odepřen přístup na disk C

[HANS55]

Dobrý den, mám win 7 32bit, a po pokusu instalovat drivery na tiskárnu mi byl odepřen přístup na disk C. Možná to způsobila instalace neleg. office. Problém je v tom, že nemůžu nic nainstalovat ani odinstalovat a nedostanu se ani k logu RSIT, protože je na C. A ve složce Stažené soubory se mi množí soubory typu 4A6.tmp, 6A7C.tmp atd.,které mají velikost 0 kB. Nevíte někdo co s tím ? Děkuji

[Logar]

Myslím, že ti tady rádci neporadí a můžeš si za to sám, když chceš office tak si je kup...

[HANS55]

Bohužel to není moje PC, jen se ho snažím dát do hromady, ve svém mám verzi OPEN, která je zadarmo. Píšu sem protože potřebuju poradit, ne odsoudit

[HANS55]

Vyzkoušeno v nouzovém režimu, nejde nic stahnout, ani RSIT, takže docela kolaps.

[HANS55]

Tak problém s přístupem na C tak nějak vyřešen,pozměnily se práva k přístupu, nevím, jak je to možný. Vyčištěno pomocí S SD, něco smazal MBAM.

LOG z hloubkové kontroly MBAM:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verze databáze: 8252

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

27.11.2011 17:25:45
mbam-log-2011-11-27 (17-25-45).txt

Typ: Úplná kontrola (C:\|D:\|E:\|)
Kontrolované objekty: 383789
Uplynulý čas: 1 hodin, 11 minut, 40 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TNod (Trojan.Agent.CK) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files\activision\modern warfare 2\Redist\setup - comw2-rar.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
c:\program files\tnod user & password finder\uninst-tnod.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\program files\Real\realplayer\library\rpxiv_activator.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.





Tady pro jistotu log RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by hp at 2011-11-27 17:36:54
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 129 GB (58%) free of 221 GB
Total RAM: 3006 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:36:55, on 27.11.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\hp\Desktop\RSIT.exe
C:\Program Files\trend micro\hp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 5829 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2090881067-789602479-1709589430-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2090881067-789602479-1709589430-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Program Files\AutocompletePro\AutocompletePro.dll [2010-02-11 97760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-09-29 414416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-11-05 138624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll [2009-11-16 506720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll [2009-11-16 506720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-07 336384]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-12-17 1996072]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-04-07 2145000]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-09-29 273528]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2009-11-18 54576]
""= []
"MSN Toolbar"=C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe [2009-11-16 240992]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-08-31 449608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-14 136176]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.IV41"=ir41_32.dll
"VIDC.IV32"=ir32_32.dll
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"msacm.lameacm"=lameACM.acm
"msacm.ac3acm"=ac3acm.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.avis"=ff_acm.acm


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-11-27 17:35:38 ----D---- C:\rsit
2011-11-27 17:35:38 ----D---- C:\Program Files\trend micro
2011-11-27 16:10:46 ----ASH---- C:\pagefile.sys
2011-11-27 16:05:07 ----D---- C:\Users\hp\AppData\Roaming\Malwarebytes
2011-11-27 16:05:00 ----D---- C:\ProgramData\Malwarebytes
2011-11-27 16:04:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-11-27 16:04:57 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-11-27 15:53:37 ----A---- C:\Windows\wininit.ini
2011-11-27 15:17:04 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-11-27 15:17:04 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-11-26 22:59:11 ----D---- C:\Users\hp\AppData\Roaming\uTorrent
2011-11-26 22:56:23 ----D---- C:\MSI83468.tmp
2011-11-26 21:47:57 ----D---- C:\MSI445fb.tmp
2011-11-26 21:47:43 ----D---- C:\MSI445cb.tmp
2011-11-26 21:47:30 ----D---- C:\MSI44517.tmp
2011-11-26 21:47:24 ----D---- C:\MSI444f8.tmp
2011-11-26 21:47:17 ----D---- C:\MSI4447a.tmp
2011-11-26 21:47:10 ----D---- C:\MSI4441d.tmp
2011-11-26 21:47:06 ----D---- C:\MSI4440f.tmp
2011-11-26 21:47:03 ----D---- C:\MSI443fe.tmp
2011-11-26 21:46:58 ----D---- C:\MSI443e1.tmp
2011-11-26 21:46:54 ----D---- C:\MSI443c7.tmp
2011-11-26 21:46:52 ----D---- C:\MSI443bf.tmp
2011-11-26 21:46:38 ----D---- C:\MSI442d9.tmp
2011-11-26 21:46:32 ----D---- C:\MSI44298.tmp
2011-11-26 21:46:26 ----D---- C:\MSI44255.tmp
2011-11-26 21:46:19 ----D---- C:\MSI44235.tmp
2011-11-26 21:46:07 ----D---- C:\MSI44191.tmp
2011-11-26 21:08:05 ----D---- C:\MSIa470e.tmp
2011-11-26 21:07:52 ----D---- C:\MSIa46ec.tmp
2011-11-26 21:07:29 ----D---- C:\MSIa468b.tmp
2011-11-26 21:07:17 ----D---- C:\MSIa4474.tmp
2011-11-26 21:07:14 ----D---- C:\MSIa446e.tmp
2011-11-26 21:07:12 ----D---- C:\MSIa4460.tmp
2011-11-26 21:07:09 ----D---- C:\MSIa4433.tmp
2011-11-26 21:07:07 ----D---- C:\MSIa442a.tmp
2011-11-26 21:06:56 ----D---- C:\MSIa43b9.tmp
2011-11-26 21:06:43 ----D---- C:\MSIa43af.tmp
2011-11-26 21:06:30 ----D---- C:\MSIa4095.tmp
2011-11-26 21:06:26 ----D---- C:\MSIa4089.tmp
2011-11-26 21:06:18 ----D---- C:\MSIa4015.tmp
2011-11-26 21:06:10 ----D---- C:\MSIa4007.tmp
2011-11-26 21:06:06 ----D---- C:\MSIa3fcf.tmp
2011-11-26 21:06:02 ----D---- C:\MSIa3fc7.tmp
2011-11-26 21:05:54 ----D---- C:\MSIa3f9e.tmp
2011-11-26 20:49:15 ----D---- C:\MSI3145b.tmp
2011-11-26 20:49:08 ----D---- C:\MSI31454.tmp
2011-11-26 20:49:01 ----D---- C:\MSI3144d.tmp
2011-11-26 20:48:44 ----D---- C:\MSI31446.tmp
2011-11-26 20:48:40 ----D---- C:\MSI3143f.tmp
2011-11-26 20:48:35 ----D---- C:\MSI31435.tmp
2011-11-26 20:48:27 ----D---- C:\MSI3142d.tmp
2011-11-26 20:48:23 ----D---- C:\MSI31426.tmp
2011-11-26 20:48:19 ----D---- C:\MSI3141f.tmp
2011-11-26 20:48:04 ----D---- C:\MSI31418.tmp
2011-11-26 20:47:50 ----D---- C:\MSI31411.tmp
2011-11-26 20:47:36 ----D---- C:\MSI3140a.tmp
2011-11-26 20:47:32 ----D---- C:\MSI31402.tmp
2011-11-26 20:47:29 ----D---- C:\MSI313fb.tmp
2011-11-26 20:47:24 ----D---- C:\MSI313f4.tmp
2011-11-26 20:46:51 ----D---- C:\MSI313e9.tmp
2011-11-26 20:46:43 ----D---- C:\MSI313de.tmp
2011-11-26 20:41:26 ----D---- C:\MSI5e1c9.tmp
2011-11-26 20:41:09 ----D---- C:\MSI5e1a7.tmp
2011-11-26 20:40:48 ----D---- C:\MSI5e146.tmp
2011-11-26 20:40:28 ----D---- C:\MSI5df2f.tmp
2011-11-26 20:40:27 ----D---- C:\MSI5df29.tmp
2011-11-26 20:40:24 ----D---- C:\MSI5df1b.tmp
2011-11-26 20:40:21 ----D---- C:\MSI5deee.tmp
2011-11-26 20:40:19 ----D---- C:\MSI5dee5.tmp
2011-11-26 20:40:06 ----D---- C:\MSI5de74.tmp
2011-11-26 20:39:54 ----D---- C:\MSI5de6a.tmp
2011-11-26 20:39:32 ----D---- C:\MSI5db50.tmp
2011-11-26 20:39:28 ----D---- C:\MSI5db44.tmp
2011-11-26 20:39:19 ----D---- C:\MSI5dad0.tmp
2011-11-26 20:39:12 ----D---- C:\MSI5dac2.tmp
2011-11-26 20:39:07 ----D---- C:\MSI5da8a.tmp
2011-11-26 20:39:04 ----D---- C:\MSI5da82.tmp
2011-11-26 20:38:57 ----D---- C:\MSI5da59.tmp
2011-11-26 20:19:22 ----D---- C:\Users\hp\AppData\Roaming\HP
2011-11-26 20:17:46 ----D---- C:\MSIb1f39.tmp
2011-11-26 20:17:41 ----D---- C:\Program Files\MSN Toolbar
2011-11-26 20:17:41 ----D---- C:\Program Files\Microsoft
2011-11-26 20:17:41 ----D---- C:\MSIb1f32.tmp
2011-11-26 20:17:38 ----D---- C:\MSIb1f2b.tmp
2011-11-26 20:17:35 ----D---- C:\MSIb1f24.tmp
2011-11-26 20:17:34 ----D---- C:\Program Files\Microsoft Silverlight
2011-11-26 20:17:33 ----D---- C:\MSIb1f1c.tmp
2011-11-26 20:17:29 ----D---- C:\MSIb1f15.tmp
2011-11-26 20:17:29 ----D---- C:\_386246_
2011-11-26 20:17:22 ----D---- C:\MSIb1f0e.tmp
2011-11-26 20:17:01 ----D---- C:\Program Files\MSN Toolbar Installer
2011-11-26 20:16:52 ----D---- C:\Users\hp\AppData\Roaming\HpUpdate
2011-11-26 20:10:14 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2011-11-26 20:09:07 ----D---- C:\ProgramData\HP
2011-11-26 14:49:57 ----A---- C:\Windows\system32\msonpmon.dll
2011-11-26 14:45:27 ----D---- C:\ProgramData\Microsoft Help
2011-11-26 14:38:16 ----D---- C:\Users\hp\AppData\Roaming\Win7codecs
2011-11-26 14:38:12 ----D---- C:\Program Files\Win7codecs
2011-11-26 14:37:16 ----D---- C:\ProgramData\Win7codecs
2011-11-23 15:03:45 ----D---- C:\ProgramData\redistpart
2011-11-23 15:01:39 ----D---- C:\ProgramData\createonepart
2011-11-23 15:01:27 ----D---- C:\ProgramData\explauncher
2011-11-23 15:01:26 ----D---- C:\ProgramData\launcher
2011-11-23 14:58:06 ----DC---- C:\Windows\system32\DRVSTORE
2011-11-23 14:58:06 ----A---- C:\Windows\system32\drivers\hotcore3.sys
2011-11-23 14:57:48 ----D---- C:\Program Files\Paragon Software
2011-11-20 17:24:51 ----D---- C:\Program Files\Valve
2011-11-20 11:11:04 ----D---- C:\Program Files\uTorrent
2011-11-15 13:08:38 ----D---- C:\Program Files\CCleaner
2011-11-14 21:06:38 ----D---- C:\Users\hp\AppData\Roaming\Skype
2011-11-14 17:34:44 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-11-14 17:34:38 ----A---- C:\Windows\system32\win32k.sys

======List of files/folders modified in the last 1 month======

2011-11-27 17:36:55 ----D---- C:\Windows\Temp
2011-11-27 17:35:38 ----RD---- C:\Program Files
2011-11-27 17:33:35 ----D---- C:\Windows\system32\drivers
2011-11-27 17:27:41 ----D---- C:\Windows\system32\Tasks
2011-11-27 17:26:49 ----D---- C:\Windows\Panther
2011-11-27 17:26:20 ----D---- C:\Windows\system32\config
2011-11-27 16:11:12 ----D---- C:\Windows\inf
2011-11-27 16:10:51 ----D---- C:\Windows
2011-11-27 16:10:41 ----D---- C:\Windows\IME
2011-11-27 16:05:00 ----HD---- C:\ProgramData
2011-11-27 14:50:38 ----D---- C:\Windows\Prefetch
2011-11-27 14:03:58 ----D---- C:\Windows\system32\wdi
2011-11-27 14:02:57 ----SD---- C:\ProgramData\Microsoft
2011-11-26 23:15:46 ----SHD---- C:\$Recycle.Bin
2011-11-26 23:15:34 ----RD---- C:\Users
2011-11-26 23:12:16 ----D---- C:\Windows\winsxs
2011-11-26 23:11:08 ----SHD---- C:\System Volume Information
2011-11-26 22:56:32 ----SHD---- C:\Windows\Installer
2011-11-26 22:56:32 ----SHD---- C:\Config.Msi
2011-11-26 22:56:30 ----D---- C:\Program Files\Common Files\microsoft shared
2011-11-26 22:52:13 ----SHD---- C:\Recovery
2011-11-26 22:21:23 ----SD---- C:\Users\hp\AppData\Roaming\Microsoft
2011-11-26 22:06:01 ----D---- C:\Windows\system32\catroot2
2011-11-26 21:52:00 ----RSD---- C:\Windows\assembly
2011-11-26 21:51:32 ----D---- C:\Program Files\Microsoft.NET
2011-11-26 21:51:31 ----D---- C:\Windows\System32
2011-11-26 21:51:29 ----D---- C:\Program Files\Common Files
2011-11-26 21:51:14 ----D---- C:\Windows\ShellNew
2011-11-26 21:50:43 ----D---- C:\Program Files\MSBuild
2011-11-26 21:50:26 ----RSD---- C:\Windows\Fonts
2011-11-26 21:47:41 ----D---- C:\Program Files\Common Files\System
2011-11-26 21:47:38 ----A---- C:\Windows\win.ini
2011-11-26 21:13:58 ----D---- C:\Windows\system32\catroot
2011-11-26 21:07:56 ----D---- C:\Program Files\HP
2011-11-26 21:07:48 ----D---- C:\Windows\system32\DriverStore
2011-11-26 21:06:59 ----D---- C:\Windows\twain_32
2011-11-26 20:51:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-11-26 14:42:17 ----D---- C:\Program Files\WinRAR
2011-11-26 14:21:42 ----D---- C:\Program Files\Common Files\InstallShield
2011-11-26 11:18:47 ----D---- C:\Windows\Tasks
2011-11-26 11:18:47 ----D---- C:\Windows\system32\wfp
2011-11-26 11:18:45 ----D---- C:\Windows\system32\wbem
2011-11-26 11:18:05 ----D---- C:\Windows\system32\NDF
2011-11-26 11:18:00 ----D---- C:\Windows\registration
2011-11-26 11:17:47 ----D---- C:\Users\hp\AppData\Roaming\Real
2011-11-26 11:17:46 ----D---- C:\ProgramData\Real
2011-11-20 17:24:51 ----HD---- C:\Program Files\InstallShield Installation Information
2011-11-16 14:00:25 ----D---- C:\Windows\Microsoft.NET
2011-11-15 13:35:10 ----D---- C:\Windows\Logs
2011-11-15 13:35:10 ----D---- C:\Windows\debug
2011-11-14 23:01:59 ----A---- C:\Windows\system32\MRT.exe
2011-10-31 21:37:16 ----AD---- C:\ProgramData\TEMP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 25656]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2008-05-24 73728]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-04-07 133512]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-04-07 134488]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-04-07 41312]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 35896]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-08 8312832]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-07-08 244736]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-04-07 32584]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 netr28;Ralink 802.11n – bezdrátový ovladač pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-12-17 1320752]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AVerAF35;HP USB DVB-T TV Tuner; C:\Windows\System32\Drivers\HPAF35.sys [2009-10-19 474752]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 HPIR;HP TV Tuner Infrared Receiver; C:\Windows\system32\DRIVERS\HPIR.sys [2009-11-16 87552]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-07-08 176128]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-04-07 810120]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 26168]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-11-05 242048]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-04-07 33560]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-08-17 1343400]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny vecer preji

Vzhledem k tomu, ze pouzivate nelegalni SW se nedivim, ze jste navstevnikem naseho fora
Dle pravidel fora (viz zde a a zde bod c.3 ) se vsak nelegalnim SW nezabyvame, jelikoz nelegalni programy jsou vetsinou zdrojem haveti. Navic tim porusujete i autorska prava , pachate trestny cin a ten jako takovy nebude nasim forem podporovan. Uvedomte si, ze jste na bezpecnostnim foru - podpora warezu (zvlaste bezpecnostnich programu) by byla zcela proti logice fora
Obstarejte si proto legalni ochranu Vaseho PC (antivir), pote sem vlozte novy log z RSITu a CKScanneru - viz nize.

Osobne Vam doporucuji Avast, Aviru ci MSE. Prehled antiviru mate ZDE.

Log z RSITu - viz muj podpis
Stahnete na plochu CKScanner

• Spustte a kliknete na Search for files
• Po dokonceni skenu kliknete na Save List to File a nasledne OK
• Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte

[HANS55]

Já chápu,že osvěta je potřeba a co se týká mého vlastního PC, v něm se snažím podobný věci nepěstovat, tenhle NTB mi donesl kamarád, po tom, co ho dostal do takovýho stavu a snažil se ho opravit sám, tím, že něco mazal a mazal. Proto jsem napsal na rovinu, co má tenhle notes za historii. Nenechal si poradil, ale snad se poučil, a sám chápu Váš přístup k pirátům. Osobně si radši najdu FREE alternativu než warez. Ale k věci, aktuální log RSIT je o příspěvek výš a log MBAM taky-má tam něco v karanténě, tak jestli to můžu smazat, aby to po odinstalu MBAM-u nezůstalo bez dohledu. Jinak ten ESET by měl být údajně legální, ikdyž nechápu, proč má zrovna ESET, když na to každej nadává...


A toto mi napsal CKScanner:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.RXAAMS
----- EOF -----

[vyosek]

MBAM odinstalujte

ESET zcela urcite legalni neni Leda ze by tohle tnod user & password finder byl simulator akvarijnich rybicek

Takze pockam na novy RSIT ve kterem bude jiz legalni zabezpeceni (Avast, Avira ci MSE) a ESET bude pryc...

[HANS55]

Až tak tomu nerozumím, abych to poznal, vycházel jsem z tvrzení, takže snad napraveno. Jinak co byste poradil k tomu avastu za firewall ? Ve svém mám trial Kerio, co po měsíci jede v omezeném režimu a zatím bez problému. Bude stačit ten standartní ve WIN, nebo je nanic ?
Tady čerstvej log RSIT :

Logfile of random's system information tool 1.09 (written by random/random)
Run by hp at 2011-11-28 22:44:09
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 143 GB (65%) free of 221 GB
Total RAM: 3006 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:44:22, on 28.11.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\hp\Desktop\RSIT.exe
C:\Program Files\trend micro\hp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 5672 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2090881067-789602479-1709589430-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2090881067-789602479-1709589430-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Program Files\AutocompletePro\AutocompletePro.dll [2010-02-11 97760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-09-29 414416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-11-05 138624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll [2009-11-16 506720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll [2009-11-16 506720]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-07 336384]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-12-17 1996072]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-09-29 273528]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2009-11-18 54576]
"MSN Toolbar"=C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe [2009-11-16 240992]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-14 136176]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.IV41"=ir41_32.dll
"VIDC.IV32"=ir32_32.dll
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"msacm.lameacm"=lameACM.acm
"msacm.ac3acm"=ac3acm.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.avis"=ff_acm.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-11-28 22:29:56 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-11-28 22:29:56 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-11-28 22:29:53 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-11-28 22:29:53 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-11-28 22:29:51 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-11-28 22:29:48 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-11-28 22:29:09 ----A---- C:\Windows\avastSS.scr
2011-11-28 22:29:08 ----A---- C:\Windows\system32\aswBoot.exe
2011-11-28 22:29:02 ----D---- C:\ProgramData\AVAST Software
2011-11-28 22:29:02 ----D---- C:\Program Files\AVAST Software
2011-11-27 19:24:19 ----D---- C:\Program Files\Defraggler
2011-11-27 18:36:28 ----D---- C:\Users\hp\AppData\Roaming\GlarySoft
2011-11-27 18:04:52 ----D---- C:\Program Files\Glary Utilities
2011-11-27 17:56:30 ----D---- C:\Program Files\VS Revo Group
2011-11-27 17:35:38 ----D---- C:\rsit
2011-11-27 17:35:38 ----D---- C:\Program Files\trend micro
2011-11-27 16:10:46 ----ASH---- C:\pagefile.sys
2011-11-27 16:05:07 ----D---- C:\Users\hp\AppData\Roaming\Malwarebytes
2011-11-27 16:05:00 ----D---- C:\ProgramData\Malwarebytes
2011-11-27 15:53:37 ----A---- C:\Windows\wininit.ini
2011-11-27 15:17:04 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-11-27 15:17:04 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-11-26 22:59:11 ----D---- C:\Users\hp\AppData\Roaming\uTorrent
2011-11-26 20:19:22 ----D---- C:\Users\hp\AppData\Roaming\HP
2011-11-26 20:17:41 ----D---- C:\Program Files\MSN Toolbar
2011-11-26 20:17:41 ----D---- C:\Program Files\Microsoft
2011-11-26 20:17:34 ----D---- C:\Program Files\Microsoft Silverlight
2011-11-26 20:17:01 ----D---- C:\Program Files\MSN Toolbar Installer
2011-11-26 20:16:52 ----D---- C:\Users\hp\AppData\Roaming\HpUpdate
2011-11-26 20:10:14 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2011-11-26 20:09:07 ----D---- C:\ProgramData\HP
2011-11-26 14:49:57 ----A---- C:\Windows\system32\msonpmon.dll
2011-11-26 14:45:27 ----D---- C:\ProgramData\Microsoft Help
2011-11-26 14:38:16 ----D---- C:\Users\hp\AppData\Roaming\Win7codecs
2011-11-26 14:38:12 ----D---- C:\Program Files\Win7codecs
2011-11-26 14:37:16 ----D---- C:\ProgramData\Win7codecs
2011-11-23 15:03:45 ----D---- C:\ProgramData\redistpart
2011-11-23 15:01:39 ----D---- C:\ProgramData\createonepart
2011-11-23 15:01:27 ----D---- C:\ProgramData\explauncher
2011-11-23 15:01:26 ----D---- C:\ProgramData\launcher
2011-11-23 14:58:06 ----DC---- C:\Windows\system32\DRVSTORE
2011-11-23 14:58:06 ----A---- C:\Windows\system32\drivers\hotcore3.sys
2011-11-23 14:57:48 ----D---- C:\Program Files\Paragon Software
2011-11-20 17:24:51 ----D---- C:\Program Files\Valve
2011-11-20 11:11:04 ----D---- C:\Program Files\uTorrent
2011-11-15 13:08:38 ----D---- C:\Program Files\CCleaner
2011-11-14 21:06:38 ----D---- C:\Users\hp\AppData\Roaming\Skype
2011-11-14 17:34:44 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-11-14 17:34:38 ----A---- C:\Windows\system32\win32k.sys

======List of files/folders modified in the last 1 month======

2011-11-28 22:44:12 ----D---- C:\Windows\Temp
2011-11-28 22:43:00 ----D---- C:\Windows\inf
2011-11-28 22:42:59 ----D---- C:\Windows
2011-11-28 22:41:31 ----D---- C:\Windows\system32\config
2011-11-28 22:38:29 ----D---- C:\Windows\system32\Tasks
2011-11-28 22:36:24 ----D---- C:\Windows\System32
2011-11-28 22:29:56 ----D---- C:\Windows\system32\drivers
2011-11-28 22:29:47 ----SHD---- C:\Windows\Installer
2011-11-28 22:29:47 ----SHD---- C:\Config.Msi
2011-11-28 22:29:42 ----D---- C:\Windows\winsxs
2011-11-28 22:29:02 ----RD---- C:\Program Files
2011-11-28 22:29:02 ----HD---- C:\ProgramData
2011-11-28 22:28:55 ----SHD---- C:\System Volume Information
2011-11-28 22:21:32 ----D---- C:\Windows\system32\DriverStore
2011-11-28 22:21:32 ----D---- C:\Windows\system32\catroot
2011-11-27 18:04:57 ----D---- C:\Windows\Tasks
2011-11-27 17:26:49 ----D---- C:\Windows\Panther
2011-11-27 16:10:41 ----D---- C:\Windows\IME
2011-11-27 14:50:38 ----D---- C:\Windows\Prefetch
2011-11-27 14:03:58 ----D---- C:\Windows\system32\wdi
2011-11-27 14:02:57 ----SD---- C:\ProgramData\Microsoft
2011-11-26 23:15:46 ----SHD---- C:\$Recycle.Bin
2011-11-26 23:15:34 ----RD---- C:\Users
2011-11-26 22:56:30 ----D---- C:\Program Files\Common Files\microsoft shared
2011-11-26 22:52:13 ----SHD---- C:\Recovery
2011-11-26 22:21:23 ----SD---- C:\Users\hp\AppData\Roaming\Microsoft
2011-11-26 22:06:01 ----D---- C:\Windows\system32\catroot2
2011-11-26 21:52:00 ----RSD---- C:\Windows\assembly
2011-11-26 21:51:32 ----D---- C:\Program Files\Microsoft.NET
2011-11-26 21:51:29 ----D---- C:\Program Files\Common Files
2011-11-26 21:51:14 ----D---- C:\Windows\ShellNew
2011-11-26 21:50:43 ----D---- C:\Program Files\MSBuild
2011-11-26 21:50:26 ----RSD---- C:\Windows\Fonts
2011-11-26 21:47:41 ----D---- C:\Program Files\Common Files\System
2011-11-26 21:47:38 ----A---- C:\Windows\win.ini
2011-11-26 21:07:56 ----D---- C:\Program Files\HP
2011-11-26 21:06:59 ----D---- C:\Windows\twain_32
2011-11-26 20:51:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-11-26 14:42:17 ----D---- C:\Program Files\WinRAR
2011-11-26 14:21:42 ----D---- C:\Program Files\Common Files\InstallShield
2011-11-26 11:18:47 ----D---- C:\Windows\system32\wfp
2011-11-26 11:18:45 ----D---- C:\Windows\system32\wbem
2011-11-26 11:18:05 ----D---- C:\Windows\system32\NDF
2011-11-26 11:18:00 ----D---- C:\Windows\registration
2011-11-26 11:17:47 ----D---- C:\Users\hp\AppData\Roaming\Real
2011-11-26 11:17:46 ----D---- C:\ProgramData\Real
2011-11-20 17:24:51 ----HD---- C:\Program Files\InstallShield Installation Information
2011-11-16 14:00:25 ----D---- C:\Windows\Microsoft.NET
2011-11-15 13:35:10 ----D---- C:\Windows\Logs
2011-11-15 13:35:10 ----D---- C:\Windows\debug
2011-11-14 23:01:59 ----A---- C:\Windows\system32\MRT.exe
2011-10-31 21:37:16 ----AD---- C:\ProgramData\TEMP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 25656]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2008-05-24 73728]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 35896]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-08 8312832]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-07-08 244736]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 netr28;Ralink 802.11n – bezdrátový ovladač pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-12-17 1320752]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AVerAF35;HP USB DVB-T TV Tuner; C:\Windows\System32\Drivers\HPAF35.sys [2009-10-19 474752]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 HPIR;HP TV Tuner Infrared Receiver; C:\Windows\system32\DRIVERS\HPIR.sys [2009-11-16 87552]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-07-08 176128]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 26168]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-11-05 242048]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-08-17 1343400]

-----------------EOF-----------------

[vyosek]

FW ve W7 je jiz na dostatecne urovni a pro bezneho uzivatele dostacujici

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost 2 a potvrte enterem
• Utilita provede svou cinnost a da log - ten sem vlozte
• Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

[HANS55]

2.


RogueKiller V6.1.10 [11/18/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: hp [Admin rights]
Mode: Remove -- Date : 11/28/2011 23:21:12

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


Finished : << RKreport[1].txt >>
RKreport[1].txt

[HANS55]

3.


RogueKiller V6.1.10 [11/18/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: hp [Admin rights]
Mode: HOSTSFix -- Date : 11/28/2011 23:24:44

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

[HANS55]

4.


RogueKiller V6.1.10 [11/18/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: hp [Admin rights]
Mode: ProxyFix -- Date : 11/28/2011 23:26:55

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[vyosek]

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[HANS55]

Log ComboFix :

ComboFix 11-11-28.02 - hp 28.11.2011 23:54:23.1.8 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3006.2030 [GMT 1:00]
Spuštěný z: c:\users\hp\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AcRemoteUpdate.exe
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\TaskScheduler.dll
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-28 do 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-28 23:16 . 2011-11-28 23:17 -------- d-----w- c:\users\hp\AppData\Local\temp
2011-11-28 23:16 . 2011-11-28 23:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-28 22:20 . 2011-11-28 22:27 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-11-28 21:40 . 2011-11-28 21:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD43CE05-D70F-480B-ABEF-C1657ABB9D95}\offreg.dll
2011-11-28 21:29 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 21:29 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 21:29 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 21:29 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 21:29 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 21:29 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 21:29 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 21:29 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 21:29 . 2011-11-28 21:29 -------- d-----w- c:\programdata\AVAST Software
2011-11-28 21:29 . 2011-11-28 21:29 -------- d-----w- c:\program files\AVAST Software
2011-11-27 18:24 . 2011-11-27 18:24 -------- d-----w- c:\program files\Defraggler
2011-11-27 17:36 . 2011-11-27 17:36 -------- d-----w- c:\users\hp\AppData\Roaming\GlarySoft
2011-11-27 17:04 . 2011-11-27 17:04 -------- d-----w- c:\program files\Glary Utilities
2011-11-27 16:56 . 2011-11-27 16:56 -------- d-----w- c:\program files\VS Revo Group
2011-11-27 16:35 . 2011-11-28 21:44 -------- d-----w- c:\program files\trend micro
2011-11-27 16:35 . 2011-11-27 16:35 -------- d-----w- C:\rsit
2011-11-27 15:05 . 2011-11-27 15:05 -------- d-----w- c:\users\hp\AppData\Roaming\Malwarebytes
2011-11-27 15:05 . 2011-11-27 15:05 -------- d-----w- c:\programdata\Malwarebytes
2011-11-27 14:17 . 2011-11-27 18:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-27 14:17 . 2011-11-27 14:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-26 22:15 . 2011-11-26 22:16 -------- d-----w- c:\users\Guest
2011-11-26 21:59 . 2011-11-27 14:08 -------- d-----w- c:\users\hp\AppData\Roaming\uTorrent
2011-11-26 19:19 . 2011-11-26 19:19 -------- d-----w- c:\users\hp\AppData\Roaming\HP
2011-11-26 19:17 . 2011-11-26 19:17 -------- d-----w- c:\program files\MSN Toolbar
2011-11-26 19:17 . 2011-11-26 19:17 -------- d-----w- c:\program files\Microsoft
2011-11-26 19:17 . 2011-11-26 19:17 -------- d-----w- c:\program files\Microsoft Silverlight
2011-11-26 19:17 . 2011-11-26 19:17 -------- d-----w- c:\program files\MSN Toolbar Installer
2011-11-26 19:16 . 2011-11-26 19:16 -------- d-----w- c:\users\hp\AppData\Roaming\HpUpdate
2011-11-26 19:10 . 2011-11-26 19:10 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-11-26 19:09 . 2011-11-26 20:07 -------- d-----w- c:\programdata\HP
2011-11-26 13:49 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-11-26 13:49 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-11-26 13:45 . 2011-11-26 13:45 -------- d-----w- c:\users\hp\AppData\Local\Microsoft Help
2011-11-26 13:45 . 2011-11-26 20:52 -------- d-----w- c:\programdata\Microsoft Help
2011-11-26 13:38 . 2011-11-26 13:38 -------- d-----w- c:\users\hp\AppData\Roaming\Win7codecs
2011-11-26 13:38 . 2011-11-26 13:38 -------- d-----w- c:\program files\Win7codecs
2011-11-26 13:37 . 2011-11-26 13:38 -------- d-----w- c:\programdata\Win7codecs
2011-11-26 10:22 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD43CE05-D70F-480B-ABEF-C1657ABB9D95}\mpengine.dll
2011-11-23 14:03 . 2011-11-23 14:03 -------- d-----w- c:\programdata\redistpart
2011-11-23 14:01 . 2011-11-23 14:01 -------- d-----w- c:\programdata\createonepart
2011-11-23 14:01 . 2011-11-23 14:01 -------- d-----w- c:\programdata\explauncher
2011-11-23 14:01 . 2011-11-23 14:01 -------- d-----w- c:\programdata\launcher
2011-11-23 13:58 . 2011-11-26 13:16 -------- dc----w- c:\windows\system32\DRVSTORE
2011-11-23 13:58 . 2010-05-18 10:25 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2011-11-23 13:57 . 2011-11-23 13:57 -------- d-----w- c:\program files\Paragon Software
2011-11-20 16:24 . 2011-11-26 13:21 -------- d-----w- c:\program files\Valve
2011-11-20 10:11 . 2011-11-20 10:11 -------- d-----w- c:\program files\uTorrent
2011-11-15 12:08 . 2011-11-15 12:08 -------- d-----w- c:\program files\CCleaner
2011-11-14 20:06 . 2011-11-26 12:13 -------- d-----w- c:\users\hp\AppData\Roaming\Skype
2011-11-14 19:24 . 2011-11-14 19:25 -------- d-----w- c:\users\hp\AppData\Local\Google
2011-11-14 19:24 . 2011-11-14 19:24 -------- d-----w- c:\users\hp\AppData\Local\Deployment
2011-11-14 16:34 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-14 16:34 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-14 16:34 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 11:12 . 2011-08-10 18:53 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-11-27 11:12 . 2011-08-17 16:19 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-14 19:08 . 2011-08-11 16:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-16 07:48 . 2011-10-16 07:48 745472 ----a-w- c:\windows\system32\lameACM.acm
2011-10-14 18:52 . 2011-08-17 16:19 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-10-14 18:52 . 2011-08-10 18:53 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-05 06:46 . 2011-10-05 06:46 1287168 ----a-w- c:\windows\system32\VSFilter.dll
2011-10-03 09:10 . 2011-10-03 09:10 344064 ----a-w- c:\windows\system32\AACACM.acm
2011-09-29 20:51 . 2011-09-29 20:51 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-09-29 20:51 . 2011-09-29 20:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-27 14:39 . 2011-09-27 14:39 4122624 ----a-w- c:\windows\system32\x264vfw.dll
2011-09-25 16:56 . 2011-09-25 16:56 216064 ----a-w- c:\windows\system32\lagarith.dll
2011-09-17 18:34 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-09-01 02:35 . 2011-10-21 16:14 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-21 16:14 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-21 16:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 336384]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-17 1996072]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-09-29 273528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe" [2009-11-16 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R3 AVerAF35;HP USB DVB-T TV Tuner;c:\windows\system32\Drivers\HPAF35.sys [2009-10-19 474752]
R3 HPIR;HP TV Tuner Infrared Receiver;c:\windows\system32\DRIVERS\HPIR.sys [2009-11-16 87552]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-17 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-08 8312832]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-08 244736]
S3 netr28;Ralink 802.11n – bezdrátový ovladač pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-11-28 111872]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - TRUESIGHT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-28 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-11-27 12:08]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090881067-789602479-1709589430-1000Core.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-14 19:24]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090881067-789602479-1709589430-1000UA.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-14 19:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-AutocompletePro2_is1 - c:\program files\AutocompletePro\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-11-29 00:18:33
ComboFix-quarantined-files.txt 2011-11-28 23:18
.
Před spuštěním: Volných bajtů: 149 535 547 392
Po spuštění: Volných bajtů: 149 086 068 736
.
- - End Of File - - CA2A07E374FEC24E887A0F0B19B44EE7