RSIT nechce vytvorit log

[xkarel]

Ahoj, chtel jsem si nechat zkontrolovat PC, ale pri spusteni RSIT a par vterinach mi to vyhodi tuto hlasku:
http://www.2i.cz/ece21c36e5
Co s tim ?

Predem dekuji.

[Rudy]

Zdravím!
Jaká máte oper. systém?

[xkarel]

Windows 7, 32bit

[Rudy]

Zkuste RSIT spustit jako administrator.

[xkarel]

porad stejne, jeste dodam, ze jsem RSIT uz nekolikrat pouzival a do ted vzdy bez problemu.

[Rudy]

OK. Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[xkarel]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.04.04.08

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Elite :: ELITE-PC [administrátor]

Ochrana: Zakázána

27.4.2012 7:02:05
mbam-log-2012-04-27 (08-42-45).txt

Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 481343
Uplynulý čas: 1 hodin, 31 minut, 44 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\Users\Elite\AppData\Local\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Žádná instrukce nebyla provedena.
C:\Users\Elite\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Žádná instrukce nebyla provedena.

(konec)

[Rudy]

Položky, které MBAM nalezl, smažte.

[xkarel]

Smazano, zkusil jsem RSIT a porad nejde

[Rudy]

OK. Dejte log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[xkarel]

ComboFix 12-04-28.01 - Elite 29.04.2012 7:43.4.2 - x86
Spuštěný z: h:\petas\Download\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll
c:\programdata\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll
c:\programdata\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll
c:\programdata\Microsoft\corecon\1.0\addons\SDKAddonVer.dll
c:\programdata\Microsoft\corecon\1.0\SDKFilesVer.dll
c:\users\Elite\AppData\Local\TempDIR
c:\users\Elite\AppData\Roaming\inst.exe
c:\users\Elite\AppData\Roaming\vso_ts_preview.xml
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\bdaplgin.ax
c:\windows\system32\cero.rs
c:\windows\system32\csrr.rs
c:\windows\system32\divxdec.ax
c:\windows\system32\esrb.rs
c:\windows\system32\g711codc.ax
c:\windows\system32\grb.rs
c:\windows\system32\iac25_32.ax
c:\windows\system32\inplgrbr.ax
c:\windows\system32\ir41_32.ax
c:\windows\system32\ivfsrc.ax
c:\windows\system32\ksproxy.ax
c:\windows\system32\kstvtune.ax
c:\windows\system32\Kswdmcap.ax
c:\windows\system32\ksxbar.ax
c:\windows\system32\L3CODECX.AX
c:\windows\system32\MatroskaMuxer.ax
c:\windows\system32\MatroskaSplitter.ax
c:\windows\system32\Mpeg2Data.ax
c:\windows\system32\mpg2splt.ax
c:\windows\system32\MSDvbNP.ax
c:\windows\system32\mslvddsfilter.ax
c:\windows\system32\MSNP.ax
c:\windows\system32\oflc.rs
c:\windows\system32\pegi-fi.rs
c:\windows\system32\pegi-pt.rs
c:\windows\system32\pegi.rs
c:\windows\system32\pegibbfc.rs
c:\windows\system32\psisrndr.ax
c:\windows\system32\tmp4BEA.tmp
c:\windows\system32\tmp4BEB.tmp
c:\windows\system32\tmp737D.tmp
c:\windows\system32\tmp73AD.tmp
c:\windows\system32\tmp9229.tmp
c:\windows\system32\tmp925C.tmp
c:\windows\system32\tmp925D.tmp
c:\windows\system32\tmpE3F5.tmp
c:\windows\system32\tmpE3F6.tmp
c:\windows\system32\trnfgrbr.ax
c:\windows\system32\urttemp
c:\windows\system32\urttemp\regtlib.exe
c:\windows\system32\usk.rs
c:\windows\system32\VBICodec.ax
c:\windows\system32\vbisurf.ax
c:\windows\system32\vidcap.ax
c:\windows\system32\WEB.rs
c:\windows\system32\WSTPager.ax
c:\windows\system32\xvid.ax
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-28 do 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 05:53 . 2012-04-29 05:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-29 05:53 . 2012-04-29 05:53 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-04-29 05:53 . 2012-04-29 05:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 08:03 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-27 08:03 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-27 08:03 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-27 08:03 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-27 08:03 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-27 08:03 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-27 08:03 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-27 08:03 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-27 08:03 . 2012-04-27 08:03 -------- d-----w- c:\programdata\AVAST Software
2012-04-27 08:03 . 2012-04-27 08:03 -------- d-----w- c:\program files\AVAST Software
2012-04-26 08:08 . 2012-04-27 18:20 -------- d-----w- c:\program files\trend micro
2012-04-26 08:08 . 2012-04-26 08:08 -------- d-----w- C:\rsit
2012-04-26 05:26 . 2012-04-27 15:57 -------- d-----w- c:\users\Elite\AppData\Roaming\.minecraft
2012-04-20 07:14 . 2012-04-20 07:14 -------- d-----w- c:\program files\EASEUS
2012-04-20 06:55 . 2012-04-20 06:55 -------- d-----w- C:\CPM
2012-04-18 14:26 . 2012-04-18 14:26 -------- d-----w- c:\users\Elite\AppData\Roaming\Mozilla-Cache
2012-04-11 13:33 . 2012-04-11 13:33 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-04-11 09:06 . 2012-04-11 09:06 -------- d-----w- c:\users\Elite\AppData\Local\TeamSpeak 3 Client
2012-04-04 13:55 . 2012-04-04 13:55 -------- d--h--w- c:\windows\system32\asam
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 13:56 . 2011-09-01 09:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-27 21:31 . 2012-02-27 21:21 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-02-27 19:32 . 2012-02-27 19:32 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-27 19:32 . 2010-06-19 03:44 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-27 19:23 . 2011-10-07 09:25 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-02-15 15:34 . 2011-06-15 05:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 03:47 . 2012-02-15 03:47 9182208 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2010-05-27 17:02 791040 ----a-w- c:\windows\system32\aticfx32.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 405504 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:12 . 2012-02-15 03:12 163328 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-02-15 03:10 . 2012-02-15 03:10 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-02-15 03:07 . 2009-07-13 22:09 6200320 ----a-w- c:\windows\system32\atidxx32.dll
2012-02-15 02:58 . 2011-12-06 02:56 19392000 ----a-w- c:\windows\system32\atioglxx.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-02-15 02:34 . 2011-09-08 17:05 5954048 ----a-w- c:\windows\system32\atiumdag.dll
2012-02-15 02:29 . 2011-09-08 17:08 5062656 ----a-w- c:\windows\system32\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\system32\aticaldd.dll
2012-02-15 02:16 . 2010-05-27 16:35 51200 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:13 . 2011-12-06 02:12 356352 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2011-12-06 02:12 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2011-12-06 02:12 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-02-15 02:12 . 2012-02-15 02:12 264704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2010-05-27 16:24 33280 ----a-w- c:\windows\system32\atiuxpag.dll
2012-02-15 02:12 . 2011-09-08 16:51 30208 ----a-w- c:\windows\system32\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-02-14 21:05 . 2012-02-14 21:05 59904 ----a-w- c:\windows\system32\OpenVideo.dll
2012-02-14 21:05 . 2012-02-14 21:05 54784 ----a-w- c:\windows\system32\OVDecode.dll
2012-02-14 21:04 . 2012-02-14 21:04 13238272 ----a-w- c:\windows\system32\amdocl.dll
2012-02-14 21:03 . 2012-02-14 21:03 48128 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 14:07 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\system32\kdbsdk32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 1839104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"="regedit" [X]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-30 9914984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Elite^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 15:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter]
2011-03-21 14:13 1839104 ----a-w- c:\program files\NetLimiter 3\NLClientApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-11-25 20:34 289584 ----a-w- c:\users\Elite\AppData\Roaming\uTorrent\utorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Lycosa"="c:\program files\Razer\Razer Lycosa\razerhid.exe"
.
R2 ActivityMon2;asam;c:\windows\system32\asam\svchost.exe [2011-11-05 55808]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
R2 NEWDRIVER;NEWDRIVER;c:\windows\system32\WinVDEdrv6.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-10-02 23456]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Classic\safedrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
R3 ip100Avista;ASUS NX1001 Network Adapter NT Driver;c:\windows\system32\DRIVERS\ipfnd51.sys [2010-04-16 29696]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 5230088]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-01-29 47360]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-02-27 12984]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2011-03-21 5281672]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-15 163328]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files\PostgreSQL\8.2\bin\pg_ctl.exe [2011-01-28 90042]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-02-15 9182208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-02-15 264704]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-12-05 86032]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-04 232512]
S3 LycoFltr;Lycosa Keyboard;c:\windows\system32\Drivers\Lycosa.sys [2010-09-08 23680]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2011-09-29 21632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 5230088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-27 233472]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-09-30 10240]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-09-29 09:14]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 05:45]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 05:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-klogon - (no file)
MSConfigStartUp-Steam - c:\program files\Steam\steam.exe
AddRemove-Minecraft Cracked - c:\users\Elite\AppData\Roaming\.minecraft\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3499907369-2792925310-1543200893-1000\Software\SecuROM\License information*]
"datasecu"=hex:a2,cd,84,ad,8e,36,b1,3d,53,49,a2,30,bb,55,f9,7d,07,24,fe,08,f1,
bc,db,fd,4d,76,5a,18,c4,54,eb,7b,80,55,a9,09,20,72,1a,65,70,90,e5,af,91,b1,\
"rkeysecu"=hex:91,1e,0e,65,19,46,95,13,85,da,8e,4d,ae,22,ae,41
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-04-29 08:00:43
ComboFix-quarantined-files.txt 2012-04-29 06:00
.
Před spuštěním: Volných bajtů: 19 449 511 936
Po spuštění: Volných bajtů: 19 426 439 168
.
- - End Of File - - F6A159DCC9B8746E4AAF83513FF3D27B

[Rudy]

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Regnull::
[HKEY_USERS\S-1-5-21-3499907369-2792925310-1543200893-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[xkarel]

Parada, RSIT uz funguje, mam si jeste davat zkontrolovat log nebo jste mi to uz zaroven zkontroloval/odviroval ?

[Rudy]

Nemusíte, tohle byly už jen zbytečnosti. To svinstvo, které blokovalo RSIT, odstranil CF při provním skenu.

[xkarel]

Dekuji moc za pomoc!