VIR z FACEBOOKU

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Odpovědět
stif
nováček
Příspěvky: 14
Registrován: červenec 11
Pohlaví: Muž
Stav:
Offline

Re: VIR z FACEBOOKU

Příspěvekod stif » 27 črc 2011 23:15

Tak jsem to tedy udělal jak jsi psal a na Virustotalu teď otestuju ty 2 soubory, ale už mi zase nejdou stránky a jsem tu přes anonymní surfování... :-/


ComboFix 11-07-27.03 - David 27.07.2011 22:58:41.2.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.1977.973 [GMT 2:00]
Spuštěný z: c:\users\Dušan\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Dušan\Desktop\CFScript.txt
AV: F-Secure Profi Antivirus 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: F-Secure Profi Antivirus 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: F-Secure Profi Antivirus 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Embedded Security Backup Schedule.job"
"c:\windows\Tasks\HPCeeScheduleForDavid.job"
"c:\windows\Tasks\Norton Security Scan for David.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\NORTON~2
c:\progra~2\NORTON~2\Engine\3.1.3.7\{2A85E335-7417-424d-AD89-31DED1689794}.dat
c:\progra~2\NORTON~2\Engine\3.1.3.7\{71B3DD3A-BC1F-40cc-A74F-C0C30DFCE7D5}.dat
c:\progra~2\NORTON~2\Engine\3.1.3.7\{F8D07955-00ED-4093-88AA-0A0F69AFD83C}.dat
c:\progra~2\NORTON~2\Engine\3.1.3.7\BilBDRes.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\ccL100U.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\ccScanw.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\ccVrTrst.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\Config.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\dec_abi.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\DefUtDCD.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\diLueCbk.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\ecmldr32.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\HeartBt.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\help.htm
c:\progra~2\NORTON~2\Engine\3.1.3.7\InstWrap.exe
c:\progra~2\NORTON~2\Engine\3.1.3.7\InstWRes.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\Microsoft.VC90.CRT.manifest
c:\progra~2\NORTON~2\Engine\3.1.3.7\msl.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\msvcp90.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\msvcr90.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\Nss.exe
c:\progra~2\NORTON~2\Engine\3.1.3.7\patch25d.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\PrdDtRes.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\ReputationCacheDB.db
c:\progra~2\NORTON~2\Engine\3.1.3.7\RevList.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\RptCdRes.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\SAUpdt.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\ScanCore.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\ScanRes.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\ScanText.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\SKU.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\SKURes.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\symbos.exe
c:\progra~2\NORTON~2\Engine\3.1.3.7\SymCCIS.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\SymCCISE.exe
c:\progra~2\NORTON~2\Engine\3.1.3.7\SymDltCl.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\SymHTML.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\SymInstallStub.exe
c:\progra~2\NORTON~2\isolate.ini
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_2414.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\{2A85E335-7417-424d-AD89-31DED1689794}.dat
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\{71B3DD3A-BC1F-40cc-A74F-C0C30DFCE7D5}.dat
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\{F8D07955-00ED-4093-88AA-0A0F69AFD83C}.dat
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\BilBDRes.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\ccL100U.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\ccScanw.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\ccVrTrst.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\Config.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\dec_abi.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\DefUtDCD.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\diLueCbk.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\ecmldr32.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\HeartBt.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\help.htm
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\InstWrap.exe
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\InstWRes.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\Microsoft.VC90.CRT.manifest
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\msl.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\msvcp90.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\msvcr90.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\Nss.exe
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\patch25d.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\PrdDtRes.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\ReputationCacheDB.db
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\RevList.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\RptCdRes.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\SAUpdt.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\ScanCore.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\ScanRes.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\ScanText.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\SKU.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\SKURes.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\symbos.exe
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\SymCCIS.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\SymCCISE.exe
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\SymDltCl.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\SymHTML.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\SymInstallStub.exe
c:\program files (x86)\Norton Security Scan\isolate.ini
c:\program files (x86)\NortonInstaller
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\09\01\InstUI.loc
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\ccL100U.dll
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\ccSet.dll
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\Engine.dll
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\extract.dat
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\fallback.dat
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\finalzed.dat
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\install.dat
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\Install.mft
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\InstStub.exe
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\InstUI.dll
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\layout.dat
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\Microsoft.VC90.CRT\msvcm90.dll
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\Microsoft.VC90.CRT\msvcp90.dll
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\Microsoft.VC90.CRT\msvcr90.dll
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\ProdCbk.dll
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\SKU.dll
c:\programdata\Norton
c:\programdata\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\isolate.ini
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Module9000.txt
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_3.1.3.7\Connections\connections.dat
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_3.1.3.7\diMaster\eula.dat
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_3.1.3.7\diMaster\service.dat
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_3.1.3.7\itbLUReg\{65190544-26C3-43a4-A78A-694964901607}.dat
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_3.1.3.7\itbLUReg\{6E3396BD-C6A6-4f0f-9254-267F9058FEC4}.dat
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_3.1.3.7\itbLUReg\{D4F4CC32-7A41-4684-AE57-41E59E9B4503}.dat
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\Tasks\Embedded Security Backup Schedule.job
c:\windows\Tasks\HPCeeScheduleForDavid.job
c:\windows\Tasks\Norton Security Scan for David.job
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-27 21:04 . 2011-07-27 21:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-07-27 21:04 . 2011-07-27 21:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-27 20:56 . 2011-07-27 20:57 -------- d-----w- C:\32788R22FWJFW
2011-07-27 10:15 . 2011-07-27 10:15 -------- d-----w- c:\users\Dušan\AppData\Roaming\Malwarebytes
2011-07-27 10:14 . 2011-07-27 10:14 -------- d-----w- c:\programdata\Malwarebytes
2011-07-27 10:14 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 08:54 . 2011-07-27 08:54 388096 ----a-r- c:\users\Dušan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-27 08:54 . 2011-07-27 08:54 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-26 06:18 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF3B12A1-7D77-4E4B-82B6-800ABF4ACE15}\mpengine.dll
2011-07-22 16:31 . 2011-07-22 16:31 -------- d-----w- c:\windows\system32\SPReview
2011-07-22 16:30 . 2011-07-22 16:30 -------- d-----w- c:\windows\system32\EventProviders
2011-07-22 16:26 . 2011-06-02 06:39 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-09 11:16 . 2011-07-09 11:16 -------- d-----w- c:\programdata\Uniblue
2011-07-08 15:45 . 2011-07-08 15:45 -------- d-----w- c:\program files (x86)\Rockstar Games
2011-07-08 15:45 . 2004-10-22 00:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-07-08 15:45 . 2004-10-22 00:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-07-08 15:45 . 2004-10-22 00:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-07-08 15:45 . 2004-10-22 00:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-07-08 15:45 . 2004-10-22 00:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-07-08 15:45 . 2004-10-22 00:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-07-08 15:45 . 2011-07-08 15:45 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-07-08 15:45 . 2011-07-08 15:45 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-07-08 10:54 . 2011-07-08 10:55 -------- d-----w- c:\program files (x86)\Sanny Builder 3
2011-07-04 14:29 . 2011-07-04 14:29 -------- d-----w- c:\users\Dušan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-07-04 14:29 . 2011-07-04 14:29 -------- d-----w- c:\users\Dušan\AppData\Roaming\Adobe Mini Bridge CS5
2011-07-02 08:52 . 2011-07-02 08:52 -------- d-----w- c:\program files (x86)\AMD
2011-07-02 08:51 . 2011-07-02 08:51 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-07-02 06:23 . 2011-07-25 14:08 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-07-01 17:21 . 2011-07-01 17:21 -------- d-----w- c:\windows\system32\drivers\NSSx64
2011-07-01 17:21 . 2011-07-01 17:21 -------- d-----w- c:\programdata\NortonInstaller
2011-07-01 15:20 . 2011-07-23 17:49 -------- d-----w- c:\windows\SysWow64\Adobe
2011-07-01 13:19 . 2011-07-01 13:33 -------- d-----w- c:\program files (x86)\ValuSoft
2011-07-01 12:08 . 2011-07-01 12:10 42496 ----a-w- c:\windows\SysWow64\ppa_service.dll
2011-07-01 12:08 . 2011-07-01 12:10 142848 ----a-w- c:\windows\SysWow64\ppa_service.exe
2011-06-29 17:39 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-27 08:54 . 2011-07-27 08:54 388096 ----a-r- c:\users\Dušan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-27 08:54 . 2011-07-27 08:54 388096 ----a-r- c:\users\Dušan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-02 05:56 . 2011-07-22 16:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 12:56 . 2011-05-28 12:56 71680 ----a-w- c:\windows\system32\frapsv64.dll
2011-05-28 12:56 . 2011-05-28 12:56 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-05-28 03:25 . 2011-06-17 14:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-17 14:27 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 17:14 . 2010-08-06 10:28 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-19 18:41 . 2011-02-17 19:47 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-05-19 18:41 . 2011-02-13 14:14 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-05-19 18:40 . 2011-02-13 14:14 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-05-12 16:08 . 2011-05-12 16:08 33344 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-05-04 02:51 . 2011-06-17 14:29 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-17 14:29 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-17 14:29 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-17 14:26 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-17 14:26 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:13 . 2011-06-17 14:27 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-17 14:27 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-17 14:27 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-27_17.32.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-27 18:31 . 2011-07-27 19:21 49610 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-27 19:21 43954 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-07-27 03:59 43954 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-26 15:57 . 2011-07-27 19:21 15952 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1459436612-1153864292-828164040-1001_UserData.bin
- 2010-07-26 16:08 . 2011-07-27 17:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-26 16:08 . 2011-07-27 20:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-26 16:08 . 2011-07-27 17:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-26 16:08 . 2011-07-27 20:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-27 17:31 . 2011-07-27 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-27 21:05 . 2011-07-27 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-27 21:05 . 2011-07-27 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-27 17:31 . 2011-07-27 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-06 09:57 . 2011-07-27 18:47 252306 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2011-07-27 20:13 622938 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-07-27 12:41 622938 c:\windows\system32\perfh009.dat
+ 2010-07-25 06:24 . 2011-07-27 20:13 638182 c:\windows\system32\perfh005.dat
- 2010-07-25 06:24 . 2011-07-27 12:41 638182 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-07-27 12:41 109434 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-07-27 20:13 109434 c:\windows\system32\perfc009.dat
- 2010-07-25 06:24 . 2011-07-27 12:41 124952 c:\windows\system32\perfc005.dat
+ 2010-07-25 06:24 . 2011-07-27 20:13 124952 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2011-07-27 17:30 378436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-27 21:04 378436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-07-27 13:25 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-07-27 19:30 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-06-29 432848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-11 11265536]
"RoxioDragToDisc"="c:\program files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2009-10-02 1107232]
"F-Secure Manager"="c:\program files (x86)\F-Secure\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files (x86)\F-Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 09:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLCDLOCK;Auditování/zamknutí zařízení nástroje HP ProtectTools;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 ppwcn;{3AB5A107-198B-4C44-852C-343244F8FF3F};c:\program files (x86)\ophcrack\pwdump\servpw.exe [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS [x]
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\F-Secure\HIPS\drivers\fshs.sys [2009-08-05 57920]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2009-08-05 14904]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [x]
S1 RsvLock;RsvLock; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS [x]
S2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS [x]
S2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS [x]
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS [x]
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS [x]
S2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS [x]
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS [x]
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS [x]
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-01-26 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-11 297984]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-24 2066968]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-01-26 704512]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-06-09 198824]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\F-Secure\ORSP Client\fsorsp.exe [2011-05-23 61088]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 10:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-27 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~2\F-Secure\ANTI-V~1\fsav.exe [2010-08-06 15:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-02 7938080]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-24 796696]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-04-11 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-02 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-02 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-02 417304]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\F-Secure\FSPS\program\FSLSP.DLL
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-NSS - c:\progra~2\NORTON~2\Engine\313~1.7\InstWrap.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files (x86)\F-Secure\Common\FSMA32.EXE
c:\program files (x86)\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files (x86)\F-Secure\Common\FSHDLL32.EXE
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\AMT\LMS.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\F-Secure\Anti-Virus\fssm32.exe
c:\program files (x86)\F-Secure\Anti-Virus\fsav32.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
.
**************************************************************************
.
Celkový čas: 2011-07-27 23:11:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-27 21:11
ComboFix2.txt 2011-07-27 17:38
.
Před spuštěním: Volných bajtů: 133 596 282 880
Po spuštění: Volných bajtů: 133 515 730 944
.
- - End Of File - - 11AC065FB40969B5D99DE1F2EB280012
Nahoru
Reklama
Top
stif
nováček
Příspěvky: 14
Registrován: červenec 11
Pohlaví: Muž
Stav:
Offline

Re: VIR z FACEBOOKU

Příspěvekod stif » 27 črc 2011 23:19

Tak jsem to tedy udělal a ty soubory otestnu teď přes ten antivir... Ale opět mi nejdou načíst skoro žádné stránky...

ComboFix 11-07-27.03 - David 27.07.2011 22:58:41.2.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.1977.973 [GMT 2:00]
Spuštěný z: c:\users\Dušan\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Dušan\Desktop\CFScript.txt
AV: F-Secure Profi Antivirus 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: F-Secure Profi Antivirus 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: F-Secure Profi Antivirus 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Embedded Security Backup Schedule.job"
"c:\windows\Tasks\HPCeeScheduleForDavid.job"
"c:\windows\Tasks\Norton Security Scan for David.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\NORTON~2
c:\progra~2\NORTON~2\Engine\3.1.3.7\{2A85E335-7417-424d-AD89-31DED1689794}.dat
c:\progra~2\NORTON~2\Engine\3.1.3.7\{71B3DD3A-BC1F-40cc-A74F-C0C30DFCE7D5}.dat
c:\progra~2\NORTON~2\Engine\3.1.3.7\{F8D07955-00ED-4093-88AA-0A0F69AFD83C}.dat
c:\progra~2\NORTON~2\Engine\3.1.3.7\BilBDRes.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\ccL100U.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\ccScanw.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\ccVrTrst.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\Config.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\dec_abi.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\DefUtDCD.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\diLueCbk.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\ecmldr32.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\HeartBt.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\help.htm
c:\progra~2\NORTON~2\Engine\3.1.3.7\InstWrap.exe
c:\progra~2\NORTON~2\Engine\3.1.3.7\InstWRes.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\Microsoft.VC90.CRT.manifest
c:\progra~2\NORTON~2\Engine\3.1.3.7\msl.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\msvcp90.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\msvcr90.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\Nss.exe
c:\progra~2\NORTON~2\Engine\3.1.3.7\patch25d.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\PrdDtRes.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\ReputationCacheDB.db
c:\progra~2\NORTON~2\Engine\3.1.3.7\RevList.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\RptCdRes.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\SAUpdt.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\ScanCore.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\ScanRes.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\ScanText.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\SKU.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\SKURes.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\symbos.exe
c:\progra~2\NORTON~2\Engine\3.1.3.7\SymCCIS.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\SymCCISE.exe
c:\progra~2\NORTON~2\Engine\3.1.3.7\SymDltCl.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\SymHTML.dll
c:\progra~2\NORTON~2\Engine\3.1.3.7\SymInstallStub.exe
c:\progra~2\NORTON~2\isolate.ini
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_2414.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\{2A85E335-7417-424d-AD89-31DED1689794}.dat
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\{71B3DD3A-BC1F-40cc-A74F-C0C30DFCE7D5}.dat
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\{F8D07955-00ED-4093-88AA-0A0F69AFD83C}.dat
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\BilBDRes.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\ccL100U.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\ccScanw.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\ccVrTrst.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\Config.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\dec_abi.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\DefUtDCD.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\diLueCbk.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\ecmldr32.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\HeartBt.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\help.htm
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\InstWrap.exe
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\InstWRes.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\Microsoft.VC90.CRT.manifest
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\msl.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\msvcp90.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\msvcr90.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\Nss.exe
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\patch25d.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\PrdDtRes.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\ReputationCacheDB.db
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\RevList.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\RptCdRes.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\SAUpdt.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\ScanCore.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\ScanRes.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\ScanText.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\SKU.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\SKURes.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\symbos.exe
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\SymCCIS.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\SymCCISE.exe
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\SymDltCl.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\SymHTML.dll
c:\program files (x86)\Norton Security Scan\Engine\3.1.3.7\SymInstallStub.exe
c:\program files (x86)\Norton Security Scan\isolate.ini
c:\program files (x86)\NortonInstaller
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\09\01\InstUI.loc
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\ccL100U.dll
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\ccSet.dll
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\Engine.dll
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\extract.dat
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\fallback.dat
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\finalzed.dat
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\install.dat
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\Install.mft
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\InstStub.exe
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\InstUI.dll
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\layout.dat
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\Microsoft.VC90.CRT\msvcm90.dll
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\Microsoft.VC90.CRT\msvcp90.dll
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\Microsoft.VC90.CRT\msvcr90.dll
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\ProdCbk.dll
c:\program files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.1.3.7\SKU.dll
c:\programdata\Norton
c:\programdata\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\isolate.ini
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Module9000.txt
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_3.1.3.7\Connections\connections.dat
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_3.1.3.7\diMaster\eula.dat
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_3.1.3.7\diMaster\service.dat
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_3.1.3.7\itbLUReg\{65190544-26C3-43a4-A78A-694964901607}.dat
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_3.1.3.7\itbLUReg\{6E3396BD-C6A6-4f0f-9254-267F9058FEC4}.dat
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_3.1.3.7\itbLUReg\{D4F4CC32-7A41-4684-AE57-41E59E9B4503}.dat
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\Tasks\Embedded Security Backup Schedule.job
c:\windows\Tasks\HPCeeScheduleForDavid.job
c:\windows\Tasks\Norton Security Scan for David.job
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-27 21:04 . 2011-07-27 21:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-07-27 21:04 . 2011-07-27 21:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-27 20:56 . 2011-07-27 20:57 -------- d-----w- C:\32788R22FWJFW
2011-07-27 10:15 . 2011-07-27 10:15 -------- d-----w- c:\users\Dušan\AppData\Roaming\Malwarebytes
2011-07-27 10:14 . 2011-07-27 10:14 -------- d-----w- c:\programdata\Malwarebytes
2011-07-27 10:14 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 08:54 . 2011-07-27 08:54 388096 ----a-r- c:\users\Dušan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-27 08:54 . 2011-07-27 08:54 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-26 06:18 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF3B12A1-7D77-4E4B-82B6-800ABF4ACE15}\mpengine.dll
2011-07-22 16:31 . 2011-07-22 16:31 -------- d-----w- c:\windows\system32\SPReview
2011-07-22 16:30 . 2011-07-22 16:30 -------- d-----w- c:\windows\system32\EventProviders
2011-07-22 16:26 . 2011-06-02 06:39 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-09 11:16 . 2011-07-09 11:16 -------- d-----w- c:\programdata\Uniblue
2011-07-08 15:45 . 2011-07-08 15:45 -------- d-----w- c:\program files (x86)\Rockstar Games
2011-07-08 15:45 . 2004-10-22 00:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-07-08 15:45 . 2004-10-22 00:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-07-08 15:45 . 2004-10-22 00:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-07-08 15:45 . 2004-10-22 00:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-07-08 15:45 . 2004-10-22 00:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-07-08 15:45 . 2004-10-22 00:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-07-08 15:45 . 2011-07-08 15:45 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-07-08 15:45 . 2011-07-08 15:45 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-07-08 10:54 . 2011-07-08 10:55 -------- d-----w- c:\program files (x86)\Sanny Builder 3
2011-07-04 14:29 . 2011-07-04 14:29 -------- d-----w- c:\users\Dušan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-07-04 14:29 . 2011-07-04 14:29 -------- d-----w- c:\users\Dušan\AppData\Roaming\Adobe Mini Bridge CS5
2011-07-02 08:52 . 2011-07-02 08:52 -------- d-----w- c:\program files (x86)\AMD
2011-07-02 08:51 . 2011-07-02 08:51 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-07-02 06:23 . 2011-07-25 14:08 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-07-01 17:21 . 2011-07-01 17:21 -------- d-----w- c:\windows\system32\drivers\NSSx64
2011-07-01 17:21 . 2011-07-01 17:21 -------- d-----w- c:\programdata\NortonInstaller
2011-07-01 15:20 . 2011-07-23 17:49 -------- d-----w- c:\windows\SysWow64\Adobe
2011-07-01 13:19 . 2011-07-01 13:33 -------- d-----w- c:\program files (x86)\ValuSoft
2011-07-01 12:08 . 2011-07-01 12:10 42496 ----a-w- c:\windows\SysWow64\ppa_service.dll
2011-07-01 12:08 . 2011-07-01 12:10 142848 ----a-w- c:\windows\SysWow64\ppa_service.exe
2011-06-29 17:39 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-27 08:54 . 2011-07-27 08:54 388096 ----a-r- c:\users\Dušan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-27 08:54 . 2011-07-27 08:54 388096 ----a-r- c:\users\Dušan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-02 05:56 . 2011-07-22 16:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 12:56 . 2011-05-28 12:56 71680 ----a-w- c:\windows\system32\frapsv64.dll
2011-05-28 12:56 . 2011-05-28 12:56 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-05-28 03:25 . 2011-06-17 14:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-17 14:27 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 17:14 . 2010-08-06 10:28 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-19 18:41 . 2011-02-17 19:47 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-05-19 18:41 . 2011-02-13 14:14 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-05-19 18:40 . 2011-02-13 14:14 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-05-12 16:08 . 2011-05-12 16:08 33344 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-05-04 02:51 . 2011-06-17 14:29 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-17 14:29 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-17 14:29 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-17 14:26 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-17 14:26 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:13 . 2011-06-17 14:27 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-17 14:27 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-17 14:27 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-27_17.32.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-27 18:31 . 2011-07-27 19:21 49610 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-27 19:21 43954 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-07-27 03:59 43954 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-26 15:57 . 2011-07-27 19:21 15952 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1459436612-1153864292-828164040-1001_UserData.bin
- 2010-07-26 16:08 . 2011-07-27 17:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-26 16:08 . 2011-07-27 20:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-26 16:08 . 2011-07-27 17:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-26 16:08 . 2011-07-27 20:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-27 17:31 . 2011-07-27 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-27 21:05 . 2011-07-27 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-27 21:05 . 2011-07-27 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-27 17:31 . 2011-07-27 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-06 09:57 . 2011-07-27 18:47 252306 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2011-07-27 20:13 622938 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-07-27 12:41 622938 c:\windows\system32\perfh009.dat
+ 2010-07-25 06:24 . 2011-07-27 20:13 638182 c:\windows\system32\perfh005.dat
- 2010-07-25 06:24 . 2011-07-27 12:41 638182 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-07-27 12:41 109434 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-07-27 20:13 109434 c:\windows\system32\perfc009.dat
- 2010-07-25 06:24 . 2011-07-27 12:41 124952 c:\windows\system32\perfc005.dat
+ 2010-07-25 06:24 . 2011-07-27 20:13 124952 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2011-07-27 17:30 378436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-27 21:04 378436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-07-27 13:25 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-07-27 19:30 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-06-29 432848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-11 11265536]
"RoxioDragToDisc"="c:\program files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2009-10-02 1107232]
"F-Secure Manager"="c:\program files (x86)\F-Secure\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files (x86)\F-Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 09:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLCDLOCK;Auditování/zamknutí zařízení nástroje HP ProtectTools;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 ppwcn;{3AB5A107-198B-4C44-852C-343244F8FF3F};c:\program files (x86)\ophcrack\pwdump\servpw.exe [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS [x]
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\F-Secure\HIPS\drivers\fshs.sys [2009-08-05 57920]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2009-08-05 14904]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [x]
S1 RsvLock;RsvLock; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS [x]
S2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS [x]
S2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS [x]
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS [x]
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS [x]
S2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS [x]
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS [x]
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS [x]
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-01-26 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-11 297984]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-24 2066968]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-01-26 704512]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-06-09 198824]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\F-Secure\ORSP Client\fsorsp.exe [2011-05-23 61088]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 10:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-27 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~2\F-Secure\ANTI-V~1\fsav.exe [2010-08-06 15:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-02 7938080]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-24 796696]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-04-11 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-02 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-02 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-02 417304]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\F-Secure\FSPS\program\FSLSP.DLL
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-NSS - c:\progra~2\NORTON~2\Engine\313~1.7\InstWrap.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files (x86)\F-Secure\Common\FSMA32.EXE
c:\program files (x86)\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files (x86)\F-Secure\Common\FSHDLL32.EXE
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\AMT\LMS.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\F-Secure\Anti-Virus\fssm32.exe
c:\program files (x86)\F-Secure\Anti-Virus\fsav32.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
.
**************************************************************************
.
Celkový čas: 2011-07-27 23:11:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-27 21:11
ComboFix2.txt 2011-07-27 17:38
.
Před spuštěním: Volných bajtů: 133 596 282 880
Po spuštění: Volných bajtů: 133 515 730 944
.
- - End Of File - - 11AC065FB40969B5D99DE1F2EB280012
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43061
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: VIR z FACEBOOKU

Příspěvekod jaro3 » 27 črc 2011 23:42

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\perfh009.dat
c:\windows\system32\perfh009.dat
c:\windows\system32\perfh005.dat
c:\windows\system32\perfh005.dat
c:\windows\system32\perfc009.dat
c:\windows\system32\perfc009.dat
c:\windows\system32\perfc005.dat
c:\windows\system32\perfc005.dat

Folder::
C:\32788R22FWJFW
c:\windows\system32\drivers\NSSx64
c:\programdata\NortonInstaller
c:\program files (x86)\Symantec

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"=-


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\DRIVERS\DAMDrv64.sys
c:\program files (x86)\ophcrack\pwdump\servpw.exe
c:\windows\SysWow64\ppa_service.dll
c:\windows\SysWow64\ppa_service.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Odpovědět

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 8 hostů