Stránka: 1 z 1
| [ Príspevkov: 29 ] | |
| Autor | Správa |
|---|
|
Nejaký vírus alebo neviem čo mi mení domovskú stránku v prehliadači Firefox. Robí to aj po preinštalovaní FF na najnovšiu verziu. Stránka je zmenená z google.sk na nejaký nebezpečný podvrhnutý web, ktorý je okamžite zablokovaný firefoxom. Preskenoval som pc Avastom, Esetom, Spybot search-destroy, zopar virusov som pomazal ale stale to pretrváva tento problém. čo stým?
|
|
Registrovaný: 10.07.12
Prihlásený: 05.07.15
Príspevky: 729
Témy: 34 | 34
Bydlisko: Bratislava |
skus malwarebytes
_________________
NTB: Lenovo Y580 i7
PC: Apple Mac mini i5
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 | 2 | |
|
Kód: Logfile of random's system information tool 1.09 (written by random/random)
Run by orsi at 2012-09-04 12:19:10
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 54 GB (48%) free of 113 GB
Total RAM: 3067 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:19:32, on 4. 9. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Communication Manager\CancelAutoPlay.exe
C:\Program Files\Communication Manager\UIExec.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\orsi\Downloads\RSIT.exe
C:\Program Files\trend micro\orsi.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [CancelAutoPlay] "C:\Program Files\Communication Manager\CancelAutoPlay.exe" run
O4 - HKLM\..\Run: [UIExec] "C:\Program Files\Communication Manager\UIExec.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [VaisnavaReminder] C:\Program Files\Vaisnava Reminder\vreminder.exe s
O4 - HKCU\..\Run: [Google Update] "C:\Users\orsi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Communication Manager\AssistantServices.exe
--
End of file - 6540 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661145357-1025398801-1173272001-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661145357-1025398801-1173272001-1000UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\orsi\AppData\Roaming\Mozilla\Firefox\Profiles\kbfq5ckl.default
prefs.js - "browser.startup.homepage" - "www.google.sk"
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.262 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npwachk.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml
C:\Users\orsi\AppData\Roaming\Mozilla\Firefox\Profiles\kbfq5ckl.default\extensions\
firefox@ghostery.com
support@lastpass.com
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-08-31 449512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-08-31 157672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-02-22 1037608]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-10-17 11430504]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-12-09 74752]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-01-21 91520]
"CancelAutoPlay"=C:\Program Files\Communication Manager\CancelAutoPlay.exe [2011-07-13 414544]
"UIExec"=C:\Program Files\Communication Manager\UIExec.exe [2011-08-10 139088]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"SDTray"=C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [2012-07-04 3921432]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]
"VaisnavaReminder"=C:\Program Files\Vaisnava Reminder\vreminder.exe [2006-03-17 270848]
"Google Update"=C:\Users\orsi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-24 116648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2012-05-03 17355912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^orsi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Obrazovková spinka a spúšťač programu OneNote 2010.lnk]
C:\PROGRA~1\MICROS~2\Office14\ONENOTEM.EXE [2010-01-21 226176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon]
SDWinLogon.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\orsi\AppData\Local\Temp\bvy.exe"="c:\users\public\smss.exe:*:Enabled:Windows System Controler"
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=i420vfw.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.yv12"=yv12vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-09-04 12:08:03 ----D---- C:\rsit
2012-09-04 12:08:03 ----D---- C:\Program Files\trend micro
2012-09-02 09:07:18 ----D---- C:\Users\orsi\AppData\Roaming\Media Player Classic
2012-09-02 08:54:05 ----D---- C:\Program Files\K-Lite Codec Pack
2012-08-31 20:04:11 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-08-31 20:03:59 ----A---- C:\Windows\system32\sdnclean.exe
2012-08-31 20:03:49 ----D---- C:\Program Files\Spybot - Search & Destroy 2
2012-08-31 15:32:36 ----D---- C:\Program Files\Common Files\Java
2012-08-31 15:31:49 ----A---- C:\Windows\system32\javaws.exe
2012-08-31 15:31:40 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2012-08-31 15:31:40 ----A---- C:\Windows\system32\javaw.exe
2012-08-31 15:31:40 ----A---- C:\Windows\system32\java.exe
2012-08-16 14:19:34 ----A---- C:\Windows\system32\drivers\bthport.sys
2012-08-16 14:18:37 ----A---- C:\Windows\system32\mshtmled.dll
2012-08-16 14:18:36 ----A---- C:\Windows\system32\iertutil.dll
2012-08-16 14:18:35 ----A---- C:\Windows\system32\ieui.dll
2012-08-16 14:18:34 ----A---- C:\Windows\system32\jsproxy.dll
2012-08-16 14:18:34 ----A---- C:\Windows\system32\ieUnatt.exe
2012-08-16 14:18:33 ----A---- C:\Windows\system32\wininet.dll
2012-08-16 14:18:33 ----A---- C:\Windows\system32\jscript.dll
2012-08-16 14:18:32 ----A---- C:\Windows\system32\jscript9.dll
2012-08-16 14:18:31 ----A---- C:\Windows\system32\url.dll
2012-08-16 14:18:29 ----A---- C:\Windows\system32\urlmon.dll
2012-08-16 14:18:24 ----A---- C:\Windows\system32\mshtml.dll
2012-08-16 14:18:23 ----A---- C:\Windows\system32\ieframe.dll
2012-08-15 12:22:24 ----A---- C:\Windows\system32\srcore.dll
2012-08-15 12:22:21 ----A---- C:\Windows\system32\win32k.sys
2012-08-15 12:22:17 ----A---- C:\Windows\system32\win32spl.dll
2012-08-15 12:22:17 ----A---- C:\Windows\system32\spoolsv.exe
2012-08-15 12:22:11 ----A---- C:\Windows\system32\netapi32.dll
2012-08-15 12:22:11 ----A---- C:\Windows\system32\browser.dll
2012-08-15 12:22:11 ----A---- C:\Windows\system32\browcli.dll
2012-08-15 12:22:08 ----A---- C:\Windows\system32\localspl.dll
======List of files/folders modified in the last 1 month======
2012-09-04 12:18:31 ----D---- C:\Windows\Temp
2012-09-04 12:17:43 ----D---- C:\Windows
2012-09-04 12:16:35 ----D---- C:\Windows\system32\config
2012-09-04 12:08:03 ----RD---- C:\Program Files
2012-09-04 10:37:01 ----SHD---- C:\System Volume Information
2012-09-04 00:34:46 ----D---- C:\Users\orsi\AppData\Roaming\Winamp
2012-09-04 00:34:46 ----D---- C:\Users\orsi\AppData\Roaming\uTorrent
2012-09-04 00:32:55 ----D---- C:\Users\orsi\AppData\Roaming\vlc
2012-09-03 22:23:38 ----D---- C:\Windows\Prefetch
2012-09-03 20:53:11 ----D---- C:\torrenty
2012-09-02 08:54:13 ----D---- C:\Windows\System32
2012-09-02 00:45:08 ----D---- C:\Windows\system32\catroot2
2012-09-01 07:50:15 ----D---- C:\Users\orsi\AppData\Roaming\QuickScan
2012-09-01 00:04:00 ----D---- C:\Windows\system32\Tasks
2012-08-31 20:04:11 ----HD---- C:\ProgramData
2012-08-31 20:04:07 ----SD---- C:\ProgramData\Microsoft
2012-08-31 15:48:57 ----SHD---- C:\Windows\Installer
2012-08-31 15:48:16 ----D---- C:\Program Files\Java
2012-08-31 15:32:36 ----D---- C:\Program Files\Common Files
2012-08-31 15:31:30 ----A---- C:\Windows\system32\npDeployJava1.dll
2012-08-31 15:31:30 ----A---- C:\Windows\system32\deployJava1.dll
2012-08-29 07:49:01 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-08-29 00:24:48 ----D---- C:\Program Files\Mozilla Firefox
2012-08-28 21:14:44 ----D---- C:\Program Files\CCleaner
2012-08-28 13:33:49 ----D---- C:\Windows\inf
2012-08-28 13:29:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-08-26 16:41:44 ----D---- C:\Windows\ModemLogs
2012-08-21 11:12:23 ----A---- C:\Windows\system32\aswBoot.exe
2012-08-18 00:22:23 ----D---- C:\Windows\debug
2012-08-16 14:55:33 ----D---- C:\Windows\winsxs
2012-08-16 14:53:39 ----RSD---- C:\Windows\Fonts
2012-08-16 14:53:39 ----D---- C:\Windows\system32\migration
2012-08-16 14:53:38 ----D---- C:\Windows\system32\DriverStore
2012-08-16 14:53:38 ----D---- C:\Program Files\Internet Explorer
2012-08-16 14:53:37 ----D---- C:\Windows\system32\drivers
2012-08-16 14:20:56 ----A---- C:\Windows\system32\MRT.exe
2012-08-16 14:19:41 ----D---- C:\Windows\system32\catroot
2012-08-05 18:38:36 ----D---- C:\Users\orsi\AppData\Roaming\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2012-02-23 24408]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-08-21 44784]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-08-21 729752]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-08-21 355632]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-08-21 54232]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-06 242240]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-08-21 21256]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-08-21 58680]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-14 1035776]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-10-18 3546664]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2011-07-08 139880]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-02-22 198064]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-20 84992]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 zte_cdc_acm;ZTE All CDC-ACM driver; C:\Windows\system32\DRIVERS\zte_cdc_acm.sys [2011-08-10 67968]
S3 zte_cpo;ZTE All Install; C:\Windows\system32\DRIVERS\zte_cpo.sys [2011-08-10 9984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1136448]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-07-04 1188896]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-07-04 1395736]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-03-22 166528]
R2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-05-03 158856]
R2 UI Assistant Service;UI Assistant Service; C:\Program Files\Communication Manager\AssistantServices.exe [2011-08-10 261456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-29 114144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-20 1343400]
S4 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe []
-----------------EOF-----------------
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 | 2 | |
|
Kód: ComboFix 12-09-04.02 - orsi . 09. 2012 21:56:18.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1033.18.3067.2115 [GMT 2:00]
Running from: c:\users\orsi\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2012-08-04 to 2012-09-04 )))))))))))))))))))))))))))))))
.
.
2012-09-04 20:03 . 2012-09-04 20:03 -------- d-----w- c:\users\orsi\AppData\Local\temp
2012-09-04 20:03 . 2012-09-04 20:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-04 20:03 . 2012-09-04 20:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-04 10:08 . 2012-09-04 10:19 -------- d-----w- c:\program files\trend micro
2012-09-04 10:08 . 2012-09-04 10:08 -------- d-----w- C:\rsit
2012-09-04 08:37 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79CFEF0B-1AF4-49BF-A063-1980BDC8E886}\mpengine.dll
2012-09-02 07:07 . 2012-09-04 11:19 -------- d-----w- c:\users\orsi\AppData\Roaming\Media Player Classic
2012-09-02 06:54 . 2012-09-02 06:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-08-31 18:04 . 2012-09-04 19:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-31 18:03 . 2009-01-25 11:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-08-31 18:03 . 2012-08-31 18:05 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-08-31 13:32 . 2012-08-31 13:32 -------- d-----w- c:\program files\Common Files\Java
2012-08-31 13:31 . 2012-08-31 13:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-28 22:24 . 2012-08-28 22:24 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-16 12:19 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 10:22 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 10:22 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 10:22 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 10:22 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 10:22 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 10:22 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 10:22 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 13:31 . 2012-07-03 17:19 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-31 13:31 . 2012-02-20 00:20 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 09:13 . 2012-02-20 00:00 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-02-20 00:00 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-02-20 00:00 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-02-23 22:11 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-02-20 00:00 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-02-20 00:00 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-02-19 23:59 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-02-19 23:59 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-04 16:58 . 2012-04-19 10:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-04 16:58 . 2012-02-20 00:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-09 17:21 . 2012-02-20 00:13 178688 ----a-w- c:\windows\system32\unrar.dll
2012-08-28 22:24 . 2012-02-22 20:24 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"VaisnavaReminder"="c:\program files\Vaisnava Reminder\vreminder.exe" [2006-03-17 270848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 11430504]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"CancelAutoPlay"="c:\program files\Communication Manager\CancelAutoPlay.exe" [2011-07-13 414544]
"UIExec"="c:\program files\Communication Manager\UIExec.exe" [2011-08-10 139088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-07-04 3921432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Users^orsi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Obrazovková spinka a spúšťač programu OneNote 2010.lnk]
path=c:\users\orsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Obrazovková spinka a spúšťač programu OneNote 2010.lnk
backup=c:\windows\pss\Obrazovková spinka a spúšťač programu OneNote 2010.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-05-03 06:36 17355912 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 zte_cdc_acm;ZTE All CDC-ACM driver;c:\windows\system32\DRIVERS\zte_cdc_acm.sys [x]
R3 zte_cpo;ZTE All Install;c:\windows\system32\DRIVERS\zte_cpo.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files\Communication Manager\AssistantServices.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2661145357-1025398801-1173272001-1000Core.job
- c:\users\orsi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-24 12:01]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2661145357-1025398801-1173272001-1000UA.job
- c:\users\orsi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-24 12:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\orsi\AppData\Roaming\Mozilla\Firefox\Profiles\kbfq5ckl.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-04 22:05:51
ComboFix-quarantined-files.txt 2012-09-04 20:05
.
Pre-Run: 55 991 836 672 bytes free
Post-Run: 55 929 610 240 bytes free
.
- - End Of File - - 3A2A0CF1BDFADD9B386CB86B421032FC
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 | 2 | |
|
no po všetkych tych scanoch hadam už mam čisty pc. hlavne kvoli IB čo robim často.
Spybot som odinštaloval lebo mi skončila licencia či čo. už to nechcelo pracovať, tak som to poslal doprdele.
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 | 2 |
postupuj podľa inštrukcii ty počitač nemáš čisty
|
|
|
tie dva exe subori nemam, nie su tam.
combofix
Kód: ComboFix 12-09-04.02 - orsi . 09. 2012 18:50:07.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1033.18.3067.1901 [GMT 2:00]
Running from: c:\users\orsi\Desktop\ComboFix.exe
Command switches used :: c:\users\orsi\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\sdnclean.exe"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661145357-1025398801-1173272001-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661145357-1025398801-1173272001-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\ClientCount.bin
c:\programdata\Spybot - Search & Destroy\Ignore\Filesets.sbe
c:\programdata\Spybot - Search & Destroy\Ignore\Products.sbe
c:\programdata\Spybot - Search & Destroy\Immunization.ini
c:\programdata\Spybot - Search & Destroy\Logs\Firewall.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.120831-203614.txt
c:\programdata\Spybot - Search & Destroy\Logs\Immunization-Browsers.log
c:\programdata\Spybot - Search & Destroy\Logs\Scanner.log
c:\programdata\Spybot - Search & Destroy\Logs\Updates.log
c:\users\orsi\AppData\Local\Google\Update
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\GoogleUpdate.exe
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateBroker.exe
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateHelper.msi
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateOnDemand.exe
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateSetup.exe
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdate.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_am.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_ar.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_bg.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_bn.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_ca.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_cs.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_da.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_de.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_el.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_en-GB.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_en.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_es-419.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_es.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_et.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_fa.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_fi.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_fil.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_fr.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_gu.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_hi.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_hr.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_hu.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_id.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_is.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_it.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_iw.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_ja.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_kn.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_ko.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_lt.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_lv.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_ml.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_mr.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_ms.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_nl.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_no.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_pl.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_pt-BR.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_pt-PT.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_ro.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_ru.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_sk.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_sl.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_sr.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_sv.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_sw.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_ta.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_te.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_th.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_tr.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_uk.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_ur.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_vi.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_zh-CN.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\goopdateres_zh-TW.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\psmachine.dll
c:\users\orsi\AppData\Local\Google\Update\1.3.21.115\psuser.dll
c:\users\orsi\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.115\GoogleUpdateSetup.exe
c:\users\orsi\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\21.0.1180.89\21.0.1180.89_21.0.1180.83_chrome_updater.exe
c:\users\orsi\AppData\Local\Google\Update\GoogleUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-08-05 to 2012-09-05 )))))))))))))))))))))))))))))))
.
.
2012-09-05 16:58 . 2012-09-05 16:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-05 16:58 . 2012-09-05 16:58 -------- d-----w- c:\users\orsi\AppData\Local\temp
2012-09-05 16:58 . 2012-09-05 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-04 10:08 . 2012-09-04 10:19 -------- d-----w- c:\program files\trend micro
2012-09-04 10:08 . 2012-09-04 10:08 -------- d-----w- C:\rsit
2012-09-04 08:37 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79CFEF0B-1AF4-49BF-A063-1980BDC8E886}\mpengine.dll
2012-09-02 07:07 . 2012-09-05 06:42 -------- d-----w- c:\users\orsi\AppData\Roaming\Media Player Classic
2012-09-02 06:54 . 2012-09-02 06:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-08-31 13:32 . 2012-08-31 13:32 -------- d-----w- c:\program files\Common Files\Java
2012-08-31 13:31 . 2012-08-31 13:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-28 22:24 . 2012-08-28 22:24 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-16 12:19 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 10:22 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 10:22 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 10:22 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 10:22 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 10:22 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 10:22 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 10:22 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 13:31 . 2012-07-03 17:19 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-31 13:31 . 2012-02-20 00:20 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 09:13 . 2012-02-20 00:00 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-02-20 00:00 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-02-20 00:00 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-02-23 22:11 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-02-20 00:00 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-02-20 00:00 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-02-19 23:59 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-02-19 23:59 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-04 16:58 . 2012-04-19 10:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-04 16:58 . 2012-02-20 00:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-09 17:21 . 2012-02-20 00:13 178688 ----a-w- c:\windows\system32\unrar.dll
2012-08-28 22:24 . 2012-02-22 20:24 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VaisnavaReminder"="c:\program files\Vaisnava Reminder\vreminder.exe" [2006-03-17 270848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 11430504]
"UIExec"="c:\program files\Communication Manager\UIExec.exe" [2011-08-10 139088]
.
c:\users\orsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Obrazovková spinka a spúšťač programu OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 zte_cdc_acm;ZTE All CDC-ACM driver;c:\windows\system32\DRIVERS\zte_cdc_acm.sys [x]
R3 zte_cpo;ZTE All Install;c:\windows\system32\DRIVERS\zte_cpo.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files\Communication Manager\AssistantServices.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\orsi\AppData\Roaming\Mozilla\Firefox\Profiles\kbfq5ckl.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3760)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2012-09-05 19:05:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-05 17:05
ComboFix2.txt 2012-09-04 20:05
.
Pre-Run: 54 160 723 968 bytes free
Post-Run: 53 952 401 408 bytes free
.
- - End Of File - - A2BB2260C901E564BAEAEED48F9067B3
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 | 2 | |
|
Kód: RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : orsi [Admin rights] Mode : Scan -- Date : 09/05/2012 19:20:52 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500BEVS-22UST0 ATA Device +++++ --- User --- [MBR] 71a275fd62dbc2c7f31d24eae51e271e [BSP] 6f553ef9c603178345d6b294511c086e : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 10000 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20482048 | Size: 112692 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 251275264 | Size: 112709 Mo 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 482103296 | Size: 3072 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 | 2 | |
|
Kód: RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : orsi [Admin rights] Mode : HOSTSFix -- Date : 09/05/2012 19:34:59 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ Resetted HOSTS: ¤¤¤ 127.0.0.1 localhost Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 | 2 |
daj ešte report zo zmazania
|
|
|
neviem aky. tento je jediny. ta prva polozka bola deleted a tie dalsie dve replaced.
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 | 2 | |
|
nechcelo mi tu správu zobraziť, asi príliš dlhá, tu je koniec testu TDSkiller
Kód: 20:08:47.0089 4180 ================ Scan global ===============================
20:08:47.0138 4180 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:08:47.0179 4180 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
20:08:47.0468 4180 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
20:08:47.0513 4180 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:08:47.0624 4180 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:08:47.0640 4180 [Global] - ok
20:08:47.0641 4180 ================ Scan MBR ==================================
20:08:47.0666 4180 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:08:48.0038 4180 \Device\Harddisk0\DR0 - ok
20:08:48.0039 4180 ================ Scan VBR ==================================
20:08:48.0063 4180 [ 8B9BD3FDB7F9568F502A447FF99F6A4E ] \Device\Harddisk0\DR0\Partition1
20:08:48.0067 4180 \Device\Harddisk0\DR0\Partition1 - ok
20:08:48.0080 4180 [ A0B78C6898FA554209DE95D1F7BB0081 ] \Device\Harddisk0\DR0\Partition2
20:08:48.0083 4180 \Device\Harddisk0\DR0\Partition2 - ok
20:08:48.0112 4180 [ 0A97434E5E5BD8711D2771B693030051 ] \Device\Harddisk0\DR0\Partition3
20:08:48.0116 4180 \Device\Harddisk0\DR0\Partition3 - ok
20:08:48.0118 4180 ============================================================
20:08:48.0118 4180 Scan finished
20:08:48.0118 4180 ============================================================
20:08:48.0145 4172 Detected object count: 0
20:08:48.0145 4172 Actual detected object count: 0
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 | 2 | |
|
Kód: Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.09.05.09
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
orsi :: xxxx [administrator]
Protection: Enabled
5. 9. 2012 20:26:22
mbam-log-2012-09-05 (20-26-22).txt
Scan type: Full scan (C:\|D:\|E:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 434696
Time elapsed: 2 hour(s), 24 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 | 2 |
Dobre malwarebites odinštaluj pošli novy log z RSIT
|
|
|
Kód: Logfile of random's system information tool 1.09 (written by random/random)
Run by orsi at 2012-09-06 20:31:49
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 51 GB (46%) free of 113 GB
Total RAM: 3067 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:31:52, on 6. 9. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Communication Manager\UIExec.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\orsi\Downloads\RSIT.exe
C:\Program Files\trend micro\orsi.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [UIExec] "C:\Program Files\Communication Manager\UIExec.exe"
O4 - HKUS\S-1-5-21-2661145357-1025398801-1173272001-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2661145357-1025398801-1173272001-1001\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2661145357-1025398801-1173272001-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Obrazovková spinka a spúšťač programu OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Communication Manager\AssistantServices.exe
--
End of file - 4194 bytes
=========Mozilla firefox=========
ProfilePath - C:\Users\orsi\AppData\Roaming\Mozilla\Firefox\Profiles\kbfq5ckl.default
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.262 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npwachk.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml
C:\Users\orsi\AppData\Roaming\Mozilla\Firefox\Profiles\kbfq5ckl.default\extensions\
firefox@ghostery.com
support@lastpass.com
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-02-22 1037608]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-10-17 11430504]
"UIExec"=C:\Program Files\Communication Manager\UIExec.exe [2011-08-10 139088]
C:\Users\orsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Obrazovková spinka a spúšťač programu OneNote 2010.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2012-02-20 203776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\orsi\AppData\Local\Temp\bvy.exe"="c:\users\public\smss.exe:*:Enabled:Windows System Controler"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=i420vfw.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.yv12"=yv12vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2012-09-05 20:23:06 ----D---- C:\Users\orsi\AppData\Roaming\Malwarebytes
2012-09-05 20:22:51 ----D---- C:\ProgramData\Malwarebytes
2012-09-05 20:07:49 ----A---- C:\TDSSKiller.2.8.8.0_05.09.2012_20.07.49_log.txt
2012-09-05 19:05:06 ----A---- C:\ComboFix.txt
2012-09-05 19:01:02 ----D---- C:\$RECYCLE.BIN
2012-09-04 21:47:25 ----D---- C:\Windows\temp
2012-09-04 21:34:04 ----A---- C:\Windows\zip.exe
2012-09-04 21:34:04 ----A---- C:\Windows\SWSC.exe
2012-09-04 21:34:04 ----A---- C:\Windows\SWREG.exe
2012-09-04 21:34:04 ----A---- C:\Windows\sed.exe
2012-09-04 21:34:04 ----A---- C:\Windows\PEV.exe
2012-09-04 21:34:04 ----A---- C:\Windows\NIRCMD.exe
2012-09-04 21:34:04 ----A---- C:\Windows\MBR.exe
2012-09-04 21:34:04 ----A---- C:\Windows\grep.exe
2012-09-04 21:30:30 ----D---- C:\Qoobox
2012-09-04 21:29:59 ----D---- C:\Windows\erdnt
2012-09-04 18:59:36 ----A---- C:\NetBeansProjects - Shortcut.lnk
2012-09-04 12:08:03 ----D---- C:\rsit
2012-09-04 12:08:03 ----D---- C:\Program Files\trend micro
2012-09-02 09:07:18 ----D---- C:\Users\orsi\AppData\Roaming\Media Player Classic
2012-09-02 08:54:05 ----D---- C:\Program Files\K-Lite Codec Pack
2012-08-31 15:32:36 ----D---- C:\Program Files\Common Files\Java
2012-08-31 15:31:49 ----A---- C:\Windows\system32\javaws.exe
2012-08-31 15:31:40 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2012-08-31 15:31:40 ----A---- C:\Windows\system32\javaw.exe
2012-08-31 15:31:40 ----A---- C:\Windows\system32\java.exe
2012-08-16 14:19:34 ----A---- C:\Windows\system32\drivers\bthport.sys
2012-08-16 14:18:37 ----A---- C:\Windows\system32\mshtmled.dll
2012-08-16 14:18:36 ----A---- C:\Windows\system32\iertutil.dll
2012-08-16 14:18:35 ----A---- C:\Windows\system32\ieui.dll
2012-08-16 14:18:34 ----A---- C:\Windows\system32\jsproxy.dll
2012-08-16 14:18:34 ----A---- C:\Windows\system32\ieUnatt.exe
2012-08-16 14:18:33 ----A---- C:\Windows\system32\wininet.dll
2012-08-16 14:18:33 ----A---- C:\Windows\system32\jscript.dll
2012-08-16 14:18:32 ----A---- C:\Windows\system32\jscript9.dll
2012-08-16 14:18:31 ----A---- C:\Windows\system32\url.dll
2012-08-16 14:18:29 ----A---- C:\Windows\system32\urlmon.dll
2012-08-16 14:18:24 ----A---- C:\Windows\system32\mshtml.dll
2012-08-16 14:18:23 ----A---- C:\Windows\system32\ieframe.dll
2012-08-15 12:22:24 ----A---- C:\Windows\system32\srcore.dll
2012-08-15 12:22:21 ----A---- C:\Windows\system32\win32k.sys
2012-08-15 12:22:17 ----A---- C:\Windows\system32\win32spl.dll
2012-08-15 12:22:17 ----A---- C:\Windows\system32\spoolsv.exe
2012-08-15 12:22:11 ----A---- C:\Windows\system32\netapi32.dll
2012-08-15 12:22:11 ----A---- C:\Windows\system32\browser.dll
2012-08-15 12:22:11 ----A---- C:\Windows\system32\browcli.dll
2012-08-15 12:22:08 ----A---- C:\Windows\system32\localspl.dll
======List of files/folders modified in the last 1 month======
2012-09-06 20:23:38 ----D---- C:\Windows\system32\config
2012-09-06 20:10:06 ----RD---- C:\Program Files
2012-09-06 20:08:11 ----D---- C:\Windows\system32\drivers
2012-09-06 16:00:24 ----D---- C:\Users\orsi\AppData\Roaming\vlc
2012-09-05 20:22:51 ----D---- C:\ProgramData
2012-09-05 19:03:47 ----D---- C:\Windows\system32\Tasks
2012-09-05 19:03:45 ----D---- C:\Windows\Tasks
2012-09-05 19:02:58 ----D---- C:\Windows\Prefetch
2012-09-05 19:01:05 ----D---- C:\Windows
2012-09-05 19:01:05 ----A---- C:\Windows\system.ini
2012-09-05 19:00:56 ----D---- C:\Windows\system32\drivers\etc
2012-09-05 18:54:16 ----D---- C:\Windows\System32
2012-09-05 18:54:16 ----D---- C:\Windows\AppPatch
2012-09-05 18:54:13 ----D---- C:\Program Files\Common Files
2012-09-05 18:44:54 ----D---- C:\Users\orsi\AppData\Roaming\Winamp
2012-09-05 07:55:38 ----SD---- C:\ProgramData\Microsoft
2012-09-05 00:07:18 ----D---- C:\Users\orsi\AppData\Roaming\QuickScan
2012-09-04 10:37:01 ----SHD---- C:\System Volume Information
2012-09-04 00:34:46 ----D---- C:\Users\orsi\AppData\Roaming\uTorrent
2012-09-03 20:53:11 ----D---- C:\torrenty
2012-09-02 00:45:08 ----D---- C:\Windows\system32\catroot2
2012-08-31 15:48:57 ----SHD---- C:\Windows\Installer
2012-08-31 15:48:16 ----D---- C:\Program Files\Java
2012-08-31 15:31:30 ----A---- C:\Windows\system32\npDeployJava1.dll
2012-08-31 15:31:30 ----A---- C:\Windows\system32\deployJava1.dll
2012-08-29 07:49:01 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-08-29 00:24:48 ----D---- C:\Program Files\Mozilla Firefox
2012-08-28 21:14:44 ----D---- C:\Program Files\CCleaner
2012-08-28 13:33:49 ----D---- C:\Windows\inf
2012-08-28 13:29:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-08-26 16:41:44 ----D---- C:\Windows\ModemLogs
2012-08-21 11:12:23 ----A---- C:\Windows\system32\aswBoot.exe
2012-08-18 00:22:23 ----D---- C:\Windows\debug
2012-08-16 14:55:33 ----D---- C:\Windows\winsxs
2012-08-16 14:53:39 ----RSD---- C:\Windows\Fonts
2012-08-16 14:53:39 ----D---- C:\Windows\system32\migration
2012-08-16 14:53:38 ----D---- C:\Windows\system32\DriverStore
2012-08-16 14:53:38 ----D---- C:\Program Files\Internet Explorer
2012-08-16 14:20:56 ----A---- C:\Windows\system32\MRT.exe
2012-08-16 14:19:41 ----D---- C:\Windows\system32\catroot
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2012-02-23 24408]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-08-21 44784]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-08-21 729752]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-08-21 355632]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-08-21 54232]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-06 242240]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-08-21 21256]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-08-21 58680]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-14 1035776]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-10-18 3546664]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2011-07-08 139880]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-02-22 198064]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 catchme;catchme; \??\C:\Users\orsi\AppData\Local\Temp\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-20 84992]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 zte_cdc_acm;ZTE All CDC-ACM driver; C:\Windows\system32\DRIVERS\zte_cdc_acm.sys [2011-08-10 67968]
S3 zte_cpo;ZTE All Install; C:\Windows\system32\DRIVERS\zte_cpo.sys [2011-08-10 9984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1136448]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 UI Assistant Service;UI Assistant Service; C:\Program Files\Communication Manager\AssistantServices.exe [2011-08-10 261456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-29 114144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-20 1343400]
S4 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe []
-----------------EOF-----------------
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 | 2 |
Stiahni si OTM z http://www.geekstogo.com/forum/files/fi ... s-move-it/
do otm ľavej časti vlož stlač Movelt potom vlož log
:processes
explorer.exe
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Users\orsi\AppData\Local\Temp\bvy.exe
c:\users\public\smss.exe
:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\orsi\AppData\Local\Temp\bvy.exe"=-
"c:\users\public\smss.exe"=-
:commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[reboot]
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 | 2 |
ved tam máš viry a ty nato kašleš aka ľahostajnosť
|
|
|
vdaka za doterajsiu pomoc. problem sa uz nevyskytol (dlho).
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 | 2 |
máš aplikovať skript cez otm
|
|
|
už len skenujem čo som sto razy preskenoval. nemam rootkit ani malwar ani virus, prečistene registre, firefox sa sprava normalne, tak načo.
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 | 2 |
aplikuj skript a tym to skončilo
|
|
Stránka: 1 z 1
| [ Príspevkov: 29 ] | |
Podobné témy | | Témy | Odpovede | Zobrazenia | Posledný príspevok |
|---|
 | v Antivíry a antispywary | 4 | 873 | 20.07.2013 13:15 Denco1 | | v Novinky | 8 | 884 | 25.07.2007 20:55 tairikuokami | | v Sieťové a internetové programy | 6 | 476 | 18.03.2015 19:14 Gaaspi | | v Sieťové a internetové programy | 7 | 489 | 16.05.2011 15:02 Bajzik | | v Antivíry a antispywary | 3 | 753 | 25.09.2011 11:26 Leslie12 | | v Sieťové a internetové programy | 2 | 438 | 26.05.2010 19:14 krsoprd |  | [  Choď na stránku: 1, 2 ] v Služby a webstránky | 30 | 2173 | 20.09.2018 11:39 liqua1 | | v Operačné systémy Microsoft | 2 | 542 | 11.11.2006 13:39 bawy | | v HTML, XHTML, XML, CSS | 2 | 549 | 02.08.2009 17:17 shaggy | | v Redakčné systémy | 4 | 626 | 19.01.2007 19:14 Tom@S | | v Antivíry a antispywary | 13 | 1060 | 21.01.2017 21:58 tairikuokami | | v HTML, XHTML, XML, CSS | 7 | 646 | 24.02.2012 23:51 Cloie | | v Internetový marketing, SEO, reklama | 1 | 586 | 21.02.2015 12:57 killer | | v JavaScript, VBScript, Ajax | 6 | 445 | 26.03.2010 11:44 Lier | | v Služby a webstránky | 0 | 1132 | 07.07.2019 16:38 matmatmat | | v Krčma | 27 | 1413 | 03.11.2010 18:44 mirom |
|
