Preventívka

[Narfyk]

Nazdar. Dnes som v regedite našiel zopár premňa dosť čudných súborov (netuším kde sa vzali a aj názvy sú dosť čudné) a preto sa vás chcem spýtať či neviete čo sú zač (viď priložený screenshot).
Log z RSITu:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Andrej at 2012-07-24 18:27:57
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 40 GB (65%) free of 61 GB
Total RAM: 2991 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:28:07, on 24. 7. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\regedit.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Andrej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
D:\0DOCS\viry.cz\RSIT.exe
C:\Program Files\trend micro\Andrej.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Andrej\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ\ICQ7M\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 5008 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4193802647-1336769331-151233365-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4193802647-1336769331-151233365-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4193802647-1336769331-151233365-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4193802647-1336769331-151233365-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 931200]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15 499608]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5.5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Andrej\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-28 116648]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"AdobeBridge"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.X264"=x264vfw.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.VP70"=vp7vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.siren"=sirenacm.dll
"VIDC.FMVC"=fmcodec.dll
"vidc.tscc"=tsccvid.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-07-24 18:27:58 ----D---- C:\Program Files\trend micro
2012-07-24 18:27:57 ----D---- C:\rsit
2012-07-23 23:42:34 ----A---- C:\Windows\system32\NEXUS234.DLL
2012-07-23 22:23:11 ----A---- C:\Windows\system32\SYNSOEMU.DLL
2012-07-23 22:20:49 ----D---- C:\Program Files\Common Files\reFX
2012-07-22 18:23:59 ----D---- C:\ProgramData\eLicenser
2012-07-22 18:02:30 ----A---- C:\Windows\SYNSONXS.dll
2012-07-11 14:20:36 ----A---- C:\Windows\system32\mshtmled.dll
2012-07-11 14:20:36 ----A---- C:\Windows\system32\iertutil.dll
2012-07-11 14:20:35 ----A---- C:\Windows\system32\jsproxy.dll
2012-07-11 14:20:35 ----A---- C:\Windows\system32\ieUnatt.exe
2012-07-11 14:20:35 ----A---- C:\Windows\system32\ieui.dll
2012-07-11 14:20:34 ----A---- C:\Windows\system32\wininet.dll
2012-07-11 14:20:34 ----A---- C:\Windows\system32\jscript9.dll
2012-07-11 14:20:34 ----A---- C:\Windows\system32\jscript.dll
2012-07-11 14:20:33 ----A---- C:\Windows\system32\urlmon.dll
2012-07-11 14:20:33 ----A---- C:\Windows\system32\url.dll
2012-07-11 14:20:32 ----A---- C:\Windows\system32\mshtml.dll
2012-07-11 14:20:31 ----A---- C:\Windows\system32\ieframe.dll
2012-07-11 14:18:50 ----A---- C:\Windows\system32\win32k.sys
2012-07-11 10:16:44 ----A---- C:\Windows\system32\schannel.dll
2012-07-11 10:16:44 ----A---- C:\Windows\system32\ncrypt.dll
2012-07-11 10:16:44 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-07-11 10:16:44 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-07-11 10:16:44 ----A---- C:\Windows\system32\drivers\cng.sys
2012-07-11 10:16:42 ----A---- C:\Windows\system32\msxml6.dll
2012-07-11 10:16:42 ----A---- C:\Windows\system32\msxml3r.dll
2012-07-11 10:16:42 ----A---- C:\Windows\system32\msxml3.dll
2012-07-11 10:16:41 ----A---- C:\Windows\system32\cdosys.dll
2012-07-11 10:16:36 ----A---- C:\Windows\system32\shell32.dll
2012-07-11 10:10:27 ----D---- C:\Windows\Minidump
2012-07-06 00:27:51 ----A---- C:\Windows\system32\browserchoice.exe
2012-07-04 21:38:11 ----D---- C:\Program Files\Microsoft WSE
2012-07-02 13:30:07 ----D---- C:\Users\Andrej\AppData\Roaming\Need for Speed World
2012-06-29 20:41:15 ----A---- C:\Windows\system32\tsccvid.dll
2012-06-29 20:41:14 ----D---- C:\Windows\system32\QuickTime
2012-06-29 20:41:08 ----D---- C:\Program Files\QuickTime
2012-06-29 20:40:55 ----D---- C:\Program Files\Common Files\TechSmith Shared

======List of files/folders modified in the last 1 month======

2012-07-24 18:28:07 ----D---- C:\Windows\Prefetch
2012-07-24 18:27:58 ----RD---- C:\Program Files
2012-07-24 18:27:34 ----D---- C:\Windows\Temp
2012-07-24 14:52:45 ----D---- C:\Windows\system32\config
2012-07-23 23:42:34 ----D---- C:\Windows\System32
2012-07-23 23:19:51 ----D---- C:\Users\Andrej\AppData\Roaming\uTorrent
2012-07-23 22:20:49 ----D---- C:\Program Files\Common Files
2012-07-23 22:15:10 ----D---- C:\Windows
2012-07-23 20:32:31 ----D---- C:\Users\Andrej\AppData\Roaming\Skype
2012-07-22 21:33:10 ----D---- C:\Windows\inf
2012-07-22 21:33:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-07-22 18:23:59 ----HD---- C:\ProgramData
2012-07-22 17:55:34 ----D---- C:\Windows\system32\catroot2
2012-07-22 12:10:09 ----SHD---- C:\System Volume Information
2012-07-20 13:37:13 ----D---- C:\ProgramData\PMB Files
2012-07-18 15:01:20 ----SD---- C:\Users\Andrej\AppData\Roaming\Microsoft
2012-07-11 15:10:12 ----D---- C:\Windows\winsxs
2012-07-11 15:08:54 ----D---- C:\Windows\system32\migration
2012-07-11 15:08:54 ----D---- C:\Program Files\Internet Explorer
2012-07-11 15:08:53 ----D---- C:\Windows\system32\drivers
2012-07-11 14:20:44 ----D---- C:\Windows\system32\catroot
2012-07-11 14:19:05 ----A---- C:\Windows\system32\MRT.exe
2012-07-04 21:38:15 ----SHD---- C:\Windows\Installer
2012-07-04 21:38:15 ----RSD---- C:\Windows\assembly
2012-07-04 21:21:50 ----HD---- C:\Program Files\InstallShield Installation Information
2012-07-04 21:20:27 ----D---- C:\Users\Andrej\AppData\Roaming\DAEMON Tools Lite
2012-06-30 20:56:00 ----D---- C:\Windows\system32\Tasks
2012-06-30 20:55:57 ----D---- C:\Program Files\Common Files\InstallShield
2012-06-29 20:11:49 ----D---- C:\ProgramData\TechSmith

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 25656]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-03-20 171064]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-04-28 477240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 35896]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2009-09-17 41088]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service; C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-19 14848]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 as6kpa5s;as6kpa5s; C:\Windows\system32\drivers\as6kpa5s.sys []
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-22 1172992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2012-05-05 9216]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S3 WSDScan;WSD Scan Support via UMB; C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2012-05-05 107776]
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2012-05-05 107776]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2012-05-05 107776]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 26168]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 11552]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-04-05 158856]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-27 1343400]

-----------------EOF-----------------

Od kedy som sem písal naposledy sa na PC vymenil disk (wifina je poškodená fyzicky, takže to je dôvod prečo nešla, inak PC šlape ako nový ).

[Rudy]

Ty položky jsou podezřelé. Dejte log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Narfyk]

Nech sa páči
ComboFix 12-07-25.04 - Andrej . 07. 2012 20:34:23.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1033.18.2991.1940 [GMT 2:00]
Running from: c:\users\Andrej\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))
.
.
2012-07-24 18:38 . 2012-07-24 18:38 -------- d-----w- c:\users\Martin\AppData\Local\temp
2012-07-24 18:38 . 2012-07-24 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 16:43 . 2012-07-24 16:43 -------- d-----w- c:\users\Andrej\AppData\Roaming\Malwarebytes
2012-07-24 16:43 . 2012-07-24 16:43 -------- d-----w- c:\programdata\Malwarebytes
2012-07-24 16:43 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-24 16:27 . 2012-07-24 16:28 -------- d-----w- c:\program files\trend micro
2012-07-24 16:27 . 2012-07-24 16:28 -------- d-----w- C:\rsit
2012-07-24 07:44 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72FBC13C-9E25-4B62-9AAF-3DE032C9CA9D}\mpengine.dll
2012-07-23 21:42 . 2012-07-16 15:48 35328 ----a-w- c:\windows\system32\NEXUS234.DLL
2012-07-23 20:23 . 2009-10-24 19:15 1332224 ----a-w- c:\windows\system32\SYNSOEMU.DLL
2012-07-23 20:20 . 2012-07-23 20:20 -------- d-----w- c:\program files\Common Files\reFX
2012-07-22 16:23 . 2012-07-22 16:23 -------- d-----w- c:\programdata\eLicenser
2012-07-22 16:02 . 2012-07-22 16:02 400384 ----a-w- c:\windows\SYNSONXS.dll
2012-07-22 10:10 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-12 18:50 . 2012-07-12 18:50 -------- d-----w- c:\users\Martin\AppData\Roaming\Need for Speed World
2012-07-11 12:18 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 16:50 . 2012-07-10 16:54 -------- d-----w- c:\users\Martin\riotsGamesLogs
2012-07-05 22:27 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-04 19:38 . 2012-07-04 19:38 -------- d-----w- c:\program files\Microsoft WSE
2012-07-03 20:06 . 2012-04-27 21:18 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE909EDA-D12D-414A-88BB-D8C10E3F157D}\gapaengine.dll
2012-07-02 19:34 . 2012-07-02 19:34 -------- d-----w- c:\users\Martin\AppData\Roaming\LolClient
2012-07-02 19:14 . 2012-07-02 19:14 -------- d-----w- c:\users\Martin\AppData\Local\Electronic_Arts_Inc
2012-07-02 11:30 . 2012-07-02 11:30 -------- d-----w- c:\users\Andrej\AppData\Roaming\Need for Speed World
2012-07-02 09:21 . 2012-07-02 09:21 -------- d--h--w- c:\users\Andrej\AppData\Local\Electronic_Arts_Inc
2012-06-29 18:41 . 2010-03-04 15:27 411480 ----a-w- c:\windows\system32\tsccvid.dll
2012-06-29 18:41 . 2012-06-29 18:41 -------- d-----w- c:\windows\system32\QuickTime
2012-06-29 18:41 . 2012-06-29 18:41 -------- d-----w- c:\program files\QuickTime
2012-06-29 18:40 . 2012-06-29 18:40 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2012-06-29 18:21 . 2012-06-29 18:21 -------- d-----w- c:\users\Andrej\AppData\Local\TechSmith
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 22:19 . 2012-06-19 13:23 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 13:23 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 13:23 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 13:23 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 13:23 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 13:23 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 13:23 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 13:23 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-19 13:23 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:40 . 2012-07-11 08:16 225280 ----a-w- c:\windows\system32\schannel.dll
2012-05-11 19:36 . 2012-05-11 19:36 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-05-11 19:36 . 2012-05-11 19:36 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-05 18:20 . 2012-05-05 18:20 107776 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-05-05 18:20 . 2012-05-05 18:20 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-05-05 18:20 . 2012-05-05 18:20 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2012-05-05 18:20 . 2012-05-05 18:20 114688 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2012-05-05 18:20 . 2012-05-05 18:20 107776 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-05-01 04:44 . 2012-06-13 18:45 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-30 18:44 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-29 16:57 . 2012-04-29 17:05 1177600 ----a-w- c:\windows\SYNSOEMU.DLL
2012-04-28 08:22 . 2012-04-28 08:21 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-04-28 03:17 . 2012-06-13 18:45 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-27 21:18 . 2012-06-12 19:03 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-04-27 19:49 . 2012-04-27 19:49 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-27 19:49 . 2012-04-27 19:49 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-27 19:49 . 2012-04-27 19:49 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-27 19:49 . 2012-04-27 19:49 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-04-27 19:49 . 2012-04-27 19:49 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-04-27 19:49 . 2012-04-27 19:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-27 19:49 . 2012-04-27 19:49 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-04-27 19:49 . 2012-04-27 19:49 367104 ----a-w- c:\windows\system32\html.iec
2012-04-27 19:49 . 2012-04-27 19:49 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-04-27 19:49 . 2012-04-27 19:49 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-27 19:49 . 2012-04-27 19:49 161792 ----a-w- c:\windows\system32\msls31.dll
2012-04-27 19:49 . 2012-04-27 19:49 152064 ----a-w- c:\windows\system32\wextract.exe
2012-04-27 19:49 . 2012-04-27 19:49 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-04-27 19:49 . 2012-04-27 19:49 11776 ----a-w- c:\windows\system32\mshta.exe
2012-04-27 19:49 . 2012-04-27 19:49 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-27 19:49 . 2012-04-27 19:49 101888 ----a-w- c:\windows\system32\admparse.dll
2012-04-27 19:10 . 2010-11-20 21:29 409088 ----a-w- c:\windows\system32\systemcpl.dll
2012-04-27 19:10 . 2010-11-20 21:29 13824 ----a-w- c:\windows\system32\slwga.dll
2012-04-27 19:10 . 2010-11-20 21:29 811520 ----a-w- c:\windows\system32\user32.dll
2012-04-26 04:45 . 2012-06-13 18:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 18:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 18:45 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-04-27 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Malwarebytes' Anti-Malware"="d:\0docs\viry.cz\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;d:\0docs\viry.cz\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4193802647-1336769331-151233365-1000Core.job
- c:\users\Andrej\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-28 08:27]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4193802647-1336769331-151233365-1000UA.job
- c:\users\Andrej\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-28 08:27]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4193802647-1336769331-151233365-1001Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-28 06:36]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4193802647-1336769331-151233365-1001UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-28 06:36]
.
.
------- Supplementary Scan -------
.
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-24 20:39:54
ComboFix-quarantined-files.txt 2012-07-24 18:39
.
Pre-Run: 42 883 817 472 bytes free
Post-Run: 42 887 991 296 bytes free
.
- - End Of File - - D11C1C62533272D5F118AA2AB288C19D

[Rudy]

Tento soubor: c:\windows\system32\NEXUS234.DLL otestujte online na www.virustotal.com .

[Narfyk]

O tom súbore viem, je to crack do jedného VST pluginu, ale idem ho zmazať, kedže ajtak nefunguje

[Rudy]

Jinak tam není nic jiného, co by stálo za řeč, vidět.

[Narfyk]

A čo tie súbory čo boli v regedite.. či to sú len výplody fantázie môjho PC ?

[Rudy]

Pokud jsou tam i po skenu CF, zřejmě tam patří. Není v možnostech nikoho znát na zpaměť všechny registry klíče. Máte pocit, že PC neběží, jak má?

[Narfyk]

Práveže PC ide dobre, skôr výborne. Ak tam patria tak je to OK, len sa mi zdali podozrivé tie názvy, tak som radšej sem napísal. Po skene CF je všetko ako predtým, zdá sa mi že ešte dve položky tam pribudli.. čo by sa mohlo stať ak by som ich z registrov vymazal ?
Nachádzajú sa v:
HKEY_LOCAL_MACHINE >> SOFTWARE >> Microsoft >> Windows >> CurrentVersion >> Explorer >> AutoplayHandlers >> CancelAutoplay > Files > *.* <-- znamená že tu sú tie súbory/záznamy

[Rudy]

Máte nastaveno nějaké automatické přehrávání. Schválně najděte soubory, které odpovídají položkám v registry a zkuste některou otestovat na www.virustotal.com . Pak bude jasné, jestli jde o korektní soubor, nebo vir.

[Narfyk]

Idem nato.. ale ak to chápem správne, tak ak vymažem tie registre, tak napríklad po vložení CD s niečim inštalovatelným sa to nespustí samé, ale budem to musieť zapnúť ja - ručne ?

[Rudy]

Idem nato.. ale ak to chápem správne, tak ak vymažem tie registre, tak napríklad po vložení CD s niečim inštalovatelným sa to nespustí samé, ale budem to musieť zapnúť ja - ručne ?

Mělo by to tak být.

[Narfyk]

Takže. Žiadny zo súborov som nenašiel, takže by v podstate nemalo vadiť ak tie registre vymažem.. jedine čo som našiel na googli ten updmoney.exe je niečo od microsoft (Microsoft Money, ale netuším čo to je ). Idem to teda pomazať.
Ďakujem pekne za preventívku a pomoc !

Môžete .

[Rudy]

Nemáte zač a zamykám!