Win 7 Home Security 2012

[gap]

Tak ještě jednou dobrý den. Natáhl jsem výše uvedenou havěť a prosím o radu. Přikládám log z RSITu
Předem děkuji za odpověď

PS. Pravidla fóra jsem si přečetl, ale asi jsem si špatně vyložil "2) Nezákládejte zbytečně nová temáta pro řešení jednoho problému!"

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jirka at 2011-07-10 21:57:43
Microsoft Windows 7 Ultimate
System drive C: has 7 GB (13%) free of 58 GB
Total RAM: 4095 MB (72% free)


======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
"taskhost.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Tunngle\TnglCtrl.exe"
"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe"
"C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe"
"C:\Users\Jirka\AppData\Local\lmr.exe" -a "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe" View=show_in_tray
"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe"
"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Opera\opera.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512
"C:\Users\Jirka\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\trend micro\Jirka.exe" /silentautolog

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll [2010-04-27 2393184]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-03-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll [2010-04-27 2393184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 1436224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"AdobeBridge"= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2009-07-14 9728]
"1148259343"=C:\Users\Jirka\AppData\Local\tgn.exe [2011-07-10 339968]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
"NBKeyScan"=C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
WDSmartWare.lnk - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"HideSCAHealth"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll

======File associations======

.exe - open - "C:\Users\Jirka\AppData\Local\lmr.exe" -a "%1" %*
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-10 21:57:43 ----D---- C:\rsit
2011-07-10 21:57:43 ----D---- C:\Program Files\trend micro
2011-07-10 21:16:47 ----A---- C:\Windows\ntbtlog.txt
2011-07-07 19:20:57 ----D---- C:\Program Files (x86)\Gadwin Systems
2011-07-03 10:41:13 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-07-03 10:41:13 ----A---- C:\Windows\system32\mshtmled.dll
2011-07-03 10:41:12 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-07-03 10:41:12 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-07-03 10:41:12 ----A---- C:\Windows\system32\iertutil.dll
2011-07-03 10:41:11 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-07-03 10:41:11 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-07-03 10:41:11 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-07-03 10:41:11 ----A---- C:\Windows\system32\urlmon.dll
2011-07-03 10:41:11 ----A---- C:\Windows\system32\jscript9.dll
2011-07-03 10:41:11 ----A---- C:\Windows\system32\jscript.dll
2011-07-03 10:41:11 ----A---- C:\Windows\system32\ieui.dll
2011-07-03 10:41:10 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-07-03 10:41:08 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-07-03 10:41:08 ----A---- C:\Windows\system32\mshtml.dll
2011-07-03 10:41:08 ----A---- C:\Windows\system32\ieframe.dll
2011-07-03 10:28:01 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-07-03 10:28:00 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2011-07-03 10:28:00 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2011-07-03 10:28:00 ----A---- C:\Windows\SYSWOW64\devobj.dll
2011-07-03 10:28:00 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2011-07-03 10:28:00 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-07-03 10:27:59 ----A---- C:\Windows\system32\win32k.sys
2011-07-03 10:27:56 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2011-07-03 10:27:56 ----A---- C:\Windows\system32\mssrch.dll
2011-07-03 10:27:55 ----A---- C:\Windows\SYSWOW64\tquery.dll
2011-07-03 10:27:55 ----A---- C:\Windows\system32\tquery.dll
2011-07-03 10:27:54 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2011-07-03 10:27:54 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-07-03 10:27:54 ----A---- C:\Windows\system32\mssph.dll
2011-07-03 10:27:53 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2011-07-03 10:27:53 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2011-07-03 10:27:53 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2011-07-03 10:27:53 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2011-07-03 10:27:53 ----A---- C:\Windows\SYSWOW64\mssph.dll
2011-07-03 10:27:53 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-07-03 10:27:53 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-07-03 10:27:53 ----A---- C:\Windows\system32\mssvp.dll
2011-07-03 10:27:53 ----A---- C:\Windows\system32\mssphtb.dll
2011-07-03 10:27:53 ----A---- C:\Windows\system32\msscntrs.dll
2011-07-03 10:27:52 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2011-07-03 10:27:43 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-07-03 10:27:43 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-07-03 10:27:43 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-07-03 10:27:41 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-07-03 10:27:40 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-07-03 10:27:39 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-07-03 10:27:39 ----A---- C:\Windows\system32\drivers\srv.sys
2011-07-03 10:27:33 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-07-03 10:27:33 ----A---- C:\Windows\system32\drivers\afd.sys
2011-07-03 10:27:00 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-07-03 10:27:00 ----A---- C:\Windows\system32\oleaut32.dll
2011-07-03 10:25:46 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2011-07-03 10:25:46 ----A---- C:\Windows\system32\inetcomm.dll

======List of files/folders modified in the last 1 month======

2011-07-10 21:57:43 ----RD---- C:\Program Files
2011-07-10 21:52:01 ----D---- C:\Windows\System32
2011-07-10 21:52:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-10 21:47:40 ----D---- C:\ProgramData\NVIDIA
2011-07-10 21:16:47 ----D---- C:\Windows
2011-07-10 21:15:20 ----D---- C:\Windows\inf
2011-07-10 21:15:12 ----D---- C:\Windows\system32\config
2011-07-10 19:47:20 ----HD---- C:\ProgramData
2011-07-10 19:47:20 ----D---- C:\Windows\Prefetch
2011-07-10 19:47:20 ----D---- C:\Program Files (x86)\Opera
2011-07-10 19:27:42 ----D---- C:\Windows\Temp
2011-07-10 19:26:44 ----SHD---- C:\System Volume Information
2011-07-08 17:09:48 ----SHD---- C:\Windows\Installer
2011-07-08 17:09:47 ----RSD---- C:\Windows\assembly
2011-07-07 19:20:57 ----RD---- C:\Program Files (x86)
2011-07-05 15:01:49 ----D---- C:\Users\Jirka\AppData\Roaming\Skype
2011-07-05 07:03:17 ----D---- C:\Windows\Microsoft.NET
2011-07-04 13:22:01 ----D---- C:\Users\Jirka\AppData\Roaming\vlc
2011-07-03 16:05:18 ----D---- C:\Windows\winsxs
2011-07-03 15:52:06 ----D---- C:\Users\Jirka\AppData\Roaming\Opera
2011-07-03 15:50:44 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-07-03 13:39:04 ----D---- C:\Windows\SysWOW64
2011-07-03 13:39:04 ----D---- C:\Windows\system32\drivers
2011-07-03 13:39:04 ----D---- C:\Program Files\Internet Explorer
2011-07-03 13:39:04 ----D---- C:\Program Files (x86)\Internet Explorer
2011-07-03 13:39:03 ----RSD---- C:\Windows\Fonts
2011-07-03 10:42:14 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-07-03 10:41:37 ----D---- C:\Windows\system32\catroot
2011-07-03 10:41:36 ----D---- C:\Windows\system32\catroot2
2011-06-23 20:51:25 ----D---- C:\Program Files (x86)\JDownloader
2011-06-23 20:38:03 ----D---- C:\Program Files (x86)\Split Second
2011-06-14 00:42:13 ----A---- C:\Windows\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2007-02-07 14104]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-17 834544]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 188928]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 ahtfzx2l;ahtfzx2l; C:\Windows\system32\drivers\ahtfzx2l.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-10-26 32768]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-03-16 159336]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-12-22 75136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232]
R2 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2010-07-06 716024]
R2 WDDMService;WD SmartWare Drive Manager Service; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-26 1255736]

-----------------EOF-----------------

[Roli]

Zdravím, pro začátek spusť skener Cure It podle TOHOTO návodu

po skončení skenu chci sem výsledky.

(Upozornění je úchylně pomalý a je zapotřebí ho sledovat občas se na něco ptá)

[gap]

po spuštění se objeví http://img204.imageshack.us/img204/5809/0001vmj.jpg

[Roli]

No tak použijeme větší kalibr tak že pozorně čti, protože tenhle softík netoleruje chyby.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.


P.S. kdyby nešel spustit v Normálním režimu restartuj do Nouzového, jinak dneska končím a budu tady zase zítra

tak měj trpělivost

[gap]

Tady to je. Pro dnešek taky odcházím, a za trpělivost děkuju já

ComboFix 11-07-10.03 - Jirka 10.07.2011 23:19:41.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4095.2873 [GMT 2:00]
Spuštěný z: c:\users\Jirka\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jirka\AppData\Local\lmr.exe
c:\users\Jirka\AppData\Local\tgn.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-10 do 2011-07-10 )))))))))))))))))))))))))))))))
.
.
2011-07-10 21:23 . 2011-07-10 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-10 20:58 . 2011-07-10 20:58 -------- d-----w- c:\users\Jirka\DoctorWeb
2011-07-10 19:57 . 2011-07-10 19:58 -------- d-----w- c:\program files\trend micro
2011-07-10 19:57 . 2011-07-10 19:57 -------- d-----w- C:\rsit
2011-07-10 17:26 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A750DC0-F216-49E4-8E3A-1BDF3FEB5670}\mpengine.dll
2011-07-07 17:20 . 2011-07-07 17:20 -------- d-----w- c:\program files (x86)\Gadwin Systems
2011-07-03 08:28 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-07-03 08:28 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-03 08:28 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-07-03 08:28 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-07-03 08:28 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-07-03 08:28 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-07-03 08:25 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-03 08:25 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 17:10 . 2010-03-28 09:11 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-22 11:38 . 2010-12-22 15:53 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-05-22 11:38 . 2010-05-25 18:41 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-05-22 11:38 . 2010-12-22 15:53 234576 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-05-13 04:50 . 2011-05-13 04:50 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08 2393184 ----a-w- c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-07-06 716024]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 600105060570D
*NewlyCreated* - DWPROT
*Deregistered* - 600105060570D
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Jirka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-NBKeyScan - c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
SafeBoot-MsMpSvc
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1 - k:\movies\Media Player Classic - Home Cinema\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-10 23:24:29
ComboFix-quarantined-files.txt 2011-07-10 21:24
.
Před spuštěním: 7 571 202 048
Po spuštění: 9 798 770 688
.
- - End Of File - - 3C6146D892DEA3C49BFE74C2A75F8276

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

RegLock:: 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[gap]

ComboFix 11-07-10.03 - Jirka 11.07.2011 11:45:31.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4095.2875 [GMT 2:00]
Spuštěný z: c:\users\Jirka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jirka\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-11 do 2011-07-11 )))))))))))))))))))))))))))))))
.
.
2011-07-11 09:49 . 2011-07-11 09:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-10 20:58 . 2011-07-10 20:58 -------- d-----w- c:\users\Jirka\DoctorWeb
2011-07-10 19:57 . 2011-07-10 19:58 -------- d-----w- c:\program files\trend micro
2011-07-10 19:57 . 2011-07-10 19:57 -------- d-----w- C:\rsit
2011-07-10 17:26 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A750DC0-F216-49E4-8E3A-1BDF3FEB5670}\mpengine.dll
2011-07-07 17:20 . 2011-07-07 17:20 -------- d-----w- c:\program files (x86)\Gadwin Systems
2011-07-03 08:28 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-07-03 08:28 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-03 08:28 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-07-03 08:28 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-07-03 08:28 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-07-03 08:28 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-07-03 08:25 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-03 08:25 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 17:10 . 2010-03-28 09:11 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-22 11:38 . 2010-12-22 15:53 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-05-22 11:38 . 2010-05-25 18:41 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-05-22 11:38 . 2010-12-22 15:53 234576 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-05-13 04:50 . 2011-05-13 04:50 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-10_21.23.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-26 15:49 . 2011-07-11 09:39 31204 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-07-10 19:49 36054 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-11 09:39 36054 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-26 15:32 . 2011-07-11 09:39 14164 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2209039886-3599482398-304228558-1000_UserData.bin
- 2010-03-26 15:32 . 2011-07-10 19:49 14164 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2209039886-3599482398-304228558-1000_UserData.bin
- 2011-07-10 19:47 . 2011-07-10 19:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-11 09:37 . 2011-07-11 09:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-10 19:47 . 2011-07-10 19:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-11 09:37 . 2011-07-11 09:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-07-11 09:42 626078 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2011-07-11 09:42 657538 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2011-07-11 09:42 114974 c:\windows\system32\perfc009.dat
+ 2009-07-14 15:18 . 2011-07-11 09:42 130728 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2011-07-10 23:35 424428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-07-10 19:15 424428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-07 15:22 . 2011-07-10 23:35 1846484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2209039886-3599482398-304228558-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08 2393184 ----a-w- c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-07-06 716024]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Jirka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2011-07-11 11:50:35
ComboFix-quarantined-files.txt 2011-07-11 09:50
ComboFix2.txt 2011-07-10 21:24
.
Před spuštěním: 9 659 998 208
Po spuštění: 9 475 735 552
.
- - End Of File - - 97955E575F962761A8FC841C91F82B4A

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jaký je stav PC.

[gap]

zatím se zdá být vše v normálu, kdyby se něco objevilo tak se ozvu
Prozatím děkuji za pomoc.

[Roli]

Není zač.