Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
FB virus
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: FB virus
dobre sprav to takto, klikni na FILE>>klikni na Standarts script>>Zafajkni 3-ku>>a klikni na gombik>>execute selected script, pockaj kym to skonci, pozri sa do zlozky log, ak nebude prazdna, vloz na letecku postu a link vloz sem
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: FB virus
no yase to iste skusal som obydvoje aj v safe mode
Re: FB virus
ok, vyskusame este nieco ine citaj pozorne co pisem.
spust este raz AVZ>>das FILE-Custom script> a skopiruj tento script do oknaKlikni na RUN
pockaj kym script prebehne, potom
Spust znova combofix a log vloz sem
spust este raz AVZ>>das FILE-Custom script> a skopiruj tento script do oknaKlikni na RUN
Kód: Vybrat vše
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('globalroot\device\svchost.exe\svchost.exe','');
DeleteFile('globalroot\device\svchost.exe\svchost.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.Spust znova combofix a log vloz sem
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: FB virus
ked som dal tento script tak sa restartoval pc ale nespravila sa zlozka LOG....mam tam teraz 3 zlozky backup, base, quarantine....mam to teda prebhnut stym combofixom?
Re: FB virus
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: FB virus
pisal som ze LOG sa mi vobec nevytvorila...takze neviem pustimten combofix
Re: FB virus
a co je v zlozke quarantine??
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: FB virus
je tam zlozka s datumov a v nej 2 suvbory bcqr00001.ini a tam
[InfectedFile]
Src=\??\globalroot\device\svchost.exe\svchost.exe
Infected=bcqr00001.dat
Virus=BootCleaner quarantine
Size=0
CopyStatus=C000003A
a v 2. to je subor bcqr00002.ini a tam
[InfectedFile]
Src=\??\globalroot\device\svchost.exe\svchost.exe
Infected=bcqr00002.dat
Virus=BootCleaner quarantine
Size=0
CopyStatus=C000003A
[InfectedFile]
Src=\??\globalroot\device\svchost.exe\svchost.exe
Infected=bcqr00001.dat
Virus=BootCleaner quarantine
Size=0
CopyStatus=C000003A
a v 2. to je subor bcqr00002.ini a tam
[InfectedFile]
Src=\??\globalroot\device\svchost.exe\svchost.exe
Infected=bcqr00002.dat
Virus=BootCleaner quarantine
Size=0
CopyStatus=C000003A
Re: FB virus
dobre, tuto zlozku zazipsuj, zahesluj a uploadni na letecku postu,link a heslo vloz do sukromnej spravy.
A spust combofix
log vloz sem
A spust combofix
log vloz sem
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: FB virus
takze po combofixe :
ComboFix 11-07-22.01 - Owner 22.07.2011 15:30:21.2.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1014.565 [GMT 2:00]
Running from: C:\Documents and Settings\Owner\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\assembly\GAC_MSIL\desktop.ini
Infected copy of C:\WINDOWS\system32\wuauclt.exe was found and disinfected
Restored copy from - C:\WINDOWS\system32\dllcache\wuauclt.exe
((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 )))))))))))))))))))))))))))))))
2011-07-22 12:58:01 . 2011-07-22 12:58:01 13312 ----a-w- C:\WINDOWS\system32\drivers\vdi4ndex.sys
2011-07-22 11:14:38 . 2011-07-22 11:14:38 -------- d-----w- C:\Documents and Settings\Owner\Local Settings\Application Data\LG Electronics
2011-07-22 10:20:18 . 2011-07-22 10:20:18 -------- d-----w- C:\Program Files\ESET
2011-07-22 10:20:18 . 2011-07-22 10:20:18 -------- d-----w- C:\Documents and Settings\All Users\Application Data\ESET
2011-07-22 10:04:02 . 2011-07-12 18:39:02 6881616 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD88AEB3-E9A6-46B3-8F91-6649890E006A}\mpengine.dll
2011-07-22 09:59:44 . 2011-07-22 10:00:24 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-07-22 09:09:46 . 2011-07-22 09:09:49 -------- d-----w- C:\WINDOWS\TempB3C8FDF1-A370-AA90-3F6E-101E5F035BF8-Signatures
2011-07-21 17:32:06 . 2011-07-21 17:32:06 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2011-07-21 17:31:58 . 2011-07-06 17:52:42 41272 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-07-21 17:31:57 . 2011-07-21 17:31:57 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-07-21 17:31:54 . 2011-07-06 17:52:42 22712 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-21 17:31:53 . 2011-07-22 09:05:00 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-21 12:58:23 . 2011-07-21 12:58:25 -------- d-----w- C:\WINDOWS\ufa
2011-07-21 12:58:23 . 2011-07-21 12:58:24 -------- d-----w- C:\WINDOWS\rpcminer
2011-07-21 12:58:23 . 2011-07-21 12:58:24 -------- d-----w- C:\WINDOWS\phoenix
2011-07-21 12:57:02 . 2011-07-21 12:58:22 246272 ----a-w- C:\WINDOWS\unrar.exe
2011-07-21 12:53:17 . 2011-07-21 12:53:17 -------- d-----w- C:\WINDOWS\av_ico
2011-07-21 12:51:02 . 2011-07-22 06:56:31 -------- d-----w- C:\Documents and Settings\Administrator
2011-07-17 19:14:15 . 1997-01-18 08:40:30 299520 ----a-w- C:\WINDOWS\uninst.exe
2011-07-12 19:27:33 . 2011-07-12 19:27:33 -------- d-----w- C:\Program Files\DreamWorks Interactive
2011-07-07 11:41:23 . 2003-05-23 11:28:54 348160 ----a-w- C:\WINDOWS\system32\msvcr71.dll
2011-07-07 11:41:23 . 2003-05-23 11:28:52 499712 ----a-w- C:\WINDOWS\system32\msvcp71.dll
2011-07-07 11:38:15 . 2003-05-23 11:28:52 1060864 ----a-w- C:\WINDOWS\system32\mfc71.dll
2011-07-07 11:37:10 . 2002-12-05 12:10:32 155648 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-07-07 11:37:10 . 2002-12-02 11:33:04 57344 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-07-07 11:37:10 . 2002-12-02 11:33:04 237568 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-07-07 11:37:09 . 2003-02-27 14:12:48 696320 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-07-07 11:37:09 . 2002-12-02 13:22:44 5632 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-07-07 11:37:08 . 2011-07-07 11:37:08 282756 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-07-07 11:37:08 . 2011-07-07 11:37:08 163972 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-07-06 10:15:12 . 2011-07-06 10:15:12 -------- d--h--r- C:\Documents and Settings\Owner\Application Data\SecuROM
2011-07-05 14:50:02 . 2011-07-05 14:50:02 -------- d-----w- C:\Documents and Settings\Owner\Application Data\MyPhoneExplorer
2011-07-05 14:46:24 . 2011-07-05 14:50:02 -------- d-----w- C:\Program Files\MyPhoneExplorer
2011-07-02 19:35:12 . 2011-07-02 19:35:12 -------- d-----w- C:\Documents and Settings\Owner\Local Settings\Application Data\DOSBox
2011-07-02 19:31:39 . 2011-07-05 19:38:00 -------- d-----w- C:\Program Files\DOSBox-0.74
2011-06-27 19:19:37 . 2011-07-22 12:37:32 -------- d-----w- C:\Program Files\LG Electronics
2011-06-27 19:17:46 . 2011-06-27 19:17:46 -------- d-----w- C:\LGP500
2011-06-27 19:16:56 . 2011-05-10 11:37:38 224768 ----a-w- C:\WINDOWS\system32\msvcm90.dll
2011-06-27 19:16:55 . 2011-05-10 11:37:38 655872 ----a-w- C:\WINDOWS\system32\msvcr90.dll
2011-06-27 19:16:55 . 2011-05-10 11:37:38 568832 ----a-w- C:\WINDOWS\system32\msvcp90.dll
2011-06-27 19:16:48 . 2006-05-04 06:33:42 53248 ----a-w- C:\WINDOWS\system32\CommonDL.dll
2011-06-27 19:16:48 . 2005-10-03 23:39:58 44544 ----a-w- C:\WINDOWS\system32\msxml4a.dll
2011-06-27 19:16:31 . 2011-06-29 12:37:32 -------- d-----w- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
2011-06-26 16:40:32 . 2008-04-13 22:26:50 12800 -c--a-w- C:\WINDOWS\system32\dllcache\usb8023x.sys
2011-06-26 16:40:32 . 2008-04-13 22:26:50 12800 ----a-w- C:\WINDOWS\system32\drivers\usb8023x.sys
2011-06-26 16:40:31 . 2008-04-13 22:26:50 30592 -c--a-w- C:\WINDOWS\system32\dllcache\rndismpx.sys
2011-06-26 16:40:31 . 2008-04-13 22:26:50 30592 ----a-w- C:\WINDOWS\system32\drivers\rndismpx.sys
2011-06-26 16:37:13 . 2011-06-26 16:37:22 -------- d-----w- C:\Program Files\Microsoft ActiveSync
2011-06-24 14:02:24 . 2011-06-24 14:02:25 -------- d-----w- C:\Program Files\Common Files\Steam
2011-06-24 14:02:14 . 2011-06-29 06:40:25 -------- d-----w- C:\Program Files\Steam
2011-06-24 07:38:46 . 2011-06-24 07:38:46 -------- d-----w- C:\Documents and Settings\Owner\Application Data\fltk.org
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-06-03 08:36:20 . 2011-06-03 08:36:20 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-06-03 06:05:40 . 2011-06-03 06:05:40 0 ----a-w- C:\WINDOWS\system32\ConduitEngine.tmp
2011-06-02 14:02:05 . 2010-03-19 15:51:14 1858944 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-05-26 09:35:28 . 2011-05-26 09:35:28 65536 ----a-r- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
2011-05-26 09:35:28 . 2011-05-26 09:35:28 61440 ----a-r- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
2011-05-26 09:35:28 . 2011-05-26 09:35:28 61440 ----a-r- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
2011-05-26 09:35:28 . 2011-05-26 09:35:27 40960 ----a-r- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut1_3293C06B003F40278380FFD79E38167D.exe
2011-05-14 21:03:46 . 2011-05-14 21:04:39 737280 ----a-w- C:\WINDOWS\iun6002.exe
2011-05-13 20:10:07 . 2011-05-13 20:10:06 25280 ----a-w- C:\WINDOWS\system32\drivers\hamachi.sys
2011-05-11 06:09:27 . 2011-05-11 06:09:27 107888 ----a-w- C:\WINDOWS\system32\CmdLineExt.dll
2011-05-10 11:13:59 . 2011-05-10 11:13:58 691696 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys
2011-05-02 15:31:52 . 2010-03-19 17:01:22 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-04-29 17:25:27 . 2010-03-19 15:51:11 151552 ----a-w- C:\WINDOWS\system32\schannel.dll
2011-04-29 16:19:43 . 2010-03-19 15:51:07 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-04-26 11:07:50 . 2010-03-19 15:51:14 293376 ----a-w- C:\WINDOWS\system32\winsrv.dll
2011-04-26 11:07:50 . 2010-03-19 15:51:03 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll
2011-04-25 16:11:12 . 2010-03-19 15:51:14 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-04-25 16:11:11 . 2010-03-19 15:51:07 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-04-25 16:11:11 . 2010-03-19 15:51:06 1469440 ----a-w- C:\WINDOWS\system32\inetcpl.cpl
2011-04-25 12:01:22 . 2010-03-19 15:51:05 385024 ----a-w- C:\WINDOWS\system32\html.iec
((((((((((((((((((((((((((((( SnapShot@2011-07-22_09.50.08 )))))))))))))))))))))))))))))))))))))))))
+ 2007-11-07 00:19:20 . 2007-11-07 00:19:20 54272 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2006-12-01 22:46:44 . 2006-12-01 22:46:44 65536 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2011-07-22 11:13:47 . 2011-07-22 11:13:47 82432 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2010-03-19 15:51:11 . 2011-07-22 11:11:22 73016 C:\WINDOWS\system32\perfc009.dat
- 2010-03-19 15:51:11 . 2011-06-26 16:41:57 73016 C:\WINDOWS\system32\perfc009.dat
+ 2009-09-29 06:11:20 . 2009-09-29 06:11:20 12928 C:\WINDOWS\system32\drivers\lgvmodem.sys
+ 2009-09-29 06:11:22 . 2009-09-29 06:11:22 12160 C:\WINDOWS\system32\drivers\lgbtport.sys
+ 2009-09-29 06:11:20 . 2009-09-29 06:11:20 10496 C:\WINDOWS\system32\drivers\lgbtbus.sys
+ 2010-12-07 12:23:00 . 2010-12-07 12:23:00 25088 C:\WINDOWS\system32\drivers\lgandmodem.sys
- 2011-06-27 19:19:40 . 2010-12-07 12:23:00 25088 C:\WINDOWS\system32\drivers\lgandmodem.sys
+ 2010-12-07 12:23:00 . 2010-12-07 12:23:00 20096 C:\WINDOWS\system32\drivers\lgandgps.sys
- 2011-06-27 19:19:40 . 2010-12-07 12:23:00 20096 C:\WINDOWS\system32\drivers\lgandgps.sys
- 2011-06-27 19:19:40 . 2010-12-07 12:23:00 20736 C:\WINDOWS\system32\drivers\lganddiag.sys
+ 2010-12-07 12:23:00 . 2010-12-07 12:23:00 20736 C:\WINDOWS\system32\drivers\lganddiag.sys
+ 2010-12-07 12:22:58 . 2010-12-07 12:22:58 14336 C:\WINDOWS\system32\drivers\lgandbus.sys
- 2011-06-27 19:19:40 . 2010-12-07 12:22:58 14336 C:\WINDOWS\system32\drivers\lgandbus.sys
+ 2010-12-21 11:47:38 . 2010-12-21 11:47:38 94872 C:\WINDOWS\system32\drivers\epfwtdir.sys
+ 2011-07-22 10:00:22 . 2011-07-22 10:00:22 49152 C:\WINDOWS\Installer\9f2c3.msi
+ 2011-07-22 09:59:55 . 2011-07-22 09:59:55 28160 C:\WINDOWS\Installer\9f2b4.msi
+ 2011-07-22 11:05:58 . 2011-07-22 11:13:11 53248 C:\WINDOWS\Installer\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}\ARPPRODUCTICON.exe
+ 2011-07-22 12:38:47 . 2011-07-22 12:38:47 53248 C:\WINDOWS\Installer\{74EAA5ED-7DDF-4647-8F90-C746BEB246F8}\ARPPRODUCTICON.exe
+ 2011-07-22 11:13:48 . 2011-07-22 11:13:48 32768 C:\WINDOWS\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe
+ 2011-07-22 10:21:24 . 2011-07-22 10:21:24 10134 C:\WINDOWS\Installer\{204BB4EF-68AC-454B-857E-431336B4188A}\callmsi.exe
+ 2010-06-29 04:34:58 . 2010-06-29 04:34:58 5632 C:\WINDOWS\system32\StarOpen.sys
+ 2010-03-19 15:51:11 . 2011-07-22 11:11:22 445140 C:\WINDOWS\system32\perfh009.dat
- 2010-03-19 15:51:11 . 2011-06-26 16:41:57 445140 C:\WINDOWS\system32\perfh009.dat
+ 2011-04-18 11:18:50 . 2011-04-18 11:18:50 165648 C:\WINDOWS\system32\drivers\MpFilter.sys
+ 2010-12-21 13:04:06 . 2010-12-21 13:04:06 115008 C:\WINDOWS\system32\drivers\ehdrv.sys
+ 2010-12-21 13:04:06 . 2010-12-21 13:04:06 141264 C:\WINDOWS\system32\drivers\eamon.sys
+ 2011-07-22 10:21:23 . 2011-07-22 10:21:23 975872 C:\WINDOWS\Installer\cb2be.msi
+ 2011-07-22 10:00:09 . 2011-07-22 10:00:09 785920 C:\WINDOWS\Installer\9f2ba.msi
+ 2011-07-22 09:59:53 . 2011-07-22 09:59:53 483840 C:\WINDOWS\Installer\9f2ad.msi
+ 2011-07-22 09:59:51 . 2011-07-22 09:59:51 301056 C:\WINDOWS\Installer\9f2a7.msi
+ 2011-07-22 11:14:13 . 2011-07-22 11:14:13 228352 C:\WINDOWS\Installer\626e2.msi
+ 2011-07-22 11:14:03 . 2011-07-22 11:14:03 331264 C:\WINDOWS\Installer\626dc.msi
+ 2011-07-22 11:13:48 . 2011-07-22 11:13:48 390656 C:\WINDOWS\Installer\626d6.msi
+ 2011-07-22 11:13:11 . 2011-07-22 11:13:11 518656 C:\WINDOWS\Installer\626c9.msi
+ 2011-07-22 11:05:58 . 2011-07-22 11:05:58 518656 C:\WINDOWS\Installer\368d0b.msi
+ 2011-07-22 12:38:47 . 2011-07-22 12:38:47 584704 C:\WINDOWS\Installer\140ba3.msi
+ 2011-07-22 10:21:24 . 2011-07-22 10:21:24 101504 C:\WINDOWS\Installer\{204BB4EF-68AC-454B-857E-431336B4188A}\egui.exe
+ 2011-07-22 11:13:47 . 2011-07-22 11:13:47 1233920 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2010-08-23 08:48:48 . 2010-08-23 08:48:48 4941312 C:\WINDOWS\Installer\368d0c.msi
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "C:\Program Files\BitTorrentBar\prxtbBit0.dll" [2011-03-28 16:22:54 176936]
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22:54 176936 ----a-w- C:\Program Files\ConduitEngine\prxConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-03-28 16:22:54 176936 ----a-w- C:\Program Files\BitTorrentBar\prxtbBit0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "C:\Program Files\BitTorrentBar\prxtbBit0.dll" [2011-03-28 16:22:54 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 16:22:54 176936]
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "C:\Program Files\BitTorrentBar\prxtbBit0.dll" [2011-03-28 16:22:54 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 16:22:54 176936]
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:31:34 1289000]
"LG LinkAir"="C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe" [2011-07-22 12:38:48 2449768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 18:37:40 932288]
"LiveUpdate"="C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 18:18:52 751592]
"SynAsusAcpi"="C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 13:44:14 83240]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 12:00:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 12:00:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 12:00:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 12:00:00 455168]
"CapsHook"="C:\Program Files\EeePC\CapsHook\CapsHook.exe" [2010-05-28 14:41:36 445344]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-27 09:03:40 19523616]
"AsusTray"="C:\Program Files\EeePC\ACPI\AsTray.exe" [2009-06-26 11:13:00 118784]
"AsusEPCMonitor"="C:\Program Files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 14:54:20 98304]
"AsusACPIServer"="C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe" [2010-05-17 08:40:22 1246632]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 13:44:00 1594664]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 09:44:34 31072]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2009-09-28 14:00:04 141336]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2009-09-28 13:59:52 173592]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2009-09-28 19:59:58 141336]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 17:52:38 449584]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2011-06-15 13:16:48 997920]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 14:41:24 2219184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2010-3-19 385024]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16:20 357696 ----a-w- C:\Program Files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-06-29 08:46:19 124216 ----a-w- C:\Program Files\ICQ7.5\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44:42 3883856 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-28 19:59:58 141336 ----a-w- C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"D:\\Hry\\Pan\\game.dat"=
"D:\\Hry\\CS\\hl.exe"=
"D:\\Hry\\NHL09\\nhl2009.exe"=
"D:\\Hry\\TrackMania Original\\TrackManiaLauncher.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"D:\\Hry\\Cataclysm\\Launcher.exe"=
"D:\\Hry\\Cataclysm\\BackgroundDownloader.exe"=
"C:\\Program Files\\ICQ7.5\\ICQ.exe"=
"C:\\Program Files\\Steam\\steamapps\\eastonko\\team fortress 2\\hl2.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Documents and Settings\\Owner\\My Documents\\Downloads\\HALO CE\\halo.exe"=
"C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Documents and Settings\\Owner\\My Documents\\Downloads\\tdsskiller (1).exe"=
"C:\\Documents and Settings\\Owner\\My Documents\\Downloads\\tdsskiller (2).exe"=
"C:\\WINDOWS\\system32\\msiexec.exe"=
"C:\\Program Files\\LG Electronics\\LG PC Suite IV\\LinkAir\\LinkAir.exe"=
"C:\\Program Files\\LG Electronics\\LG PC Suite IV\\LGUX.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\avz4\\avz.exe"=
"C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\LG Electronics\\LG PC Suite IV\\Temp\\LiveUpdate\\LiveUpdate.exe"=
"C:\\Program Files\\LG Electronics\\LG PC Suite IV\\LiveUpdate.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 pe3ajcyb;TrackMania Original Environment Driver (pe3ajcyb);C:\WINDOWS\system32\drivers\pe3ajcyb.sys [6.2.2007 19:53:34 65424]
R0 pf2ajcyb;TrackMania Original File System Driver (pf2ajcyb);C:\WINDOWS\system32\drivers\pf2ajcyb.sys [6.2.2007 19:53:06 82832]
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [10.5.2011 13:13:58 691696]
R1 AsUpIO;AsUpIO;C:\WINDOWS\system32\drivers\AsUpIO.sys [19.3.2010 20:06:00 11520]
R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [21.12.2010 15:04:06 115008]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [21.12.2010 13:47:38 94872]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [21.7.2011 19:31:58 366640]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;C:\WINDOWS\system32\drivers\l1c51x86.sys [11.3.2010 15:55:57 44032]
R3 LgBttPort;LGE Bluetooth TransPort;C:\WINDOWS\system32\drivers\lgbtport.sys [29.9.2009 8:11:22 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\WINDOWS\system32\drivers\lgbtbus.sys [29.9.2009 8:11:20 10496]
R3 LGVMODEM;LGE Virtual Modem;C:\WINDOWS\system32\drivers\lgvmodem.sys [29.9.2009 8:11:20 12928]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [21.7.2011 19:31:54 22712]
R3 rtsuvc;Realtek USB2.0 PC Camera;C:\WINDOWS\system32\drivers\rtsuvc.sys [9.5.2011 8:29:22 73088]
S1 MpKsl04d1232d;MpKsl04d1232d;\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{361F2228-1D57-4F26-A5D6-6E485C38D6FF}\MpKsl04d1232d.sys --> c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{361F2228-1D57-4F26-A5D6-6E485C38D6FF}\MpKsl04d1232d.sys [?]
S1 MpKsl10b9fa8f;MpKsl10b9fa8f;\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl10b9fa8f.sys --> C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl10b9fa8f.sys [?]
S1 MpKsl2d617679;MpKsl2d617679;\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B41BCCD2-A86D-4C17-8F38-8D192714E81D}\MpKsl2d617679.sys --> C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B41BCCD2-A86D-4C17-8F38-8D192714E81D}\MpKsl2d617679.sys [?]
S1 MpKsl51714340;MpKsl51714340;\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F4B8C8A-E8A6-4E7D-8AD0-6063B17EC90D}\MpKsl51714340.sys --> C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F4B8C8A-E8A6-4E7D-8AD0-6063B17EC90D}\MpKsl51714340.sys [?]
S1 MpKsl80b04e45;MpKsl80b04e45;\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKsl80b04e45.sys --> C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKsl80b04e45.sys [?]
S1 MpKsl918de7df;MpKsl918de7df;\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl918de7df.sys --> C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl918de7df.sys [?]
S1 MpKsla1589737;MpKsla1589737;\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5704E468-B3EF-4133-86FB-58249B395770}\MpKsla1589737.sys --> C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5704E468-B3EF-4133-86FB-58249B395770}\MpKsla1589737.sys [?]
S1 MpKslac6f084d;MpKslac6f084d;\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKslac6f084d.sys --> C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKslac6f084d.sys [?]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41:42 810144]
S2 pr2ajcyb;TrackMania Original Drivers Auto Removal (pr2ajcyb);C:\WINDOWS\system32\pr2ajcyb.exe svc --> C:\WINDOWS\system32\pr2ajcyb.exe svc [?]
S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [9.5.2011 8:28:01 1691480]
S3 Andbus;LGE Android Platform Composite USB Device;C:\WINDOWS\system32\drivers\lgandbus.sys [7.12.2010 14:22:58 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\WINDOWS\system32\drivers\lganddiag.sys [7.12.2010 14:23:00 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\WINDOWS\system32\drivers\lgandgps.sys [7.12.2010 14:23:00 20096]
S3 ANDModem;LGE Android Platform USB Modem;C:\WINDOWS\system32\drivers\lgandmodem.sys [7.12.2010 14:23:00 25088]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\WINDOWS\system32\DRIVERS\ewusbnet.sys --> C:\WINDOWS\system32\DRIVERS\ewusbnet.sys [?]
S3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid7906.sys [23.5.2011 13:05:16 53793]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [21.7.2011 19:31:58 41272]
S3 WinRM;Windows Remote Management (WS-Management);C:\WINDOWS\system32\svchost.exe -k WINRM [19.3.2010 17:51:13 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Contents of the 'Scheduled Tasks' folder
2011-07-22 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2720364081-1508842672-1582766270-1003Core.job
- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38:20 . 2011-05-10 10:38:15]
2011-07-22 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2720364081-1508842672-1582766270-1003UA.job
- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38:20 . 2011-05-10 10:38:15]
2011-07-21 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3087345157-2538592061-3371908944-1003Core.job
- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38:20 . 2011-05-10 10:38:15]
2011-07-22 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3087345157-2538592061-3371908944-1003UA.job
- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38:20 . 2011-05-10 10:38:15]
------- Supplementary Scan -------
uStart Page = hxxp://start.icq.com/
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: LG Air Sync (R-Click) - Save as Mobile Image - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
IE: LG Air Sync (R-Click) - Save as Mobile Memo - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208
IE: LG Air Sync (R-Click) - Save as Mobile Text file - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205
IE: LG Air Sync Option - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.20
ComboFix 11-07-22.01 - Owner 22.07.2011 15:30:21.2.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1014.565 [GMT 2:00]
Running from: C:\Documents and Settings\Owner\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\assembly\GAC_MSIL\desktop.ini
Infected copy of C:\WINDOWS\system32\wuauclt.exe was found and disinfected
Restored copy from - C:\WINDOWS\system32\dllcache\wuauclt.exe
((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 )))))))))))))))))))))))))))))))
2011-07-22 12:58:01 . 2011-07-22 12:58:01 13312 ----a-w- C:\WINDOWS\system32\drivers\vdi4ndex.sys
2011-07-22 11:14:38 . 2011-07-22 11:14:38 -------- d-----w- C:\Documents and Settings\Owner\Local Settings\Application Data\LG Electronics
2011-07-22 10:20:18 . 2011-07-22 10:20:18 -------- d-----w- C:\Program Files\ESET
2011-07-22 10:20:18 . 2011-07-22 10:20:18 -------- d-----w- C:\Documents and Settings\All Users\Application Data\ESET
2011-07-22 10:04:02 . 2011-07-12 18:39:02 6881616 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD88AEB3-E9A6-46B3-8F91-6649890E006A}\mpengine.dll
2011-07-22 09:59:44 . 2011-07-22 10:00:24 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-07-22 09:09:46 . 2011-07-22 09:09:49 -------- d-----w- C:\WINDOWS\TempB3C8FDF1-A370-AA90-3F6E-101E5F035BF8-Signatures
2011-07-21 17:32:06 . 2011-07-21 17:32:06 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2011-07-21 17:31:58 . 2011-07-06 17:52:42 41272 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-07-21 17:31:57 . 2011-07-21 17:31:57 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-07-21 17:31:54 . 2011-07-06 17:52:42 22712 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-21 17:31:53 . 2011-07-22 09:05:00 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-21 12:58:23 . 2011-07-21 12:58:25 -------- d-----w- C:\WINDOWS\ufa
2011-07-21 12:58:23 . 2011-07-21 12:58:24 -------- d-----w- C:\WINDOWS\rpcminer
2011-07-21 12:58:23 . 2011-07-21 12:58:24 -------- d-----w- C:\WINDOWS\phoenix
2011-07-21 12:57:02 . 2011-07-21 12:58:22 246272 ----a-w- C:\WINDOWS\unrar.exe
2011-07-21 12:53:17 . 2011-07-21 12:53:17 -------- d-----w- C:\WINDOWS\av_ico
2011-07-21 12:51:02 . 2011-07-22 06:56:31 -------- d-----w- C:\Documents and Settings\Administrator
2011-07-17 19:14:15 . 1997-01-18 08:40:30 299520 ----a-w- C:\WINDOWS\uninst.exe
2011-07-12 19:27:33 . 2011-07-12 19:27:33 -------- d-----w- C:\Program Files\DreamWorks Interactive
2011-07-07 11:41:23 . 2003-05-23 11:28:54 348160 ----a-w- C:\WINDOWS\system32\msvcr71.dll
2011-07-07 11:41:23 . 2003-05-23 11:28:52 499712 ----a-w- C:\WINDOWS\system32\msvcp71.dll
2011-07-07 11:38:15 . 2003-05-23 11:28:52 1060864 ----a-w- C:\WINDOWS\system32\mfc71.dll
2011-07-07 11:37:10 . 2002-12-05 12:10:32 155648 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-07-07 11:37:10 . 2002-12-02 11:33:04 57344 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-07-07 11:37:10 . 2002-12-02 11:33:04 237568 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-07-07 11:37:09 . 2003-02-27 14:12:48 696320 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-07-07 11:37:09 . 2002-12-02 13:22:44 5632 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-07-07 11:37:08 . 2011-07-07 11:37:08 282756 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-07-07 11:37:08 . 2011-07-07 11:37:08 163972 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-07-06 10:15:12 . 2011-07-06 10:15:12 -------- d--h--r- C:\Documents and Settings\Owner\Application Data\SecuROM
2011-07-05 14:50:02 . 2011-07-05 14:50:02 -------- d-----w- C:\Documents and Settings\Owner\Application Data\MyPhoneExplorer
2011-07-05 14:46:24 . 2011-07-05 14:50:02 -------- d-----w- C:\Program Files\MyPhoneExplorer
2011-07-02 19:35:12 . 2011-07-02 19:35:12 -------- d-----w- C:\Documents and Settings\Owner\Local Settings\Application Data\DOSBox
2011-07-02 19:31:39 . 2011-07-05 19:38:00 -------- d-----w- C:\Program Files\DOSBox-0.74
2011-06-27 19:19:37 . 2011-07-22 12:37:32 -------- d-----w- C:\Program Files\LG Electronics
2011-06-27 19:17:46 . 2011-06-27 19:17:46 -------- d-----w- C:\LGP500
2011-06-27 19:16:56 . 2011-05-10 11:37:38 224768 ----a-w- C:\WINDOWS\system32\msvcm90.dll
2011-06-27 19:16:55 . 2011-05-10 11:37:38 655872 ----a-w- C:\WINDOWS\system32\msvcr90.dll
2011-06-27 19:16:55 . 2011-05-10 11:37:38 568832 ----a-w- C:\WINDOWS\system32\msvcp90.dll
2011-06-27 19:16:48 . 2006-05-04 06:33:42 53248 ----a-w- C:\WINDOWS\system32\CommonDL.dll
2011-06-27 19:16:48 . 2005-10-03 23:39:58 44544 ----a-w- C:\WINDOWS\system32\msxml4a.dll
2011-06-27 19:16:31 . 2011-06-29 12:37:32 -------- d-----w- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
2011-06-26 16:40:32 . 2008-04-13 22:26:50 12800 -c--a-w- C:\WINDOWS\system32\dllcache\usb8023x.sys
2011-06-26 16:40:32 . 2008-04-13 22:26:50 12800 ----a-w- C:\WINDOWS\system32\drivers\usb8023x.sys
2011-06-26 16:40:31 . 2008-04-13 22:26:50 30592 -c--a-w- C:\WINDOWS\system32\dllcache\rndismpx.sys
2011-06-26 16:40:31 . 2008-04-13 22:26:50 30592 ----a-w- C:\WINDOWS\system32\drivers\rndismpx.sys
2011-06-26 16:37:13 . 2011-06-26 16:37:22 -------- d-----w- C:\Program Files\Microsoft ActiveSync
2011-06-24 14:02:24 . 2011-06-24 14:02:25 -------- d-----w- C:\Program Files\Common Files\Steam
2011-06-24 14:02:14 . 2011-06-29 06:40:25 -------- d-----w- C:\Program Files\Steam
2011-06-24 07:38:46 . 2011-06-24 07:38:46 -------- d-----w- C:\Documents and Settings\Owner\Application Data\fltk.org
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-06-03 08:36:20 . 2011-06-03 08:36:20 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-06-03 06:05:40 . 2011-06-03 06:05:40 0 ----a-w- C:\WINDOWS\system32\ConduitEngine.tmp
2011-06-02 14:02:05 . 2010-03-19 15:51:14 1858944 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-05-26 09:35:28 . 2011-05-26 09:35:28 65536 ----a-r- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
2011-05-26 09:35:28 . 2011-05-26 09:35:28 61440 ----a-r- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
2011-05-26 09:35:28 . 2011-05-26 09:35:28 61440 ----a-r- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
2011-05-26 09:35:28 . 2011-05-26 09:35:27 40960 ----a-r- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut1_3293C06B003F40278380FFD79E38167D.exe
2011-05-14 21:03:46 . 2011-05-14 21:04:39 737280 ----a-w- C:\WINDOWS\iun6002.exe
2011-05-13 20:10:07 . 2011-05-13 20:10:06 25280 ----a-w- C:\WINDOWS\system32\drivers\hamachi.sys
2011-05-11 06:09:27 . 2011-05-11 06:09:27 107888 ----a-w- C:\WINDOWS\system32\CmdLineExt.dll
2011-05-10 11:13:59 . 2011-05-10 11:13:58 691696 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys
2011-05-02 15:31:52 . 2010-03-19 17:01:22 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-04-29 17:25:27 . 2010-03-19 15:51:11 151552 ----a-w- C:\WINDOWS\system32\schannel.dll
2011-04-29 16:19:43 . 2010-03-19 15:51:07 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-04-26 11:07:50 . 2010-03-19 15:51:14 293376 ----a-w- C:\WINDOWS\system32\winsrv.dll
2011-04-26 11:07:50 . 2010-03-19 15:51:03 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll
2011-04-25 16:11:12 . 2010-03-19 15:51:14 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-04-25 16:11:11 . 2010-03-19 15:51:07 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-04-25 16:11:11 . 2010-03-19 15:51:06 1469440 ----a-w- C:\WINDOWS\system32\inetcpl.cpl
2011-04-25 12:01:22 . 2010-03-19 15:51:05 385024 ----a-w- C:\WINDOWS\system32\html.iec
((((((((((((((((((((((((((((( SnapShot@2011-07-22_09.50.08 )))))))))))))))))))))))))))))))))))))))))
+ 2007-11-07 00:19:20 . 2007-11-07 00:19:20 54272 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2006-12-01 22:46:44 . 2006-12-01 22:46:44 65536 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2011-07-22 11:13:47 . 2011-07-22 11:13:47 82432 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2010-03-19 15:51:11 . 2011-07-22 11:11:22 73016 C:\WINDOWS\system32\perfc009.dat
- 2010-03-19 15:51:11 . 2011-06-26 16:41:57 73016 C:\WINDOWS\system32\perfc009.dat
+ 2009-09-29 06:11:20 . 2009-09-29 06:11:20 12928 C:\WINDOWS\system32\drivers\lgvmodem.sys
+ 2009-09-29 06:11:22 . 2009-09-29 06:11:22 12160 C:\WINDOWS\system32\drivers\lgbtport.sys
+ 2009-09-29 06:11:20 . 2009-09-29 06:11:20 10496 C:\WINDOWS\system32\drivers\lgbtbus.sys
+ 2010-12-07 12:23:00 . 2010-12-07 12:23:00 25088 C:\WINDOWS\system32\drivers\lgandmodem.sys
- 2011-06-27 19:19:40 . 2010-12-07 12:23:00 25088 C:\WINDOWS\system32\drivers\lgandmodem.sys
+ 2010-12-07 12:23:00 . 2010-12-07 12:23:00 20096 C:\WINDOWS\system32\drivers\lgandgps.sys
- 2011-06-27 19:19:40 . 2010-12-07 12:23:00 20096 C:\WINDOWS\system32\drivers\lgandgps.sys
- 2011-06-27 19:19:40 . 2010-12-07 12:23:00 20736 C:\WINDOWS\system32\drivers\lganddiag.sys
+ 2010-12-07 12:23:00 . 2010-12-07 12:23:00 20736 C:\WINDOWS\system32\drivers\lganddiag.sys
+ 2010-12-07 12:22:58 . 2010-12-07 12:22:58 14336 C:\WINDOWS\system32\drivers\lgandbus.sys
- 2011-06-27 19:19:40 . 2010-12-07 12:22:58 14336 C:\WINDOWS\system32\drivers\lgandbus.sys
+ 2010-12-21 11:47:38 . 2010-12-21 11:47:38 94872 C:\WINDOWS\system32\drivers\epfwtdir.sys
+ 2011-07-22 10:00:22 . 2011-07-22 10:00:22 49152 C:\WINDOWS\Installer\9f2c3.msi
+ 2011-07-22 09:59:55 . 2011-07-22 09:59:55 28160 C:\WINDOWS\Installer\9f2b4.msi
+ 2011-07-22 11:05:58 . 2011-07-22 11:13:11 53248 C:\WINDOWS\Installer\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}\ARPPRODUCTICON.exe
+ 2011-07-22 12:38:47 . 2011-07-22 12:38:47 53248 C:\WINDOWS\Installer\{74EAA5ED-7DDF-4647-8F90-C746BEB246F8}\ARPPRODUCTICON.exe
+ 2011-07-22 11:13:48 . 2011-07-22 11:13:48 32768 C:\WINDOWS\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe
+ 2011-07-22 10:21:24 . 2011-07-22 10:21:24 10134 C:\WINDOWS\Installer\{204BB4EF-68AC-454B-857E-431336B4188A}\callmsi.exe
+ 2010-06-29 04:34:58 . 2010-06-29 04:34:58 5632 C:\WINDOWS\system32\StarOpen.sys
+ 2010-03-19 15:51:11 . 2011-07-22 11:11:22 445140 C:\WINDOWS\system32\perfh009.dat
- 2010-03-19 15:51:11 . 2011-06-26 16:41:57 445140 C:\WINDOWS\system32\perfh009.dat
+ 2011-04-18 11:18:50 . 2011-04-18 11:18:50 165648 C:\WINDOWS\system32\drivers\MpFilter.sys
+ 2010-12-21 13:04:06 . 2010-12-21 13:04:06 115008 C:\WINDOWS\system32\drivers\ehdrv.sys
+ 2010-12-21 13:04:06 . 2010-12-21 13:04:06 141264 C:\WINDOWS\system32\drivers\eamon.sys
+ 2011-07-22 10:21:23 . 2011-07-22 10:21:23 975872 C:\WINDOWS\Installer\cb2be.msi
+ 2011-07-22 10:00:09 . 2011-07-22 10:00:09 785920 C:\WINDOWS\Installer\9f2ba.msi
+ 2011-07-22 09:59:53 . 2011-07-22 09:59:53 483840 C:\WINDOWS\Installer\9f2ad.msi
+ 2011-07-22 09:59:51 . 2011-07-22 09:59:51 301056 C:\WINDOWS\Installer\9f2a7.msi
+ 2011-07-22 11:14:13 . 2011-07-22 11:14:13 228352 C:\WINDOWS\Installer\626e2.msi
+ 2011-07-22 11:14:03 . 2011-07-22 11:14:03 331264 C:\WINDOWS\Installer\626dc.msi
+ 2011-07-22 11:13:48 . 2011-07-22 11:13:48 390656 C:\WINDOWS\Installer\626d6.msi
+ 2011-07-22 11:13:11 . 2011-07-22 11:13:11 518656 C:\WINDOWS\Installer\626c9.msi
+ 2011-07-22 11:05:58 . 2011-07-22 11:05:58 518656 C:\WINDOWS\Installer\368d0b.msi
+ 2011-07-22 12:38:47 . 2011-07-22 12:38:47 584704 C:\WINDOWS\Installer\140ba3.msi
+ 2011-07-22 10:21:24 . 2011-07-22 10:21:24 101504 C:\WINDOWS\Installer\{204BB4EF-68AC-454B-857E-431336B4188A}\egui.exe
+ 2011-07-22 11:13:47 . 2011-07-22 11:13:47 1233920 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2010-08-23 08:48:48 . 2010-08-23 08:48:48 4941312 C:\WINDOWS\Installer\368d0c.msi
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "C:\Program Files\BitTorrentBar\prxtbBit0.dll" [2011-03-28 16:22:54 176936]
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22:54 176936 ----a-w- C:\Program Files\ConduitEngine\prxConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-03-28 16:22:54 176936 ----a-w- C:\Program Files\BitTorrentBar\prxtbBit0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "C:\Program Files\BitTorrentBar\prxtbBit0.dll" [2011-03-28 16:22:54 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 16:22:54 176936]
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "C:\Program Files\BitTorrentBar\prxtbBit0.dll" [2011-03-28 16:22:54 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 16:22:54 176936]
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:31:34 1289000]
"LG LinkAir"="C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe" [2011-07-22 12:38:48 2449768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 18:37:40 932288]
"LiveUpdate"="C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 18:18:52 751592]
"SynAsusAcpi"="C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 13:44:14 83240]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 12:00:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 12:00:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 12:00:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 12:00:00 455168]
"CapsHook"="C:\Program Files\EeePC\CapsHook\CapsHook.exe" [2010-05-28 14:41:36 445344]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-27 09:03:40 19523616]
"AsusTray"="C:\Program Files\EeePC\ACPI\AsTray.exe" [2009-06-26 11:13:00 118784]
"AsusEPCMonitor"="C:\Program Files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 14:54:20 98304]
"AsusACPIServer"="C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe" [2010-05-17 08:40:22 1246632]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 13:44:00 1594664]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 09:44:34 31072]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2009-09-28 14:00:04 141336]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2009-09-28 13:59:52 173592]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2009-09-28 19:59:58 141336]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 17:52:38 449584]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2011-06-15 13:16:48 997920]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 14:41:24 2219184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2010-3-19 385024]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16:20 357696 ----a-w- C:\Program Files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-06-29 08:46:19 124216 ----a-w- C:\Program Files\ICQ7.5\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44:42 3883856 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-28 19:59:58 141336 ----a-w- C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"D:\\Hry\\Pan\\game.dat"=
"D:\\Hry\\CS\\hl.exe"=
"D:\\Hry\\NHL09\\nhl2009.exe"=
"D:\\Hry\\TrackMania Original\\TrackManiaLauncher.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"D:\\Hry\\Cataclysm\\Launcher.exe"=
"D:\\Hry\\Cataclysm\\BackgroundDownloader.exe"=
"C:\\Program Files\\ICQ7.5\\ICQ.exe"=
"C:\\Program Files\\Steam\\steamapps\\eastonko\\team fortress 2\\hl2.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Documents and Settings\\Owner\\My Documents\\Downloads\\HALO CE\\halo.exe"=
"C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Documents and Settings\\Owner\\My Documents\\Downloads\\tdsskiller (1).exe"=
"C:\\Documents and Settings\\Owner\\My Documents\\Downloads\\tdsskiller (2).exe"=
"C:\\WINDOWS\\system32\\msiexec.exe"=
"C:\\Program Files\\LG Electronics\\LG PC Suite IV\\LinkAir\\LinkAir.exe"=
"C:\\Program Files\\LG Electronics\\LG PC Suite IV\\LGUX.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\avz4\\avz.exe"=
"C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\LG Electronics\\LG PC Suite IV\\Temp\\LiveUpdate\\LiveUpdate.exe"=
"C:\\Program Files\\LG Electronics\\LG PC Suite IV\\LiveUpdate.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 pe3ajcyb;TrackMania Original Environment Driver (pe3ajcyb);C:\WINDOWS\system32\drivers\pe3ajcyb.sys [6.2.2007 19:53:34 65424]
R0 pf2ajcyb;TrackMania Original File System Driver (pf2ajcyb);C:\WINDOWS\system32\drivers\pf2ajcyb.sys [6.2.2007 19:53:06 82832]
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [10.5.2011 13:13:58 691696]
R1 AsUpIO;AsUpIO;C:\WINDOWS\system32\drivers\AsUpIO.sys [19.3.2010 20:06:00 11520]
R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [21.12.2010 15:04:06 115008]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [21.12.2010 13:47:38 94872]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [21.7.2011 19:31:58 366640]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;C:\WINDOWS\system32\drivers\l1c51x86.sys [11.3.2010 15:55:57 44032]
R3 LgBttPort;LGE Bluetooth TransPort;C:\WINDOWS\system32\drivers\lgbtport.sys [29.9.2009 8:11:22 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\WINDOWS\system32\drivers\lgbtbus.sys [29.9.2009 8:11:20 10496]
R3 LGVMODEM;LGE Virtual Modem;C:\WINDOWS\system32\drivers\lgvmodem.sys [29.9.2009 8:11:20 12928]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [21.7.2011 19:31:54 22712]
R3 rtsuvc;Realtek USB2.0 PC Camera;C:\WINDOWS\system32\drivers\rtsuvc.sys [9.5.2011 8:29:22 73088]
S1 MpKsl04d1232d;MpKsl04d1232d;\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{361F2228-1D57-4F26-A5D6-6E485C38D6FF}\MpKsl04d1232d.sys --> c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{361F2228-1D57-4F26-A5D6-6E485C38D6FF}\MpKsl04d1232d.sys [?]
S1 MpKsl10b9fa8f;MpKsl10b9fa8f;\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl10b9fa8f.sys --> C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl10b9fa8f.sys [?]
S1 MpKsl2d617679;MpKsl2d617679;\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B41BCCD2-A86D-4C17-8F38-8D192714E81D}\MpKsl2d617679.sys --> C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B41BCCD2-A86D-4C17-8F38-8D192714E81D}\MpKsl2d617679.sys [?]
S1 MpKsl51714340;MpKsl51714340;\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F4B8C8A-E8A6-4E7D-8AD0-6063B17EC90D}\MpKsl51714340.sys --> C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F4B8C8A-E8A6-4E7D-8AD0-6063B17EC90D}\MpKsl51714340.sys [?]
S1 MpKsl80b04e45;MpKsl80b04e45;\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKsl80b04e45.sys --> C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKsl80b04e45.sys [?]
S1 MpKsl918de7df;MpKsl918de7df;\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl918de7df.sys --> C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl918de7df.sys [?]
S1 MpKsla1589737;MpKsla1589737;\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5704E468-B3EF-4133-86FB-58249B395770}\MpKsla1589737.sys --> C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5704E468-B3EF-4133-86FB-58249B395770}\MpKsla1589737.sys [?]
S1 MpKslac6f084d;MpKslac6f084d;\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKslac6f084d.sys --> C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKslac6f084d.sys [?]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41:42 810144]
S2 pr2ajcyb;TrackMania Original Drivers Auto Removal (pr2ajcyb);C:\WINDOWS\system32\pr2ajcyb.exe svc --> C:\WINDOWS\system32\pr2ajcyb.exe svc [?]
S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [9.5.2011 8:28:01 1691480]
S3 Andbus;LGE Android Platform Composite USB Device;C:\WINDOWS\system32\drivers\lgandbus.sys [7.12.2010 14:22:58 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\WINDOWS\system32\drivers\lganddiag.sys [7.12.2010 14:23:00 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\WINDOWS\system32\drivers\lgandgps.sys [7.12.2010 14:23:00 20096]
S3 ANDModem;LGE Android Platform USB Modem;C:\WINDOWS\system32\drivers\lgandmodem.sys [7.12.2010 14:23:00 25088]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\WINDOWS\system32\DRIVERS\ewusbnet.sys --> C:\WINDOWS\system32\DRIVERS\ewusbnet.sys [?]
S3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid7906.sys [23.5.2011 13:05:16 53793]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [21.7.2011 19:31:58 41272]
S3 WinRM;Windows Remote Management (WS-Management);C:\WINDOWS\system32\svchost.exe -k WINRM [19.3.2010 17:51:13 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Contents of the 'Scheduled Tasks' folder
2011-07-22 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2720364081-1508842672-1582766270-1003Core.job
- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38:20 . 2011-05-10 10:38:15]
2011-07-22 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2720364081-1508842672-1582766270-1003UA.job
- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38:20 . 2011-05-10 10:38:15]
2011-07-21 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3087345157-2538592061-3371908944-1003Core.job
- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38:20 . 2011-05-10 10:38:15]
2011-07-22 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3087345157-2538592061-3371908944-1003UA.job
- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38:20 . 2011-05-10 10:38:15]
------- Supplementary Scan -------
uStart Page = hxxp://start.icq.com/
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: LG Air Sync (R-Click) - Save as Mobile Image - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
IE: LG Air Sync (R-Click) - Save as Mobile Memo - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208
IE: LG Air Sync (R-Click) - Save as Mobile Text file - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205
IE: LG Air Sync Option - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.20
Re: FB virus
ja uz rozmyslam ze kaslem na to myslim ze na eeepc je recovery ktor&m vratim vsetko tak ako ked som ho kupil nie???....len budem potrebovat jednu zlozku z notasu mam si ju poslat na mail alebo mozem sem pichnut usb?
Re: FB virus
len pokracuj, uz je finis
recovery ti vsetko zmaze, a v MBR ti zostane smejd,
dobre je prec
Odinstaluj program
c:\Program Files\Microsoft Security Client
Mas tam NOD>preto sa nam sa sral AVZ,
zapni zobrazovanie skrytych suborov a zloziek a zmaz
C:\WINDOWS\ufa
C:\WINDOWS\rpcminer
C:\WINDOWS\phoenix
C:\WINDOWS\av_ico
C:\WINDOWS\unrar.exe
Vypnes obnovu systemu>.restrt a zapni spat.>.vytvor rucne novy bod obnovy.
a das este sem log z GMER.
presne podla navodu
http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
recovery ti vsetko zmaze, a v MBR ti zostane smejd,
dobre je prec
Odinstaluj program
c:\Program Files\Microsoft Security Client
Mas tam NOD>preto sa nam sa sral AVZ,
zapni zobrazovanie skrytych suborov a zloziek a zmaz
C:\WINDOWS\ufa
C:\WINDOWS\rpcminer
C:\WINDOWS\phoenix
C:\WINDOWS\av_ico
C:\WINDOWS\unrar.exe
Vypnes obnovu systemu>.restrt a zapni spat.>.vytvor rucne novy bod obnovy.
a das este sem log z GMER.
presne podla navodu
http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: FB virus
ten NOD mam odinstalovat alebo moze zopstat?...potom nenasiel sa ufa a unrar.exe ostatne su zmazane....ako mam vypat obnovu?? vytvorit bod mozem aj bez restartu myslimze v system tool
Re: FB virus
1:Kliknite na tlačidlo Štart, kliknite pravým tlačidlom na položku Tento počítač a potom kliknite na položku Vlastnosti.2:V dialógovom okne Vlastnosti systému kliknite na kartu Obnovenie systému.
3:Začiarknite políčko Vypnúť službu Obnovovanie systému.
4:Alebo začiarknite políčko Vypnúť službu Obnovovanie systému na všetkých jednotkách.
5:Kliknite na tlačidlo OK.
6:restart a opacnym sposobom zapnut
1:Stlac Kláves s logom Windows + R2:Napíšeme:control folders
3:klikneme na zobrazenie.
4:Zaškrtneme,Zobrazovať skryté súbory a priečinky.
5:Klikneme na tlačidlo OK.
Najdi ufu a unrar a zmaz.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: FB virus
tu je log z gmeru ten kratsi trusim
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-07-22 16:30:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916031 rev.0303
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awkiifod.sys
---- System - GMER 1.0.15 ----
SSDT sppk.sys ZwEnumerateKey [0xF7711DA4]
SSDT sppk.sys ZwEnumerateValueKey [0xF7712132]
---- Devices - GMER 1.0.15 ----
Device \Driver\iaStor \Device\Ide\iaStor0 [F75F2360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F75F2360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\ai5ckext \Device\Scsi\ai5ckext1Port1Path0Target0Lun0 862B2500
Device \Driver\ai5ckext \Device\Scsi\ai5ckext1 862B2500
Device \FileSystem\Ntfs \Ntfs 86FD61F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:480] F7900D20
Thread System [4:484] F7900D20
Thread System [4:488] 85571505
Thread System [4:492] 85571505
---- EOF - GMER 1.0.15 ----
PS mal som tzaskrknute zobrazit skryte subory:D
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-07-22 16:30:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916031 rev.0303
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awkiifod.sys
---- System - GMER 1.0.15 ----
SSDT sppk.sys ZwEnumerateKey [0xF7711DA4]
SSDT sppk.sys ZwEnumerateValueKey [0xF7712132]
---- Devices - GMER 1.0.15 ----
Device \Driver\iaStor \Device\Ide\iaStor0 [F75F2360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F75F2360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\ai5ckext \Device\Scsi\ai5ckext1Port1Path0Target0Lun0 862B2500
Device \Driver\ai5ckext \Device\Scsi\ai5ckext1 862B2500
Device \FileSystem\Ntfs \Ntfs 86FD61F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:480] F7900D20
Thread System [4:484] F7900D20
Thread System [4:488] 85571505
Thread System [4:492] 85571505
---- EOF - GMER 1.0.15 ----
PS mal som tzaskrknute zobrazit skryte subory:D
Přispějete na provoz fóra?