00:23 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-12-23 21:00:23 ----A---- C:\Windows\system32\wininet.dll
2012-12-23 21:00:23 ----A---- C:\Windows\system32\jsproxy.dll
2012-12-23 21:00:22 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-12-23 21:00:22 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-12-23 21:00:22 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-12-23 21:00:22 ----A---- C:\Windows\system32\vbscript.dll
2012-12-23 21:00:22 ----A---- C:\Windows\system32\jscript.dll
2012-12-23 21:00:22 ----A---- C:\Windows\system32\iertutil.dll
2012-12-23 21:00:21 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-12-23 21:00:19 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-12-23 21:00:18 ----A---- C:\Windows\system32\mshtml.dll
2012-12-23 21:00:17 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-12-23 21:00:17 ----A---- C:\Windows\system32\ieframe.dll
2012-12-23 21:00:08 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2012-12-23 21:00:08 ----A---- C:\Windows\system32\atmlib.dll
2012-12-23 21:00:07 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2012-12-23 21:00:07 ----A---- C:\Windows\system32\atmfd.dll
2012-12-23 20:45:33 ----A---- C:\AdwCleaner[S1].txt
2012-12-23 20:33:55 ----D---- C:\Program Files (x86)\Microsoft Security Client
2012-12-23 20:33:52 ----D---- C:\Program Files\Microsoft Security Client
2012-12-23 20:04:02 ----A---- C:\scu.dat
2012-12-23 19:25:49 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-12-23 19:25:49 ----A---- C:\Windows\system32\tzres.dll
2012-12-23 19:25:41 ----A---- C:\Windows\system32\win32k.sys
2012-12-23 19:25:28 ----A---- C:\Windows\system32\KernelBase.dll
2012-12-23 19:25:27 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2012-12-23 19:25:27 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2012-12-23 19:25:27 ----A---- C:\Windows\system32\winsrv.dll
2012-12-23 19:25:27 ----A---- C:\Windows\system32\kernel32.dll
2012-12-23 19:25:27 ----A---- C:\Windows\system32\conhost.exe
2012-12-23 19:25:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-23 19:25:26 ----A---- C:\Windows\SYSWOW64\wow32.dll
2012-12-23 19:25:26 ----A---- C:\Windows\SYSWOW64\setup16.exe
2012-12-23 19:25:26 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2012-12-23 19:25:26 ----A---- C:\Windows\SYSWOW64\instnm.exe
2012-12-23 19:25:26 ----A---- C:\Windows\system32\wow64win.dll
2012-12-23 19:25:26 ----A---- C:\Windows\system32\wow64cpu.dll
2012-12-23 19:25:26 ----A---- C:\Windows\system32\wow64.dll
2012-12-23 19:25:26 ----A---- C:\Windows\system32\ntvdm64.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-23 19:25:25 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-12-23 19:25:25 ----A---- C:\Windows\SYSWOW64\user.exe
2012-12-23 19:23:51 ----A---- C:\Windows\SYSWOW64\dpnet.dll
2012-12-23 19:23:51 ----A---- C:\Windows\system32\dpnet.dll
2012-12-09 16:54:43 ----D---- C:\Windows\Minidump
2012-12-06 20:26:27 ----D---- C:\Users\De Luca\AppData\Roaming\TFP
2012-12-06 20:26:27 ----A---- C:\Windows\SYSWOW64\VB6STKIT.DLL
2012-12-06 20:26:27 ----A---- C:\Windows\SYSWOW64\VB6FR.DLL
2012-12-06 20:26:27 ----A---- C:\Windows\SYSWOW64\MSCMCFR.DLL
2012-12-06 20:26:27 ----A---- C:\Windows\SYSWOW64\CMDLGFR.DLL
2012-12-06 20:06:45 ----D---- C:\Program Files (x86)\Search Results Toolbar
2012-12-01 17:54:58 ----D---- C:\Users\De Luca\AppData\Roaming\Skype
2012-12-01 17:54:52 ----RD---- C:\Program Files (x86)\Skype
2012-12-01 17:54:47 ----D---- C:\ProgramData\Skype
2012-11-30 20:30:35 ----A---- C:\Windows\system32\FntCache.dll
2012-11-30 20:30:35 ----A---- C:\Windows\system32\d2d1.dll
2012-11-30 20:30:34 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2012-11-27 20:35:37 ----A---- C:\Windows\system32\Wdfres.dll
2012-11-27 20:35:37 ----A---- C:\Windows\system32\drivers\WdfLdr.sys
2012-11-27 20:35:37 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2012-11-27 20:26:55 ----A---- C:\Windows\system32\WUDFx.dll
2012-11-27 20:26:55 ----A---- C:\Windows\system32\WUDFSvc.dll
2012-11-27 20:26:55 ----A---- C:\Windows\system32\WUDFPlatform.dll
2012-11-27 20:26:55 ----A---- C:\Windows\system32\WUDFHost.exe
2012-11-27 20:26:55 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2012-11-27 20:26:55 ----A---- C:\Windows\system32\drivers\WUDFRd.sys
2012-11-27 20:26:55 ----A---- C:\Windows\system32\drivers\WUDFPf.sys
2012-11-26 16:23:57 ----D---- C:\Users\De Luca\AppData\Roaming\Auslogics
2012-11-26 14:56:58 ----A---- C:\Windows\SYSWOW64\dhcpcsvc6.dll
2012-11-26 14:56:58 ----A---- C:\Windows\SYSWOW64\dhcpcore6.dll
2012-11-26 14:56:58 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2012-11-26 14:56:58 ----A---- C:\Windows\system32\dhcpcore6.dll
2012-11-26 14:56:56 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
2012-11-26 14:56:56 ----A---- C:\Windows\system32\drivers\ndis.sys
2012-11-26 14:56:49 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2012-11-26 14:56:49 ----A---- C:\Windows\system32\ncsi.dll
2012-11-26 14:56:49 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-11-26 14:56:49 ----A---- C:\Windows\system32\drivers\netio.sys
2012-11-26 14:56:48 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2012-11-26 14:56:48 ----A---- C:\Windows\SYSWOW64\netevent.dll
2012-11-26 14:56:48 ----A---- C:\Windows\SYSWOW64\netcorehc.dll
2012-11-26 14:56:48 ----A---- C:\Windows\system32\nlasvc.dll
2012-11-26 14:56:48 ----A---- C:\Windows\system32\nlaapi.dll
2012-11-26 14:56:48 ----A---- C:\Windows\system32\netevent.dll
2012-11-26 14:56:48 ----A---- C:\Windows\system32\netcorehc.dll
2012-11-26 14:56:48 ----A---- C:\Windows\system32\iphlpsvc.dll
2012-11-26 14:56:48 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2012-11-26 14:56:48 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-11-26 14:56:44 ----A---- C:\Windows\system32\OxpsConverter.exe
2012-11-26 14:55:32 ----A---- C:\Windows\SYSWOW64\synceng.dll
2012-11-26 14:55:32 ----A---- C:\Windows\system32\synceng.dll

======List of files/folders modified in the last 1 month======

2012-12-24 09:21:46 ----RD---- C:\Program Files
2012-12-24 09:19:59 ----D---- C:\Windows\Temp
2012-12-24 09:02:20 ----D---- C:\Windows\system32\config
2012-12-24 08:15:22 ----D---- C:\Windows\System32
2012-12-24 08:15:22 ----D---- C:\Windows\inf
2012-12-24 08:15:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-12-24 00:41:44 ----HD---- C:\ProgramData
2012-12-24 00:41:42 ----D---- C:\Windows\system32\drivers
2012-12-24 00:41:41 ----RD---- C:\Program Files (x86)
2012-12-23 23:12:50 ----D---- C:\Windows
2012-12-23 23:09:36 ----D---- C:\Windows\winsxs
2012-12-23 23:06:09 ----D---- C:\Windows\SYSWOW64\sk-SK
2012-12-23 23:06:09 ----D---- C:\Windows\SysWOW64
2012-12-23 23:06:09 ----D---- C:\Windows\system32\sk-SK
2012-12-23 23:06:07 ----D---- C:\Windows\SYSWOW64\migration
2012-12-23 23:06:07 ----D---- C:\Windows\AppPatch
2012-12-23 23:06:07 ----D---- C:\Program Files (x86)\Internet Explorer
2012-12-23 23:06:05 ----D---- C:\Windows\system32\migration
2012-12-23 23:06:04 ----D---- C:\Program Files\Internet Explorer
2012-12-23 21:04:49 ----SHD---- C:\Windows\Installer
2012-12-23 21:01:57 ----D---- C:\Windows\debug
2012-12-23 21:01:55 ----A---- C:\Windows\system32\MRT.exe
2012-12-23 21:00:48 ----D---- C:\Windows\system32\catroot
2012-12-23 21:00:47 ----D---- C:\Windows\system32\catroot2
2012-12-23 20:59:28 ----SHD---- C:\System Volume Information
2012-12-23 20:30:15 ----D---- C:\Windows\Prefetch
2012-12-23 20:07:37 ----SD---- C:\ProgramData\Microsoft
2012-12-23 19:13:30 ----D---- C:\Windows\Tasks
2012-12-23 19:13:30 ----D---- C:\Windows\system32\wfp
2012-12-23 19:13:30 ----D---- C:\Windows\system32\DriverStore
2012-12-23 19:13:21 ----D---- C:\Windows\system32\wbem
2012-12-23 19:13:17 ----D---- C:\Windows\registration
2012-12-23 16:51:12 ----D---- C:\Windows\system32\CodeIntegrity
2012-12-23 16:51:12 ----D---- C:\Windows\AppCompat
2012-12-15 10:20:39 ----D---- C:\Windows\Logs
2012-12-15 09:46:32 ----D---- C:\Windows\system32\LogFiles
2012-12-02 11:33:11 ----D---- C:\Windows\system32\Tasks
2012-12-01 17:54:53 ----D---- C:\Program Files (x86)\Common Files
2012-11-30 19:51:19 ----D---- C:\Windows\rescache
2012-11-28 18:34:29 ----RSD---- C:\Windows\assembly
2012-11-28 18:34:29 ----D---- C:\Windows\Microsoft.NET
2012-11-28 17:18:35 ----D---- C:\Windows\system32\wdi
2012-11-28 14:50:25 ----D---- C:\Windows\SYSWOW64\en-US
2012-11-28 14:50:24 ----D---- C:\Windows\system32\en-US
2012-11-28 14:50:24 ----D---- C:\Windows\system32\drivers\en-US
2012-11-28 14:50:11 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-03 540696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 rimspci;rimspci; C:\Windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
R2 risdpcie;risdpcie; C:\Windows\system32\DRIVERS\risdpe64.sys [2009-10-28 79360]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2010-07-01 301688]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2010-10-18 8153088]
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-08-30 228768]
S2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-07-29 342056]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-07-29 102952]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-07-29 135720]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-07-29 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-07-29 21544]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-12-13 4718952]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RL_MIXAGE_IE_MIDI;Mixage Interface Edition WDM MIDI Device; C:\Windows\system32\drivers\rlmxgiem.sys []
S3 RL_MIXAGE_IE_USB;usb-audio.de driver for Reloop Mixage Interface Edition; C:\Windows\System32\Drivers\rlmxgieu.sys []
S3 RL_MIXAGE_IE_WDM;Mixage Interface Edition WDM Audio; C:\Windows\system32\drivers\rlmxgiea.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-07-01 242720]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2010-07-01 231328]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-09-12 22072]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-06-08 952096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-03-05 1425168]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-08 136176]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-03-05 831760]
S2 SampleCollector;Intel(R) Sample Collector; C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-12-22 168448]
S2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S2 VAIO Event Service;VAIO Event Service; C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe [2010-05-31 217968]
S2 VSNService;VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-08 136176]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-08 1255736]

-----------------EOF-----------------
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Kontrola logu.

#10 Příspěvek od Márty84 »

:arrow: Odinstalujte MBAM



:!: Pokud nemate, zazalohujte si dulezita data (fotky, dokumenty, atd.) :!:

:!: Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

:arrow: Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

:!: Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
:!: Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradku
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
blackflag
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 25 říj 2010 17:26

Re: Kontrola logu.

#11 Příspěvek od blackflag »

ComboFix 12-12-23.01 - De Luca . 12. 2012 9:56.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3950.2541 [GMT 1:00]
Running from: c:\users\De Luca\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-11-24 to 2012-12-24 )))))))))))))))))))))))))))))))
.
.
2012-12-24 09:03 . 2012-12-24 09:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-24 08:21 . 2012-12-24 08:21 -------- d-----w- c:\program files\trend micro
2012-12-24 08:21 . 2012-12-24 08:21 -------- d-----w- C:\rsit
2012-12-23 23:42 . 2012-12-23 23:42 -------- d-----w- c:\users\De Luca\AppData\Roaming\Malwarebytes
2012-12-23 23:41 . 2012-12-23 23:41 -------- d-----w- c:\programdata\Malwarebytes
2012-12-23 18:25 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-23 18:23 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-23 18:23 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-23 18:23 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D01581F8-2AE3-400D-BF14-CC74ADFA1545}\mpengine.dll
2012-12-06 19:26 . 2012-12-06 19:26 -------- d-----w- c:\users\De Luca\AppData\Roaming\TFP
2012-12-06 19:26 . 2012-05-11 14:47 32768 ----a-w- c:\windows\SysWow64\CMDLGFR.DLL
2012-12-06 19:26 . 2012-05-11 14:47 152848 ----a-w- c:\windows\SysWow64\COMDLG32.OCX
2012-12-06 19:26 . 2012-05-11 14:47 141312 ----a-w- c:\windows\SysWow64\MSCMCFR.DLL
2012-12-06 19:26 . 2012-05-11 14:47 119568 ----a-w- c:\windows\SysWow64\VB6FR.DLL
2012-12-06 19:26 . 2012-05-11 14:47 1081616 ----a-w- c:\windows\SysWow64\mscomctl.ocx
2012-12-06 19:26 . 2012-05-11 14:47 101888 ----a-w- c:\windows\SysWow64\VB6STKIT.DLL
2012-12-06 19:26 . 2012-12-09 15:09 -------- d-----w- c:\users\De Luca\AppData\Local\Torch
2012-12-06 19:06 . 2012-12-06 19:07 -------- d-----w- c:\program files (x86)\Search Results Toolbar
2012-12-02 10:33 . 2012-12-02 10:33 -------- d-----w- c:\users\De Luca\AppData\Local\Facebook
2012-12-01 16:54 . 2012-12-24 08:52 -------- d-----w- c:\users\De Luca\AppData\Roaming\Skype
2012-12-01 16:54 . 2012-12-01 16:54 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-12-01 16:54 . 2012-12-01 21:21 -------- d-----r- c:\program files (x86)\Skype
2012-12-01 16:54 . 2012-12-18 01:41 -------- d-----w- c:\programdata\Skype
2012-11-30 19:30 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-11-30 19:30 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-11-30 19:30 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-11-27 19:35 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-27 19:35 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-27 19:35 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-27 19:35 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-27 19:26 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-27 19:26 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-27 19:26 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-27 19:26 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-27 19:26 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-27 19:26 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-27 19:26 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-26 15:23 . 2012-11-26 15:23 -------- d-----w- c:\users\De Luca\AppData\Roaming\Auslogics
2012-11-26 13:55 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-26 13:55 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-23 20:01 . 2012-03-08 12:20 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-26 05:59 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-10-26 05:59 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-10-16 08:38 . 2012-11-28 13:59 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 13:59 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 13:59 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-04 16:40 . 2012-12-23 18:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"Facebook Update"="c:\users\De Luca\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-02 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
R3 RL_MIXAGE_IE_MIDI;Mixage Interface Edition WDM MIDI Device;c:\windows\system32\drivers\rlmxgiem.sys [x]
R3 RL_MIXAGE_IE_USB;usb-audio.de driver for Reloop Mixage Interface Edition;c:\windows\system32\Drivers\rlmxgieu.sys [x]
R3 RL_MIXAGE_IE_WDM;Mixage Interface Edition WDM Audio;c:\windows\system32\drivers\rlmxgiea.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-07-01 242720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-08 1255736]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-10-28 79360]
S2 SampleCollector;Intel(R) Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-12-22 168448]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-29 342056]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-07-29 39464]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-09-23 394528]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NisDrv
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-471821594-2178904998-331297355-1000Core.job
- c:\users\De Luca\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-02 10:33]
.
2012-12-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-471821594-2178904998-331297355-1000UA.job
- c:\users\De Luca\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-02 10:33]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-08 11:33]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-08 11:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 208.67.222.222 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-10 - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{01AD1010-597E-4367-9DEC-23AD9A33492A}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}\Service Center Setup PC.exe
AddRemove-{3D8003CE-E3CD-49b7-A59E-9C21546AF95E} - c:\programdata\{49AC4825-549F-4C80-8CAE-EE6D550095B1}\Traktor Kontrol S2 Setup PC.exe
AddRemove-{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} - c:\programdata\{27121758-C954-4F81-BEF2-EB60BDCAF657}\Traktor 2 Setup PC.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-24 10:05:58
ComboFix-quarantined-files.txt 2012-12-24 09:05
.
Pre-Run: 129 781 129 216 bytes free
Post-Run: 129 394 925 568 bytes free
.
- - End Of File - - F95650025D448EEC0565601F53118B00
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Kontrola logu.

#12 Příspěvek od Márty84 »

:???: Co windows, nabehl do normalniho rezimu?
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
blackflag
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 25 říj 2010 17:26

Re: Kontrola logu.

#13 Příspěvek od blackflag »

restart nebol, tak som urobil manualne, win nabehli /ale to sa mi stalo aj predtym, ze raz nabehli raz nie/, skusim ho nechat vypnuty teraz lebo musim odist na chvilu a ozvem sa potom .....
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Kontrola logu.

#14 Příspěvek od Márty84 »

OK. Pak mi sem dejte jeste logy z OTL a budem mazat.


:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
blackflag
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 25 říj 2010 17:26

Re: Kontrola logu.

#15 Příspěvek od blackflag »

tak win nabehli aj po dlhsom vypnuti, OTL je spusteny , zostal visiet na nejakej polozke /bola aj hlaska ze sa neda vytvorit nejaky .bat subor na ploche/ a nic sa nedeje, je to normalne?
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“