prosím o kontrolu

Zpráva

OTAZ · #1 Příspěvek od **OTAZ** » 25 lis 2010 12:26

Logfile of random's system information tool 1.08 (written by random/random)
Run by Z at 2010-11-25 12:24:33
Microsoft Windows 7 Professional
System drive C: has 167 GB (70%) free of 238 GB
Total RAM: 1006 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:24:35, on 25.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Z\Desktop\RSIT.exe
C:\Users\Z\Desktop\RSIT.exe
C:\Program Files\trend micro\Z.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TNOD UP] "C:\Program Files\TNod User & Password Finder\TNODUP.exe" /i
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Remote Connections Service (FlexService) - Unknown owner - C:\Program Files\RapidBIT\cisvc.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6714 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-11-01 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-11-01 798771]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]
"TNOD UP"=C:\Program Files\TNod User & Password Finder\TNODUP.exe [2010-04-01 1811968]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"= []
"WEBTRAN"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\602PC SUITE PDF Saver]
C:\Program Files\Common Files\602phs\pdfSaver.exe [2005-08-31 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\BitTorrent.exe [2010-10-01 742776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
C:\PROGRA~1\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [2007-02-20 199752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\Z\Desktop\P17535732.JPG-www.facebook.exe"="C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-11-25 12:18:17 ----D---- C:\rsit
2010-11-25 12:18:17 ----D---- C:\Program Files\trend micro
2010-11-25 11:17:21 ----D---- C:\Program Files\DVDFab 8
2010-11-25 11:05:16 ----D---- C:\ProgramData\Martau
2010-11-25 11:05:10 ----D---- C:\Program Files\Total Uninstall 5
2010-11-22 19:05:34 ----D---- C:\Windows\fonts\AdvUninstal
2010-11-22 19:05:29 ----D---- C:\Program Files\Common Files\Innovative Solutions
2010-11-22 19:05:27 ----D---- C:\ProgramData\Innovative Solutions
2010-11-20 19:52:07 ----SHD---- C:\Config.Msi
2010-11-08 22:04:41 ----D---- C:\Program Files\Common Files\Pegasus Imaging
2010-11-08 22:04:40 ----D---- C:\ProgramData\Studio 14
2010-11-08 22:04:40 ----D---- C:\ProgramData\Pinnacle Studio Plus
2010-11-08 22:04:40 ----D---- C:\Program Files\Common Files\Yahoo!
2010-11-04 18:55:08 ----D---- C:\Users\Z\AppData\Roaming\Malwarebytes
2010-11-04 18:55:03 ----N---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-11-04 18:55:01 ----N---- C:\Windows\system32\drivers\mbam.sys
2010-11-04 18:55:01 ----D---- C:\ProgramData\Malwarebytes
2010-11-04 18:55:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-01 17:01:50 ----A---- C:\LOGFILE.TXT
2010-11-01 16:54:21 ----D---- C:\ProgramData\Dane aplikacji
2010-11-01 16:04:59 ----D---- C:\Program Files\VS Revo Group
2010-11-01 15:41:38 ----D---- C:\Windows\Profiles
2010-11-01 12:03:13 ----D---- C:\Program Files\RapidBIT
2010-10-30 11:39:36 ----D---- C:\Program Files\JoWooD
2010-10-29 13:08:13 ----A---- C:\adorage-protocol.txt
2010-10-29 11:58:00 ----D---- C:\ProgramData\eSellerate
2010-10-29 11:55:12 ----D---- C:\Program Files\Common Files\eSellerate
2010-10-29 11:54:56 ----D---- C:\Program Files\NewBlue
2010-10-27 12:40:22 ----A---- C:\Windows\unvise32.exe
2010-10-27 12:37:43 ----D---- C:\Program Files\Common Files\Pinnacle
2010-10-27 12:36:40 ----D---- C:\ProgramData\Pinnacle Studio Ultimate Collection
2010-10-27 12:28:22 ----D---- C:\Program Files\Pinnacle
2010-10-27 12:19:34 ----D---- C:\ProgramData\Pinnacle
2010-10-27 08:28:31 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2010-10-27 08:28:24 ----A---- C:\Windows\system32\msdri.dll
2010-10-27 08:28:24 ----A---- C:\Windows\system32\CPFilters.dll

======List of files/folders modified in the last 1 months======

2010-11-25 12:24:33 ----D---- C:\Windows\Temp
2010-11-25 12:18:28 ----D---- C:\Windows\Prefetch
2010-11-25 12:18:17 ----RD---- C:\Program Files
2010-11-25 12:17:26 ----D---- C:\Windows\system32\config
2010-11-25 12:12:11 ----SHD---- C:\System Volume Information
2010-11-25 12:07:47 ----AD---- C:\ProgramData\TEMP
2010-11-25 11:05:16 ----HD---- C:\ProgramData
2010-11-25 10:35:37 ----D---- C:\Users\Z\AppData\Roaming\Vso
2010-11-24 15:38:52 ----D---- C:\Windows
2010-11-24 11:21:21 ----D---- C:\Program Files\Internet Explorer
2010-11-24 11:21:19 ----D---- C:\Windows\winsxs
2010-11-24 11:20:37 ----D---- C:\Windows\system32\catroot
2010-11-23 09:40:06 ----D---- C:\Windows\system32\catroot2
2010-11-22 20:59:19 ----D---- C:\Windows\System32
2010-11-22 20:01:36 ----D---- C:\Users\Z\AppData\Roaming\BitTorrent
2010-11-22 19:38:25 ----D---- C:\Windows\system32\Tasks
2010-11-22 19:05:34 ----RSD---- C:\Windows\Fonts
2010-11-22 19:05:29 ----D---- C:\Program Files\Common Files
2010-11-22 18:45:59 ----D---- C:\Windows\debug
2010-11-22 18:20:18 ----SHD---- C:\Windows\Installer
2010-11-22 18:18:48 ----D---- C:\Windows\Tasks
2010-11-22 18:18:48 ----D---- C:\Windows\system32\wfp
2010-11-22 18:18:45 ----D---- C:\Windows\system32\wbem
2010-11-22 18:17:51 ----D---- C:\Windows\system32\DriverStore
2010-11-22 18:17:51 ----D---- C:\Windows\inf
2010-11-22 18:17:51 ----D---- C:\Users\Z\AppData\Roaming\LangSoft
2010-11-22 18:17:50 ----D---- C:\Windows\AppCompat
2010-11-22 18:17:50 ----D---- C:\Program Files\ICQ7.2
2010-11-22 18:17:50 ----D---- C:\Program Files\BitTorrent
2010-11-22 18:17:44 ----D---- C:\Windows\registration
2010-11-22 16:12:20 ----D---- C:\Windows\tracing
2010-11-20 16:48:25 ----D---- C:\Users\Z\AppData\Roaming\ICQ
2010-11-14 15:54:26 ----A---- C:\Windows\NeroDigital.ini
2010-11-13 19:13:17 ----D---- C:\Windows\system32\NDF
2010-11-12 11:08:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-12 11:01:42 ----D---- C:\Windows\system32\CodeIntegrity
2010-11-11 17:31:02 ----D---- C:\Users\Z\AppData\Roaming\Tropico 3
2010-11-10 20:02:18 ----D---- C:\Windows\system32\drivers\etc
2010-11-10 20:02:18 ----D---- C:\Program Files\Mozilla Firefox
2010-11-10 13:05:47 ----RSD---- C:\Windows\assembly
2010-11-04 20:31:07 ----D---- C:\Windows\system32\drivers
2010-11-04 20:31:07 ----D---- C:\Windows\en-US
2010-11-01 17:27:52 ----D---- C:\TRANSLAT
2010-11-01 17:26:30 ----D---- C:\ProgramData\LangSoft
2010-11-01 16:35:17 ----RD---- C:\Users
2010-11-01 16:18:21 ----D---- C:\ProgramData\tmp
2010-10-31 14:04:28 ----D---- C:\Windows\Downloaded Program Files
2010-10-29 15:23:26 ----D---- C:\ProgramData\hps
2010-10-28 10:35:05 ----SD---- C:\Users\Z\AppData\Roaming\Microsoft
2010-10-27 14:41:14 ----D---- C:\Windows\rescache
2010-10-27 14:21:49 ----D---- C:\Windows\Microsoft.NET
2010-10-27 08:30:39 ----D---- C:\Windows\ehome
2010-10-27 08:29:45 ----D---- C:\Windows\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-09-02 691696]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2010-04-29 20952]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-06-11 47360]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2009-07-13 43008]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 ard17s5g;ard17s5g; C:\Windows\system32\drivers\ard17s5g.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-13 211456]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102912]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-03-29 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-03-29 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [2010-06-18 186760]
S2 FlexService;Remote Connections Service; C:\Program Files\RapidBIT\cisvc.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 25 lis 2010 14:09

Zdravim a pekny den preji

vzhledem k tomu, ze pouzivate nelegalni SW Obrázek

se nedivim, ze jste navstevnikem naseho fora

Dle pravidel fora (viz zde a a zde bod c.3 ) se vsak nelegalnim SW nezabyvame, jelikoz nelegalni programy jsou vetsinou zdrojem haveti. Navic tim porusujete i autorska prava Obrázek

, pachate trestny cin a ten jako takovy nebude nasim forem podporovan

Uvedomte si, ze jste na bezpecnostnim foru, podpora warezu (zvlastne bezpecnostnich programu) by byla zcela proti logice fora

Obstarejte si proto legalni ochranu Vaseho PC (antivir+firewall), pote sem vlozte novy log z RSITu a CKScanneru - viz nize.

Osobne Vam doporucuji kombinaci Avast+ZoneAlarm. Prehled antiviru mate ZDE a firewallu TADY.

Log z RSITu - viz muj podpis

Stahnete na plochu CKScanner

Spustte a kliknete na Search for files
Po dokonceni skenu kliknete na Save List to File a nasledne OK
Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte

OTAZ · #3 Příspěvek od **OTAZ** » 25 lis 2010 15:01

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\z\desktop\táta\programy\total-uninstall-setup-5.7.0-precracked-zoo.exe
scanner sequence 3.NA.11
----- EOF -----

#4 Příspěvek od **vyosek** » 25 lis 2010 15:15

Tak ted odstrante ten nelegalni balicek od ESETu, nahradte free verzi a dejte novy log z RSIT...

OTAZ · #5 Příspěvek od **OTAZ** » 25 lis 2010 16:19

Logfile of random's system information tool 1.08 (written by random/random)
Run by Z at 2010-11-25 16:17:14
Microsoft Windows 7 Professional
System drive C: has 166 GB (70%) free of 238 GB
Total RAM: 1006 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:17:25, on 25.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Users\Z\Desktop\RSIT.exe
C:\Program Files\trend micro\Z.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Remote Connections Service (FlexService) - Unknown owner - C:\Program Files\RapidBIT\cisvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6773 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-11-01 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-11-01 798771]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"= []
"WEBTRAN"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\602PC SUITE PDF Saver]
C:\Program Files\Common Files\602phs\pdfSaver.exe [2005-08-31 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\BitTorrent.exe [2010-10-01 742776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
C:\PROGRA~1\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [2007-02-20 199752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\Z\Desktop\P17535732.JPG-www.facebook.exe"="C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-11-25 16:13:21 ----D---- C:\Program Files\Google
2010-11-25 16:13:18 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-11-25 16:13:18 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-11-25 16:13:17 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-11-25 16:13:17 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-11-25 16:13:12 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-11-25 16:12:58 ----A---- C:\Windows\system32\aswBoot.exe
2010-11-25 16:12:56 ----D---- C:\ProgramData\Alwil Software
2010-11-25 16:12:56 ----D---- C:\Program Files\Alwil Software
2010-11-25 12:18:17 ----D---- C:\rsit
2010-11-25 12:18:17 ----D---- C:\Program Files\trend micro
2010-11-25 11:17:21 ----D---- C:\Program Files\DVDFab 8
2010-11-25 11:05:16 ----D---- C:\ProgramData\Martau
2010-11-25 11:05:10 ----D---- C:\Program Files\Total Uninstall 5
2010-11-22 19:05:34 ----D---- C:\Windows\fonts\AdvUninstal
2010-11-22 19:05:29 ----D---- C:\Program Files\Common Files\Innovative Solutions
2010-11-22 19:05:27 ----D---- C:\ProgramData\Innovative Solutions
2010-11-20 19:52:07 ----SHD---- C:\Config.Msi
2010-11-08 22:04:41 ----D---- C:\Program Files\Common Files\Pegasus Imaging
2010-11-08 22:04:40 ----D---- C:\ProgramData\Studio 14
2010-11-08 22:04:40 ----D---- C:\ProgramData\Pinnacle Studio Plus
2010-11-08 22:04:40 ----D---- C:\Program Files\Common Files\Yahoo!
2010-11-04 18:55:08 ----D---- C:\Users\Z\AppData\Roaming\Malwarebytes
2010-11-04 18:55:03 ----N---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-11-04 18:55:01 ----N---- C:\Windows\system32\drivers\mbam.sys
2010-11-04 18:55:01 ----D---- C:\ProgramData\Malwarebytes
2010-11-04 18:55:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-01 17:01:50 ----A---- C:\LOGFILE.TXT
2010-11-01 16:54:21 ----D---- C:\ProgramData\Dane aplikacji
2010-11-01 16:04:59 ----D---- C:\Program Files\VS Revo Group
2010-11-01 15:41:38 ----D---- C:\Windows\Profiles
2010-11-01 12:03:13 ----D---- C:\Program Files\RapidBIT
2010-10-30 11:39:36 ----D---- C:\Program Files\JoWooD
2010-10-29 13:08:13 ----A---- C:\adorage-protocol.txt
2010-10-29 11:58:00 ----D---- C:\ProgramData\eSellerate
2010-10-29 11:55:12 ----D---- C:\Program Files\Common Files\eSellerate
2010-10-29 11:54:56 ----D---- C:\Program Files\NewBlue
2010-10-27 12:40:22 ----A---- C:\Windows\unvise32.exe
2010-10-27 12:37:43 ----D---- C:\Program Files\Common Files\Pinnacle
2010-10-27 12:36:40 ----D---- C:\ProgramData\Pinnacle Studio Ultimate Collection
2010-10-27 12:28:22 ----D---- C:\Program Files\Pinnacle
2010-10-27 12:19:34 ----D---- C:\ProgramData\Pinnacle
2010-10-27 08:28:31 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2010-10-27 08:28:24 ----A---- C:\Windows\system32\msdri.dll
2010-10-27 08:28:24 ----A---- C:\Windows\system32\CPFilters.dll

======List of files/folders modified in the last 1 months======

2010-11-25 16:17:24 ----D---- C:\Windows\Temp
2010-11-25 16:13:29 ----SHD---- C:\Windows\Installer
2010-11-25 16:13:29 ----D---- C:\Windows\Prefetch
2010-11-25 16:13:26 ----D---- C:\Windows\Tasks
2010-11-25 16:13:26 ----D---- C:\Windows\system32\Tasks
2010-11-25 16:13:21 ----RD---- C:\Program Files
2010-11-25 16:13:18 ----D---- C:\Windows\system32\drivers
2010-11-25 16:13:09 ----D---- C:\Program Files\Common Files\microsoft shared
2010-11-25 16:12:58 ----D---- C:\Windows\System32
2010-11-25 16:12:58 ----D---- C:\Windows
2010-11-25 16:12:56 ----HD---- C:\ProgramData
2010-11-25 16:12:52 ----SHD---- C:\System Volume Information
2010-11-25 16:07:42 ----D---- C:\Windows\system32\config
2010-11-25 14:41:21 ----A---- C:\Windows\NeroDigital.ini
2010-11-25 12:07:47 ----AD---- C:\ProgramData\TEMP
2010-11-25 10:35:37 ----D---- C:\Users\Z\AppData\Roaming\Vso
2010-11-24 11:21:21 ----D---- C:\Program Files\Internet Explorer
2010-11-24 11:21:19 ----D---- C:\Windows\winsxs
2010-11-24 11:20:37 ----D---- C:\Windows\system32\catroot
2010-11-23 09:40:06 ----D---- C:\Windows\system32\catroot2
2010-11-22 20:01:36 ----D---- C:\Users\Z\AppData\Roaming\BitTorrent
2010-11-22 19:05:34 ----RSD---- C:\Windows\Fonts
2010-11-22 19:05:29 ----D---- C:\Program Files\Common Files
2010-11-22 18:45:59 ----D---- C:\Windows\debug
2010-11-22 18:18:48 ----D---- C:\Windows\system32\wfp
2010-11-22 18:18:45 ----D---- C:\Windows\system32\wbem
2010-11-22 18:17:51 ----D---- C:\Windows\system32\DriverStore
2010-11-22 18:17:51 ----D---- C:\Windows\inf
2010-11-22 18:17:51 ----D---- C:\Users\Z\AppData\Roaming\LangSoft
2010-11-22 18:17:50 ----D---- C:\Windows\AppCompat
2010-11-22 18:17:50 ----D---- C:\Program Files\ICQ7.2
2010-11-22 18:17:50 ----D---- C:\Program Files\BitTorrent
2010-11-22 18:17:44 ----D---- C:\Windows\registration
2010-11-22 16:12:20 ----D---- C:\Windows\tracing
2010-11-20 16:48:25 ----D---- C:\Users\Z\AppData\Roaming\ICQ
2010-11-13 19:13:17 ----D---- C:\Windows\system32\NDF
2010-11-12 11:08:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-12 11:01:42 ----D---- C:\Windows\system32\CodeIntegrity
2010-11-11 17:31:02 ----D---- C:\Users\Z\AppData\Roaming\Tropico 3
2010-11-10 20:02:18 ----D---- C:\Windows\system32\drivers\etc
2010-11-10 20:02:18 ----D---- C:\Program Files\Mozilla Firefox
2010-11-10 13:05:47 ----RSD---- C:\Windows\assembly
2010-11-04 20:31:07 ----D---- C:\Windows\en-US
2010-11-01 17:27:52 ----D---- C:\TRANSLAT
2010-11-01 17:26:30 ----D---- C:\ProgramData\LangSoft
2010-11-01 16:35:17 ----RD---- C:\Users
2010-11-01 16:18:21 ----D---- C:\ProgramData\tmp
2010-10-31 14:04:28 ----D---- C:\Windows\Downloaded Program Files
2010-10-29 15:23:26 ----D---- C:\ProgramData\hps
2010-10-28 10:35:05 ----SD---- C:\Users\Z\AppData\Roaming\Microsoft
2010-10-27 14:41:14 ----D---- C:\Windows\rescache
2010-10-27 14:21:49 ----D---- C:\Windows\Microsoft.NET
2010-10-27 08:30:39 ----D---- C:\Windows\ehome
2010-10-27 08:29:45 ----D---- C:\Windows\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-09-02 691696]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2010-04-29 20952]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-06-11 47360]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2009-07-13 43008]
R4 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys []
R4 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R4 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys []
R4 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 auhmt7zx;auhmt7zx; C:\Windows\system32\drivers\auhmt7zx.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-13 211456]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102912]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-03-29 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-03-29 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [2010-06-18 186760]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 FlexService;Remote Connections Service; C:\Program Files\RapidBIT\cisvc.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-25 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

#6 Příspěvek od **vyosek** » 25 lis 2010 23:08

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

OTAZ · #7 Příspěvek od **OTAZ** » 26 lis 2010 11:44

ComboFix 10-11-25.04 - Z 26.11.2010 11:34:11.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.1006.416 [GMT 1:00]
Spuštěný z: c:\users\Z\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Z\AppData\Roaming\inst.exe
c:\users\Z\AppData\Roaming\Microsoft\Windows\Recent\DVDFab.url

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-26 do 2010-11-26 )))))))))))))))))))))))))))))))
.

2010-11-26 10:39 . 2010-11-26 10:39 -------- d-----w- c:\users\Z\AppData\Local\temp
2010-11-26 10:39 . 2010-11-26 10:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-26 10:10 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33C01991-A254-4CD4-961D-AC01CE21F815}\mpengine.dll
2010-11-25 15:13 . 2010-11-25 16:18 -------- d-----w- c:\program files\Google
2010-11-25 15:13 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-25 15:13 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-25 15:13 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-25 15:13 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-25 15:13 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-11-25 15:12 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-25 15:12 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-25 15:12 . 2010-11-25 15:12 -------- d-----w- c:\programdata\Alwil Software
2010-11-25 15:12 . 2010-11-25 15:12 -------- d-----w- c:\program files\Alwil Software
2010-11-25 11:18 . 2010-11-25 15:17 -------- d-----w- c:\program files\trend micro
2010-11-25 11:18 . 2010-11-25 11:18 -------- d-----w- C:\rsit
2010-11-25 10:17 . 2010-11-25 10:17 -------- d-----w- c:\program files\DVDFab 8
2010-11-25 10:05 . 2010-11-25 10:05 -------- d-----w- c:\programdata\Martau
2010-11-25 10:05 . 2010-11-25 10:20 -------- d-----w- c:\program files\Total Uninstall 5
2010-11-24 10:20 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-22 18:05 . 2010-11-22 18:05 -------- d-----w- c:\users\Z\AppData\Local\Innovative Solutions
2010-11-22 18:05 . 2010-11-22 18:05 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2010-11-22 18:05 . 2010-11-22 19:29 -------- d-----w- c:\programdata\Innovative Solutions
2010-11-22 11:10 . 2010-11-22 11:10 -------- d-----w- c:\users\Z\AppData\Local\Conduit
2010-11-22 11:10 . 2010-11-22 11:10 -------- d-----w- c:\users\Z\AppData\Local\BitTorrentBar
2010-11-08 21:04 . 2010-11-08 21:04 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2010-11-08 21:04 . 2010-11-08 21:04 -------- d-----w- c:\programdata\Studio 14
2010-11-08 21:04 . 2010-11-08 21:04 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2010-11-08 21:04 . 2010-11-08 21:04 -------- d-----w- c:\program files\Common Files\Yahoo!
2010-11-06 18:14 . 2010-10-27 06:12 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2010-11-06 18:14 . 2010-10-27 06:12 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-04 17:55 . 2010-11-04 17:55 -------- d-----w- c:\users\Z\AppData\Roaming\Malwarebytes
2010-11-04 17:55 . 2010-04-29 14:39 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-04 17:55 . 2010-11-04 17:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-04 17:55 . 2010-11-04 17:55 -------- d-----w- c:\programdata\Malwarebytes
2010-11-04 17:55 . 2010-04-29 14:39 20952 ------w- c:\windows\system32\drivers\mbam.sys
2010-11-01 15:54 . 2010-11-01 15:54 -------- d-----w- c:\programdata\Dane aplikacji
2010-11-01 15:54 . 2010-11-01 15:54 -------- d-----w- c:\users\Z\AppData\Local\Xenocode
2010-11-01 15:05 . 2010-11-01 15:05 -------- d-----w- c:\users\Z\AppData\Local\VS Revo Group
2010-11-01 15:04 . 2010-11-01 15:04 -------- d-----w- c:\program files\VS Revo Group
2010-11-01 14:41 . 2010-11-01 14:41 -------- d-----w- c:\windows\Profiles
2010-11-01 11:03 . 2010-11-10 19:02 -------- d-----w- c:\program files\RapidBIT
2010-10-30 10:39 . 2010-10-30 10:39 -------- d-----w- c:\program files\JoWooD
2010-10-29 14:09 . 2010-10-29 14:09 -------- d-----w- c:\users\Z\.jenny
2010-10-29 10:58 . 2010-10-29 10:58 -------- d-----w- c:\programdata\eSellerate
2010-10-29 10:55 . 2010-10-29 10:55 -------- d-----w- c:\program files\Common Files\eSellerate
2010-10-29 10:54 . 2010-10-29 10:57 -------- d-----w- c:\program files\NewBlue
2010-10-29 10:00 . 2010-11-08 21:35 58664 ----a-r- c:\users\Z\AppData\Roaming\Microsoft\Installer\{67330878-0617-41A9-A3B0-B5298E89E7BC}\ARPPRODUCTICON.exe
2010-10-28 09:54 . 2010-10-29 07:26 75048 ----a-r- c:\users\Z\AppData\Roaming\Microsoft\Installer\{7EE8ED57-682B-4AB0-860C-2E079BCD90B1}\ARPPRODUCTICON.exe
2010-10-27 11:40 . 2004-03-29 16:23 90112 ----a-w- c:\windows\unvise32.exe
2010-10-27 11:37 . 2010-10-27 11:37 -------- d-----w- c:\program files\Common Files\Pinnacle
2010-10-27 11:37 . 2010-10-27 12:49 -------- d-----w- c:\users\Z\AppData\Local\Downloaded Installations
2010-10-27 11:37 . 2010-11-14 17:00 -------- d-----w- c:\users\Z\AppData\Local\Pinnacle
2010-10-27 11:36 . 2010-10-27 11:36 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate Collection
2010-10-27 11:28 . 2010-10-29 11:17 -------- d-----w- c:\program files\Pinnacle
2010-10-27 11:19 . 2010-11-08 21:04 -------- d-----w- c:\programdata\Pinnacle

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-06-10 17:55 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-21 13:12 . 2009-01-07 18:24 74330 ----a-w- c:\program files\Uninstall.exe
2010-09-08 04:30 . 2010-10-13 07:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-13 07:04 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-13 07:03 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-13 07:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-02 17:45 . 2010-09-02 17:45 691696 ------w- c:\windows\system32\drivers\sptd.sys
2010-09-01 04:23 . 2010-10-13 07:03 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-13 07:03 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-13 07:03 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-13 07:03 954288 ----a-w- c:\windows\system32\mfc40u.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\602PC SUITE PDF Saver]
2005-08-31 14:00 49152 ----a-w- c:\program files\Common Files\602PHS\pdfSaver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2010-10-01 07:45 742776 ----a-w- c:\program files\BitTorrent\BitTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 15:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 14:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

R2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-02 691696]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\8sdgetbi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Photodex Presenter\npPxPlay.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-OEXPRESS - (no file)
HKCU-Run-WEBTRAN - (no file)
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-11-26 11:42:01
ComboFix-quarantined-files.txt 2010-11-26 10:42

Před spuštěním: Volných bajtů: 173 406 707 712
Po spuštění: Volných bajtů: 172 976 070 656

- - End Of File - - EC6345210E21865C81E9A31AA8A3EC9E

#8 Příspěvek od **vyosek** » 26 lis 2010 12:21

Fungeje Vam Avast korektne

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

Folder::
c:\program files\ICQ6Toolbar
c:\program files\DAEMON Tools Toolbar

Driver::
ICQ Service

DDS::
uStart Page = hxxp://www.daemon-search.com/startpage

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

OTAZ · #9 Příspěvek od **OTAZ** » 26 lis 2010 12:46

Avast funguje

#10 Příspěvek od **vyosek** » 26 lis 2010 12:48

OK, provedte tedy krok s Combofixem a skriptem

OTAZ · #11 Příspěvek od **OTAZ** » 26 lis 2010 13:19

ComboFix 10-11-25.05 - Z 26.11.2010 13:06:21.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.1006.460 [GMT 1:00]
Spuštěný z: c:\users\Z\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Z\Desktop\CFScript.txt.txt
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ICQ Service

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-26 do 2010-11-26 )))))))))))))))))))))))))))))))
.

2010-11-26 12:11 . 2010-11-26 12:13 -------- d-----w- c:\users\Z\AppData\Local\temp
2010-11-26 10:10 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33C01991-A254-4CD4-961D-AC01CE21F815}\mpengine.dll
2010-11-25 15:13 . 2010-11-25 16:18 -------- d-----w- c:\program files\Google
2010-11-25 15:13 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-25 15:13 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-25 15:13 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-25 15:13 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-25 15:13 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-11-25 15:12 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-25 15:12 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-25 15:12 . 2010-11-25 15:12 -------- d-----w- c:\programdata\Alwil Software
2010-11-25 15:12 . 2010-11-25 15:12 -------- d-----w- c:\program files\Alwil Software
2010-11-25 11:18 . 2010-11-25 15:17 -------- d-----w- c:\program files\trend micro
2010-11-25 11:18 . 2010-11-25 11:18 -------- d-----w- C:\rsit
2010-11-25 10:17 . 2010-11-25 10:17 -------- d-----w- c:\program files\DVDFab 8
2010-11-25 10:05 . 2010-11-25 10:05 -------- d-----w- c:\programdata\Martau
2010-11-25 10:05 . 2010-11-25 10:20 -------- d-----w- c:\program files\Total Uninstall 5
2010-11-24 10:20 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-22 18:05 . 2010-11-22 18:05 -------- d-----w- c:\users\Z\AppData\Local\Innovative Solutions
2010-11-22 18:05 . 2010-11-22 18:05 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2010-11-22 18:05 . 2010-11-22 19:29 -------- d-----w- c:\programdata\Innovative Solutions
2010-11-22 11:10 . 2010-11-22 11:10 -------- d-----w- c:\users\Z\AppData\Local\Conduit
2010-11-22 11:10 . 2010-11-22 11:10 -------- d-----w- c:\users\Z\AppData\Local\BitTorrentBar
2010-11-08 21:04 . 2010-11-08 21:04 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2010-11-08 21:04 . 2010-11-08 21:04 -------- d-----w- c:\programdata\Studio 14
2010-11-08 21:04 . 2010-11-08 21:04 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2010-11-08 21:04 . 2010-11-08 21:04 -------- d-----w- c:\program files\Common Files\Yahoo!
2010-11-06 18:14 . 2010-10-27 06:12 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2010-11-06 18:14 . 2010-10-27 06:12 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-04 17:55 . 2010-11-04 17:55 -------- d-----w- c:\users\Z\AppData\Roaming\Malwarebytes
2010-11-04 17:55 . 2010-04-29 14:39 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-04 17:55 . 2010-11-04 17:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-04 17:55 . 2010-11-04 17:55 -------- d-----w- c:\programdata\Malwarebytes
2010-11-04 17:55 . 2010-04-29 14:39 20952 ------w- c:\windows\system32\drivers\mbam.sys
2010-11-01 15:54 . 2010-11-01 15:54 -------- d-----w- c:\programdata\Dane aplikacji
2010-11-01 15:54 . 2010-11-01 15:54 -------- d-----w- c:\users\Z\AppData\Local\Xenocode
2010-11-01 15:05 . 2010-11-01 15:05 -------- d-----w- c:\users\Z\AppData\Local\VS Revo Group
2010-11-01 15:04 . 2010-11-01 15:04 -------- d-----w- c:\program files\VS Revo Group
2010-11-01 14:41 . 2010-11-01 14:41 -------- d-----w- c:\windows\Profiles
2010-11-01 11:03 . 2010-11-10 19:02 -------- d-----w- c:\program files\RapidBIT
2010-10-30 10:39 . 2010-10-30 10:39 -------- d-----w- c:\program files\JoWooD
2010-10-29 14:09 . 2010-10-29 14:09 -------- d-----w- c:\users\Z\.jenny
2010-10-29 10:58 . 2010-10-29 10:58 -------- d-----w- c:\programdata\eSellerate
2010-10-29 10:55 . 2010-10-29 10:55 -------- d-----w- c:\program files\Common Files\eSellerate
2010-10-29 10:54 . 2010-10-29 10:57 -------- d-----w- c:\program files\NewBlue
2010-10-29 10:00 . 2010-11-08 21:35 58664 ----a-r- c:\users\Z\AppData\Roaming\Microsoft\Installer\{67330878-0617-41A9-A3B0-B5298E89E7BC}\ARPPRODUCTICON.exe
2010-10-28 09:54 . 2010-10-29 07:26 75048 ----a-r- c:\users\Z\AppData\Roaming\Microsoft\Installer\{7EE8ED57-682B-4AB0-860C-2E079BCD90B1}\ARPPRODUCTICON.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-06-10 17:55 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-21 13:12 . 2009-01-07 18:24 74330 ----a-w- c:\program files\Uninstall.exe
2010-09-08 04:30 . 2010-10-13 07:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-13 07:04 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-13 07:03 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-13 07:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-02 17:45 . 2010-09-02 17:45 691696 ------w- c:\windows\system32\drivers\sptd.sys
2010-09-01 04:23 . 2010-10-13 07:03 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-13 07:03 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-13 07:03 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-13 07:03 954288 ----a-w- c:\windows\system32\mfc40u.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\602PC SUITE PDF Saver]
2005-08-31 14:00 49152 ----a-w- c:\program files\Common Files\602PHS\pdfSaver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2010-10-01 07:45 742776 ----a-w- c:\program files\BitTorrent\BitTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

R2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-02 691696]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]

.
.
------- Doplňkový sken -------
.
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\8sdgetbi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Photodex Presenter\npPxPlay.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe

.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2956)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\taskhost.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Photodex\ProShowProducer\ScsiAccess.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2010-11-26 13:15:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-26 12:15
ComboFix2.txt 2010-11-26 10:42

Před spuštěním: Volných bajtů: 173 026 148 352
Po spuštění: Volných bajtů: 172 762 857 472

- - End Of File - - 59E4FFC54DC32E4D8258C170041F514A

#12 Příspěvek od **vyosek** » 26 lis 2010 13:36

Vidim nainstalovany MBAM - aktualizujte databazi (treti zalozka) a udelejte kompletni sken - log pred mazanim sem at si neodpalite neco legitimniho - pripadne navod v mem podpise

OTAZ · #13 Příspěvek od **OTAZ** » 26 lis 2010 15:29

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 5193

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.11.2010 15:26:50
mbam-log-2010-11-26 (15-26-50).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 237979
Uplynulý čas: 36 minuta(y), 37 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

#14 Příspěvek od **vyosek** » 27 lis 2010 01:18

Vse co nasel MBAM smazte

Napiste jak se chova PC

OTAZ · #15 Příspěvek od **OTAZ** » 27 lis 2010 20:24

Smazáno a pc vypadá že jede jak má.

VIRY.CZ

prosím o kontrolu

prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu