Prosím o kontrolu logu

[UnReSt16]

Zdravim, po jednej navšteve facebooku mám problémy so systémom. Konkrétne je to samovoľné reštartovanie systemu pri kontrole systemu programami Norton internet security, AD-Aware, Spybot SD - kontrola sa teda nikdy nedokonči. Samovolne sa mi vytvoril nový použivatelsky učet ktorý cez správcu použivatelskych kont neviem vymazať. Použivam Win 7 Ultimate 32-bit s najnovšimi aktualizaciami, antivirus Norton a prehliadač Google chrome.
Neviem či to pomôže ale prosim teda o kontrolu logu:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:38, on 17. 7. 2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ivan Hospodar\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:58545
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [conhost] C:\Users\Ivan Hospodar\AppData\Roaming\Microsoft\conhost.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\_PROGR~1\MSOFFI~1\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\_PROGR~1\MSOFFI~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\national instruments\shared\mdns responder\nimdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - D:\[PROGRAMY]\National Instruments\MAX\nimxs.exe
O23 - Service: NI Application Web Server (NIApplicationWebServer) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: National Instruments mDNS Responder Service (nimDNSResponder) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NI System Web Server (niSvcLoc) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\Windows\system32\OpcEnum.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: wxpdrivers - Unknown owner - D:\[DOWNLOAD]\Flash-Player.exe

--
End of file - 8150 bytes

[vyosek]

Zdravim a pekny podvecer preji

AD-Aware i Spybot SD odinstalujte - maji uz davno nejlepsi leta za sebou - po dokonceni leceni tam dame kvalitnejsi nahradu

Dejte prosim log z RSIT - viz muj podpis - je podrobnejsi nez HJT

[UnReSt16]

A tak OK , tu je:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ivan Hospodar at 2011-07-17 17:31:59
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 11 GB (22%) free of 51 GB
Total RAM: 3071 MB (63% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1921638780-1966547492-3453602798-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1921638780-1966547492-3453602798-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll [2010-09-04 396144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL [2010-05-14 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll [2010-09-04 396144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"HControlUser"=C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMedia.exe [2009-08-19 170624]
"ATKOSD2"=C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-08-17 1549608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boincmgr]
C:\Program Files\BOINC\boincmgr.exe [2010-09-23 4543232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray]
C:\Program Files\BOINC\boinctray.exe [2010-09-23 58112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe [2010-12-08 63360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Ivan [2011-01-08 1778]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.5\ICQ.exe [2011-06-29 124216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI Background Service]
C:\Program Files\National Instruments\Shared\Update Service\niupdate.exe [2010-05-27 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\[PROGRAMY]\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
C:\Program Files\VMware\VMware Player\hqtray.exe [2011-03-25 64112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=DivX.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.VMnc"=vmnc.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-17 17:28:10 ----D---- C:\Program Files\trend micro
2011-07-17 17:28:08 ----D---- C:\rsit
2011-07-15 22:32:25 ----A---- C:\Windows\winlog-ids.txt
2011-07-15 22:32:25 ----A---- C:\Windows\winlog-dirs.txt
2011-07-15 22:32:20 ----A---- C:\Windows\services32.exe
2011-07-14 10:39:32 ----D---- C:\Program Files\MSXML 4.0
2011-07-14 10:39:01 ----A---- C:\Windows\system32\win32k.sys
2011-07-14 10:38:53 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2011-07-14 10:38:53 ----A---- C:\Windows\system32\drivers\bthport.sys
2011-07-14 10:38:52 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2011-07-14 10:38:52 ----A---- C:\Windows\system32\drivers\usbport.sys
2011-07-14 10:38:52 ----A---- C:\Windows\system32\drivers\usbhub.sys
2011-07-14 10:38:52 ----A---- C:\Windows\system32\drivers\usbehci.sys
2011-07-14 10:38:52 ----A---- C:\Windows\system32\drivers\usbd.sys
2011-07-14 10:38:52 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-14 10:38:50 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-14 10:38:50 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-14 10:38:48 ----A---- C:\Windows\system32\winsrv.dll
2011-07-14 10:38:48 ----A---- C:\Windows\system32\kernel32.dll
2011-07-14 10:38:48 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 23:34:44 ----D---- C:\Program Files\CCleaner
2011-07-12 01:03:23 ----D---- C:\Users\Ivan Hospodar\AppData\Roaming\Mozilla
2011-07-10 19:31:11 ----A---- C:\Windows\system32\lsdelete.exe
2011-07-10 00:06:44 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-07-10 00:06:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-07-10 00:04:33 ----A---- C:\Windows\system32\drivers\SBREDrv.sys
2011-07-09 23:57:34 ----D---- C:\ProgramData\Lavasoft
2011-07-09 23:57:34 ----D---- C:\Program Files\Lavasoft
2011-07-05 14:05:54 ----D---- C:\Users\Ivan Hospodar\AppData\Roaming\PSpad
2011-07-02 17:22:32 ----D---- C:\Program Files\Ubisoft
2011-07-01 16:52:59 ----D---- C:\Users\Ivan Hospodar\AppData\Roaming\Ubisoft
2011-06-29 22:07:00 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-29 22:06:48 ----A---- C:\Windows\system32\tquery.dll
2011-06-29 22:06:48 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-29 22:06:48 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-29 22:06:48 ----A---- C:\Windows\system32\mssrch.dll
2011-06-29 22:06:48 ----A---- C:\Windows\system32\mssph.dll
2011-06-29 22:06:47 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-29 22:06:47 ----A---- C:\Windows\system32\mssvp.dll
2011-06-29 22:06:47 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-29 22:06:47 ----A---- C:\Windows\system32\msscntrs.dll
2011-06-19 14:37:28 ----D---- C:\Program Files\Common Files\DVDVideoSoft

======List of files/folders modified in the last 1 month======

2011-07-17 17:32:00 ----D---- C:\Windows\Temp
2011-07-17 17:30:42 ----SHD---- C:\System Volume Information
2011-07-17 17:30:15 ----D---- C:\ProgramData\VMware
2011-07-17 17:30:05 ----D---- C:\Windows
2011-07-17 17:30:04 ----D---- C:\Windows\Tasks
2011-07-17 17:28:52 ----D---- C:\Windows\system32\config
2011-07-17 17:28:10 ----D---- C:\Program Files
2011-07-17 13:30:52 ----D---- C:\Windows\System32
2011-07-17 13:30:33 ----D---- C:\Windows\system32\Tasks
2011-07-17 13:16:16 ----D---- C:\Windows\inf
2011-07-17 13:16:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-16 04:37:32 ----SD---- C:\Users\Ivan Hospodar\AppData\Roaming\Microsoft
2011-07-15 23:12:17 ----D---- C:\Windows\system32\drivers\etc
2011-07-15 22:51:57 ----D---- C:\Users\Ivan Hospodar\AppData\Roaming\Winamp
2011-07-15 22:51:57 ----D---- C:\Users\Ivan Hospodar\AppData\Roaming\Skype
2011-07-15 22:42:31 ----D---- C:\Windows\system32\catroot2
2011-07-15 22:19:56 ----D---- C:\Windows\Prefetch
2011-07-15 02:54:56 ----D---- C:\Users\Ivan Hospodar\AppData\Roaming\ICQ
2011-07-14 18:37:50 ----D---- C:\Users\Ivan Hospodar\AppData\Roaming\uTorrent
2011-07-14 14:06:16 ----D---- C:\Windows\winsxs
2011-07-14 14:04:07 ----D---- C:\Windows\system32\drivers
2011-07-14 14:00:32 ----D---- C:\Windows\system32\DriverStore
2011-07-14 13:57:55 ----D---- C:\Users\Ivan Hospodar\AppData\Roaming\DAEMON Tools Lite
2011-07-14 13:57:54 ----D---- C:\Windows\Logs
2011-07-14 13:57:54 ----D---- C:\Windows\debug
2011-07-14 13:03:25 ----SHD---- C:\Windows\Installer
2011-07-14 13:03:24 ----HD---- C:\Config.Msi
2011-07-14 13:03:18 ----RD---- C:\Program Files\Skype
2011-07-14 13:03:18 ----D---- C:\ProgramData\Skype
2011-07-14 13:03:13 ----D---- C:\Program Files\Common Files
2011-07-14 13:01:55 ----D---- C:\Users\Ivan Hospodar\AppData\Roaming\skypePM
2011-07-14 10:39:58 ----A---- C:\Windows\system32\MRT.exe
2011-07-14 10:38:57 ----D---- C:\Windows\system32\catroot
2011-07-14 00:08:10 ----D---- C:\Users\Ivan Hospodar\AppData\Roaming\Media Player Classic
2011-07-10 00:06:44 ----HD---- C:\ProgramData
2011-07-09 14:58:45 ----D---- C:\ProgramData\BOINC
2011-07-04 09:14:37 ----D---- C:\Windows\system32\NDF
2011-07-02 17:28:32 ----RSD---- C:\Windows\assembly
2011-07-02 17:22:31 ----HD---- C:\Program Files\InstallShield Installation Information
2011-06-30 07:24:06 ----D---- C:\Users\Ivan Hospodar\AppData\Roaming\vlc
2011-06-30 07:19:46 ----D---- C:\Program Files\ICQ7.5
2011-06-30 01:54:16 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-12-17 691696]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS [2009-08-30 328752]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS [2010-04-22 173104]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [2011-05-19 810616]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2011-05-17 374392]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110715.032\IDSvix86.sys [2011-06-30 367736]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS [2010-04-22 43696]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS [2010-04-29 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS [2010-05-06 339504]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-07-01 281760]
R2 cvintdrv;cvintdrv; C:\Windows\system32\drivers\cvintdrv.sys [2009-05-29 4096]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2011-03-25 32368]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-07-01 25888]
R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2011-03-25 70768]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2011-03-25 36400]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2011-03-25 26352]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2011-03-25 854256]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [2010-08-19 22448]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-14 1035776]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-17 105592]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2009-05-13 14392]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110716.003\NAVENG.SYS [2011-05-18 86008]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110716.003\NAVEX15.SYS [2011-05-18 1542392]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit; C:\Windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-01-21 328808]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS [2010-04-22 325680]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2011-05-17 124976]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-08-17 223920]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2011-03-25 24688]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2011-03-25 16560]
S0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys [2004-08-09 114016]
S0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys [2004-07-19 7040]
S0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys [2003-12-01 4832]
S1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2004-08-09 53920]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 FlashUSB;FlashUSB; C:\Windows\system32\DRIVERS\FlashUSB.sys [2010-05-12 16896]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-29 15232]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2011-03-25 31280]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
R2 LkCitadelServer;Lookout Citadel Server; C:\Windows\system32\lkcitdl.exe [2010-03-05 695136]
R2 lkClassAds;National Instruments PSP Server Locator; C:\Windows\system32\lkads.exe [2010-06-16 45168]
R2 lkTimeSync;National Instruments Time Synchronization; C:\Windows\system32\lktsrv.exe [2010-06-16 55416]
R2 mxssvr;NI Configuration Manager; D:\[PROGRAMY]\National Instruments\MAX\nimxs.exe [2010-06-18 12696]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 NIApplicationWebServer;NI Application Web Server; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2010-06-22 47776]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2010-06-16 360568]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
R2 niSvcLoc;NI System Web Server; C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe [2010-06-22 47768]
R2 NITaggerService;National Instruments Variable Engine; C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2010-06-17 752304]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2010-10-16 600680]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2011-03-25 113264]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2011-03-25 334448]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2011-03-25 404080]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-16 136176]
S2 nimDNSResponder;National Instruments mDNS Responder Service; C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2010-06-23 193712]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-16 136176]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 OpcEnum;OpcEnum; C:\Windows\system32\OpcEnum.exe [2009-06-03 98304]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [2010-08-19 191024]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-17 1343400]
S4 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2010-05-17 1007616]

-----------------EOF-----------------

[vyosek]

Odinstalujte ten Spybot a Ad-Aware jak jsem psal

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Ted nerestartujte PC - prisli byste o ucinek RKillu

Aplikujte exeHelper by Raktor

• Linky ke stazeni
  • COM soubor http://vyosek.ic.cz/BE/exeHelper.com
  • SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
• Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

RKill i eXeHelper by mely udelat logy, vlozte mi je sem - pokud ne, nevadi

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[UnReSt16]

Log z Rkill:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on . 07. 2011 at 18:23:25.
Operating System: Windows 7 Ultimate


Processes terminated by Rkill or while it was running:

D:\[PROGRAMY]\National Instruments\MAX\nimxs.exe
D:\[DOWNLOAD]\Flash-Player.exe


--- ATTENTION ---

Windows was configured to use a proxy! Proxy settings have been removed.

The Proxy Server that was configured is: http=127.0.0.1:58545

If this was a valid setting, please double-click on the rk-proxy.reg file on your desktop and allow the data to be merged to restore your proxy settings.


Rkill completed on . 07. 2011 at 18:23:31.

Log z exehelper:

exeHelper by Raktor
Build 20100414
Run at 18:25:54 on 07/17/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Log z ComboFix:

ComboFix 11-07-17.02 - Ivan Hospodar . 07. 2011 18:37:21.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.3071.2017 [GMT 2:00]
Running from: c:\users\Ivan Hospodar\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ivan Hospodar\AppData\Roaming\chrtmp
c:\users\Ivan Hospodar\AppData\Roaming\Local
c:\users\Ivan Hospodar\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\Ivan Hospodar\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Ivan Hospodar\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Ivan Hospodar\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\windows\proc_list1.log
c:\windows\services32.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Files Created from 2011-06-17 to 2011-07-17 )))))))))))))))))))))))))))))))
.
.
2011-07-17 16:43 . 2011-07-17 16:45 -------- d-----w- c:\users\Ivan Hospodar\AppData\Local\temp
2011-07-17 16:43 . 2011-07-17 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-17 16:35 . 2011-07-17 16:35 -------- d-----w- C:\32788R22FWJFW
2011-07-17 15:28 . 2011-07-17 15:28 -------- d-----w- c:\program files\trend micro
2011-07-17 15:28 . 2011-07-17 15:28 -------- d-----w- C:\rsit
2011-07-14 08:49 . 2011-07-14 08:49 -------- d-----w- c:\users\Ivan Hospodar\AppData\Local\Focus Home Interactive
2011-07-14 08:39 . 2011-07-14 08:39 -------- d-----w- c:\program files\MSXML 4.0
2011-07-14 08:39 . 2011-06-11 02:29 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 21:34 . 2011-07-13 21:34 -------- d-----w- c:\program files\CCleaner
2011-07-09 22:06 . 2011-07-17 15:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-09 22:06 . 2011-07-17 15:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-09 22:04 . 2011-07-09 22:04 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-09 21:57 . 2011-07-09 21:57 -------- d-----w- c:\programdata\Lavasoft
2011-07-09 21:57 . 2011-07-09 21:57 -------- d-----w- c:\program files\Lavasoft
2011-07-05 12:05 . 2011-07-12 10:52 -------- d-----w- c:\users\Ivan Hospodar\AppData\Roaming\PSpad
2011-07-02 15:22 . 2011-07-02 15:22 -------- d-----w- c:\program files\Ubisoft
2011-07-01 14:52 . 2011-07-01 14:52 -------- d-----w- c:\users\Ivan Hospodar\AppData\Roaming\Ubisoft
2011-06-29 20:07 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 20:06 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 20:06 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 20:06 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 20:06 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 20:06 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 20:06 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 20:06 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 20:06 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 20:06 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-19 12:37 . 2011-06-19 12:37 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 14:38 . 2010-12-30 16:17 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-07-01 14:38 . 2010-12-30 16:17 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-05-21 22:47 . 2011-05-21 22:47 1409 ----a-w- c:\windows\_C8B1B34.FOT
2011-05-21 22:47 . 2011-05-21 22:47 1409 ----a-w- c:\windows\_337BF34.FOT
2011-05-21 22:47 . 2011-05-21 22:47 1409 ----a-w- c:\windows\_31E77B3.FOT
2011-05-17 08:41 . 2011-05-17 08:41 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-03 04:30 . 2011-06-15 08:58 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:46 . 2011-06-15 08:58 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46 . 2011-06-15 08:58 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46 . 2011-06-15 08:58 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:17 . 2011-06-15 08:56 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:17 . 2011-06-15 08:56 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-27 02:17 . 2011-06-15 08:56 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 04:31 . 2011-06-15 08:58 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:18 . 2011-06-15 08:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 23:35 . 2011-06-15 09:00 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-22 23:25 . 2011-06-15 09:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-22 19:14 . 2011-06-15 08:57 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-09-16 13:35 . 2010-09-16 13:35 158720 ----a-w- c:\program files\internet explorer\plugins\LV2010ActiveXControl.dll
2008-12-10 13:50 . 2008-12-10 13:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
2010-05-25 10:43 . 2010-05-25 10:43 158720 ----a-w- c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-08-19 170624]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-17 1549608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boincmgr]
2010-09-23 17:59 4543232 ----a-w- c:\program files\BOINC\boincmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray]
2010-09-23 17:59 58112 ----a-w- c:\program files\BOINC\boinctray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-16 21:13 136176 ----atw- c:\users\Ivan Hospodar\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-06-29 08:46 124216 ----a-w- c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI Background Service]
2010-05-27 21:20 77824 ----a-w- c:\program files\National Instruments\Shared\Update Service\niupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- d:\[programy]\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2011-03-25 21:26 64112 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 136176]
R2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2010-06-23 193712]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [2010-05-12 16896]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-17 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-16 691696]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [2011-05-19 810616]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110715.032\IDSvix86.sys [2011-06-30 367736]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS [2010-05-06 339504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2010-06-22 47776]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2011-03-25 70768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-17 105592]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-21 328808]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-17 21:13]
.
2011-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-17 21:13]
.
2011-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1921638780-1966547492-3453602798-1000Core.job
- c:\users\Ivan Hospodar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-16 21:13]
.
2011-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1921638780-1966547492-3453602798-1000UA.job
- c:\users\Ivan Hospodar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-16 21:13]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - d:\_progr~1\MSOFFI~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 10.10.10.1
TCP: Interfaces\{C7440D0D-4BFA-4C91-A755-ED04AF7C18A9}\14C69656E6: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-HijackThis - c:\users\Ivan Hospodar\Desktop\HijackThis.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
"ImagePath"="\"D:\
[PROGRAMY]\National Instruments\MAX\nimxs.exe\""
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mxssvr]
"ImagePath"="\"D:\
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1921638780-1966547492-3453602798-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DEB9478F-8BE9-5105-F7CA-9E8FDD123650}*]
"pannlabpnpcnfjjjeejajifhdedakoca"=hex:6a,61,63,70,66,62,6b,68,65,67,61,62,69,
68,6e,6a,6f,6c,6c,70,00,00
"oahnjbbmocmeggmpfobpnehgfehmcb"=hex:6a,61,63,70,66,62,6b,68,65,67,61,62,69,68,
6e,6a,6f,6c,6c,70,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
d:\[programy]\National Instruments\MAX\nimxs.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\program files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
c:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\windows\system32\vmnat.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\taskhost.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Synaptics\SynTP\SynAsus.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2011-07-17 18:49:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-17 16:49
.
Pre-Run: 11 888 877 568 bytes free
Post-Run: 11 336 089 600 bytes free
.
- - End Of File - - 48FD05F5FC68492414FD7EE2333263C4

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  D:\[DOWNLOAD]\Flash-Player.exe
  C:\Windows\services32.exe
  
  File::
  C:\Windows\tasks\Ad-Aware Update (Weekly).job
  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1921638780-1966547492-3453602798-1000Core.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1921638780-1966547492-3453602798-1000UA.job
  
  Folder::
  c:\program files\Spybot - Search & Destroy
  c:\programdata\Spybot - Search & Destroy
  c:\programdata\Lavasoft
  c:\program files\Lavasoft
  
  Registry::
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI Background Service]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
  
  Driver::
  gupdate
  gupdatem
  Lavasoft Kernexplorer
  VGPU
  mxssvr
  
  Rootkit::
  c:\windows\system32\drivers\rdvgkmd.sys
  
  RegLockDel::
  [HKEY_USERS\S-1-5-21-1921638780-1966547492-3453602798-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DEB9478F-8BE9-5105-F7CA-9E8FDD123650}*]
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[UnReSt16]

ComboFix 11-07-17.02 - Ivan Hospodar . 07. 2011 19:17:50.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.3071.2084 [GMT 2:00]
Running from: c:\users\Ivan Hospodar\Desktop\ComboFix.exe
Command switches used :: c:\users\Ivan Hospodar\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\tasks\Ad-Aware Update (Weekly).job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1921638780-1966547492-3453602798-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1921638780-1966547492-3453602798-1000UA.job"
.
file zipped: d:\[download]\Flash-Player.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Lavasoft
c:\program files\Lavasoft\Ad-Aware\threatwork.exe
c:\program files\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy\advcheck.dll
c:\program files\Spybot - Search & Destroy\Help\Slovensky.Resident.chm
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\programdata\Lavasoft
c:\programdata\Lavasoft\License\adaware.da2
c:\programdata\Lavasoft\License\guid.dat
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110717-1724.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.110717-1727.txt
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1921638780-1966547492-3453602798-1000Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1921638780-1966547492-3453602798-1000UA.job
d:\[download]\Flash-Player.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LAVASOFT_KERNEXPLORER
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_Lavasoft Kernexplorer
-------\Service_mxssvr
-------\Service_VGPU
.
.
((((((((((((((((((((((((( Files Created from 2011-06-17 to 2011-07-17 )))))))))))))))))))))))))))))))
.
.
2011-07-17 15:28 . 2011-07-17 15:28 -------- d-----w- c:\program files\trend micro
2011-07-17 15:28 . 2011-07-17 15:28 -------- d-----w- C:\rsit
2011-07-14 08:49 . 2011-07-14 08:49 -------- d-----w- c:\users\Ivan Hospodar\AppData\Local\Focus Home Interactive
2011-07-14 08:39 . 2011-07-14 08:39 -------- d-----w- c:\program files\MSXML 4.0
2011-07-14 08:39 . 2011-06-11 02:29 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 21:34 . 2011-07-13 21:34 -------- d-----w- c:\program files\CCleaner
2011-07-09 22:04 . 2011-07-09 22:04 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-05 12:05 . 2011-07-12 10:52 -------- d-----w- c:\users\Ivan Hospodar\AppData\Roaming\PSpad
2011-07-02 15:22 . 2011-07-02 15:22 -------- d-----w- c:\program files\Ubisoft
2011-07-01 14:52 . 2011-07-01 14:52 -------- d-----w- c:\users\Ivan Hospodar\AppData\Roaming\Ubisoft
2011-06-29 20:07 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 20:06 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 20:06 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 20:06 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 20:06 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 20:06 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 20:06 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 20:06 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 20:06 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 20:06 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-19 12:37 . 2011-06-19 12:37 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 14:38 . 2010-12-30 16:17 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-07-01 14:38 . 2010-12-30 16:17 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-05-21 22:47 . 2011-05-21 22:47 1409 ----a-w- c:\windows\_C8B1B34.FOT
2011-05-21 22:47 . 2011-05-21 22:47 1409 ----a-w- c:\windows\_337BF34.FOT
2011-05-21 22:47 . 2011-05-21 22:47 1409 ----a-w- c:\windows\_31E77B3.FOT
2011-05-17 08:41 . 2011-05-17 08:41 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-03 04:30 . 2011-06-15 08:58 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:46 . 2011-06-15 08:58 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46 . 2011-06-15 08:58 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46 . 2011-06-15 08:58 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:17 . 2011-06-15 08:56 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:17 . 2011-06-15 08:56 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-27 02:17 . 2011-06-15 08:56 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 04:31 . 2011-06-15 08:58 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:18 . 2011-06-15 08:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 23:35 . 2011-06-15 09:00 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-22 23:25 . 2011-06-15 09:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-22 19:14 . 2011-06-15 08:57 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-09-16 13:35 . 2010-09-16 13:35 158720 ----a-w- c:\program files\internet explorer\plugins\LV2010ActiveXControl.dll
2008-12-10 13:50 . 2008-12-10 13:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
2010-05-25 10:43 . 2010-05-25 10:43 158720 ----a-w- c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-08-19 170624]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-17 1549608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boincmgr]
2010-09-23 17:59 4543232 ----a-w- c:\program files\BOINC\boincmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray]
2010-09-23 17:59 58112 ----a-w- c:\program files\BOINC\boinctray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2011-03-25 21:26 64112 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe
.
R2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2010-06-23 193712]
R3 CFcatchme;CFcatchme;c:\users\IVANHO~1\AppData\Local\Temp\CFcatchme.sys [x]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [2010-05-12 16896]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-17 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-16 691696]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [2011-05-19 810616]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110715.032\IDSvix86.sys [2011-06-30 367736]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS [2010-05-06 339504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2010-06-22 47776]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2011-03-25 70768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-17 105592]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-21 328808]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - d:\_progr~1\MSOFFI~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 10.10.10.1
TCP: Interfaces\{C7440D0D-4BFA-4C91-A755-ED04AF7C18A9}\14C69656E6: DhcpNameServer = 192.168.0.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1921638780-1966547492-3453602798-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DEB9478F-8BE9-5105-F7CA-9E8FDD123650}*]
"pannlabpnpcnfjjjeejajifhdedakoca"=hex:6a,61,63,70,66,62,6b,68,65,67,61,62,69,
68,6e,6a,6f,6c,6c,70,00,00
"oahnjbbmocmeggmpfobpnehgfehmcb"=hex:6a,61,63,70,66,62,6b,68,65,67,61,62,69,68,
6e,6a,6f,6c,6c,70,00,00
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\program files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
c:\windows\system32\vmnat.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\Synaptics\SynTP\SynAsus.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2011-07-17 19:31:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-17 17:31
ComboFix2.txt 2011-07-17 16:50
.
Pre-Run: 11 680 915 456 bytes free
Post-Run: 11 477 168 128 bytes free
.
- - End Of File - - EEA13C456FCC6F1CF9D123734BA4ADC5
Upload was successful

[vyosek]

Odinstalujte Combofix

• Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
• Napiste ComboFix /Uninstall
• Stisknete Enter
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[UnReSt16]

Tak tu je log z MBAM:


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verzia databázy: 7190

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

18. 7. 2011 18:07:03
mbam-log-2011-07-18 (18-06-54).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 296803
Uplynutý čas: 1 hod, 2 min, 7 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 1

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
d:\[ŠKOLA]\signály a sústavy\Software\8 odozva lss na determinovaný signál\2007-1 odozva integrač_ článku na videoimpulz-labunova\spustaci subor\rc_clanok.exe (Rogue.Multiple) -> No action taken.

[vyosek]

Nalez nemazte, jedna se o falesny poplach

Jak se chova PC

[UnReSt16]

Problemy so samovolnim reštartovanim a nezmyselnym zobrazovanim okna "otvoriť v programe..." po spusteni systemu už zmizli... takže OK.
Stale však zostal vytvoreny použivatelsky učet, ktory sa vedla môjho zobrazuje pred lognutim do systemu - zle natom je to že v spravcovy použivatelskych kont v ovladacom panely o tomto učte nieje ani zmienka a teda ho nemôžem zmazať.

[vyosek]

Jak se ten ucet jmenuje

Neprehriva se Vam PC\nehuci moc ventilatory

[UnReSt16]

PC sa neprehrieva a nehuči viac ako doteraz. Učet sa vola "Iny použivateľ" a pri kliknuti nanho na uvitacej obrazovke vyžaduje zadať meno uživatela a heslo. Nema ani žiadny obrazok.

[vyosek]

Neni to ucet hosta\guesta Ve spravci uz. uctu mate jake ucty

[UnReSt16]

Nieje to ucet hosta - ten mam vypnuty, v spravcovy učtov mam len svoj učet.