Hack webu, následné prenesenie do PC

[Framer]

Dobrý deň, dnes som si zakladal novú stránku na hostingu wz.cz, a po minúte uploadu indexových súborov som si všimol, že môj web náhle zmenil štruktúru webu, a zmenil sa na nejakú "ruskú odpadovú stránku". Poskytovateľovi som už písal, no bojím sa, či sa tento hack webu nemohol v nejakej forme preniesť aj do môjho PC, preto Vás prosím o kontrolu RSIT. P.S.: Z osobných dôvodov nerád používam svoje prihlasovacie meno na verejnosti, preto sa ospravedlňujem, ale prepísal som texty s používateľským menom na "User123", inak som ale log neupravoval. Ďakujem Vám vopred za kontrolu.


Run by User123 at 2010-12-12 16:25:18
Microsoft Windows 7 Ultimate
System drive C: has 360 GB (76%) free of 477 GB
Total RAM: 2039 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:25:40, on 12. 12. 2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Microsoft Office 2007\Office12\MSPUB.EXE
C:\Users\User123\Desktop\Programy\PhotoshopPortable\PhotoshopCS4Portable.exe
C:\Users\User123\Desktop\Programy\PhotoshopPortable\App\PhotoshopCS4\Photoshop.exe
C:\Users\User123\Desktop\IM\Skype\Phone\Skype.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Windows\explorer.exe
C:\Users\User123\Desktop\RSIT.exe
C:\Program Files\trend micro\User123.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Obrazovková spinka a spúšťač programu OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{680FDEAE-8AB5-4C4B-91A5-6F5921C1972D}: NameServer = 10.50.120.1 195.146.132.59
O17 - HKLM\System\CS1\Services\Tcpip\..\{680FDEAE-8AB5-4C4B-91A5-6F5921C1972D}: NameServer = 10.50.120.1 195.146.132.59
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Connectify - Connectify - C:\Program Files\Connectify\Connectifyd.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: SAMSUNG KiesAllShare Service (KiesAllShare) - Unknown owner - C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 6127 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-15 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2215064]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-10-17 7737344]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-01-21 91520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2010-10-27 3365176]
"Connectify"=C:\Program Files\Connectify\Connectify.exe [2010-09-28 1338944]

C:\Users\User123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Obrazovková spinka a spúšťač programu OneNote 2010.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 2 months======

2010-12-12 16:25:19 ----D---- C:\Program Files\trend micro
2010-12-12 16:25:18 ----D---- C:\rsit
2010-12-11 19:33:33 ----D---- C:\ProgramData\Adobe
2010-12-11 19:33:32 ----D---- C:\Users\User123\AppData\Roaming\Adobe
2010-12-09 19:33:04 ----D---- C:\Users\User123\AppData\Roaming\TeamViewer
2010-12-05 20:55:36 ----D---- C:\Program Files\HTML Help Workshop
2010-12-05 13:34:30 ----D---- C:\Program Files\Install Creator Pro
2010-12-03 15:13:40 ----D---- C:\Program Files\MSXML 4.0
2010-12-01 16:31:32 ----A---- C:\Windows\ntbtlog.txt
2010-12-01 16:03:58 ----D---- C:\Program Files\Connectify
2010-11-30 21:49:26 ----D---- C:\DOSBoxPortable
2010-11-30 18:41:27 ----D---- C:\Program Files\Windows CE 5.0 Emulator
2010-11-27 13:22:02 ----D---- C:\ProgramData\Electronic Arts
2010-11-25 18:13:03 ----D---- C:\Users\User123\AppData\Roaming\Audacity
2010-11-25 18:12:45 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode)
2010-11-23 18:21:22 ----D---- C:\Users\User123\AppData\Roaming\FireShot
2010-11-20 19:15:43 ----D---- C:\Program Files\Midiocre
2010-11-20 10:05:28 ----D---- C:\Program Files\Microsoft Office 2007
2010-11-16 20:16:16 ----D---- C:\Users\User123\AppData\Roaming\ViGlance
2010-11-16 15:42:02 ----D---- C:\Windows\system32\System32
2010-11-15 18:40:29 ----D---- C:\Users\User123\AppData\Roaming\PC Suite
2010-11-15 18:40:29 ----D---- C:\ProgramData\PC Suite
2010-11-15 18:38:53 ----A---- C:\Windows\system32\drivers\ss_bwhnt.sys
2010-11-15 18:38:53 ----A---- C:\Windows\system32\drivers\ss_bwh.sys
2010-11-15 18:38:53 ----A---- C:\Windows\system32\drivers\ss_bserd.sys
2010-11-15 18:38:52 ----A---- C:\Windows\system32\drivers\ss_bmdm.sys
2010-11-15 18:38:52 ----A---- C:\Windows\system32\drivers\ss_bmdfl.sys
2010-11-15 18:38:52 ----A---- C:\Windows\system32\drivers\ss_bcmnt.sys
2010-11-15 18:38:52 ----A---- C:\Windows\system32\drivers\ss_bcm.sys
2010-11-15 18:38:52 ----A---- C:\Windows\system32\drivers\ss_bbus.sys
2010-11-15 18:38:16 ----D---- C:\Program Files\DIFX
2010-11-15 18:38:15 ----A---- C:\Windows\system32\drivers\pccsmcfd.sys
2010-11-15 18:38:10 ----DC---- C:\Windows\system32\DRVSTORE
2010-11-15 18:37:54 ----A---- C:\Windows\system32\FsUsbExService.Exe
2010-11-15 18:37:54 ----A---- C:\Windows\system32\FsUsbExDisk.Sys
2010-11-15 18:37:54 ----A---- C:\Windows\system32\FsUsbExDevice.Dll
2010-11-15 18:37:34 ----D---- C:\Program Files\PC Connectivity Solution
2010-11-15 18:37:27 ----D---- C:\Users\User123\AppData\Roaming\Samsung
2010-11-15 18:37:25 ----D---- C:\Program Files\MarkAny
2010-11-15 18:37:24 ----D---- C:\ProgramData\Samsung
2010-11-15 18:37:20 ----D---- C:\Program Files\Samsung
2010-11-15 18:37:12 ----D---- C:\Program Files\Common Files\Samsung
2010-11-15 18:35:35 ----D---- C:\ProgramData\Sun
2010-11-15 18:35:34 ----D---- C:\Program Files\Common Files\Java
2010-11-15 18:35:24 ----A---- C:\Windows\system32\javaws.exe
2010-11-15 18:35:24 ----A---- C:\Windows\system32\javaw.exe
2010-11-15 18:35:24 ----A---- C:\Windows\system32\java.exe
2010-11-15 18:35:24 ----A---- C:\Windows\system32\deployJava1.dll
2010-11-15 18:35:13 ----D---- C:\Program Files\Java
2010-11-14 14:41:31 ----D---- C:\Program Files\Common Files\Adobe
2010-11-13 17:47:49 ----D---- C:\Users\User123\AppData\Roaming\Ashampoo
2010-11-13 17:36:52 ----D---- C:\Program Files\Microsoft Silverlight
2010-11-13 15:52:26 ----D---- C:\Program Files\Common Files\DESIGNER
2010-11-13 15:51:52 ----D---- C:\Program Files\Microsoft Synchronization Services
2010-11-13 15:51:28 ----D---- C:\Windows\PCHEALTH
2010-11-13 15:51:28 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-11-13 15:49:55 ----D---- C:\Program Files\Microsoft Analysis Services
2010-11-13 15:49:20 ----D---- C:\Program Files\Microsoft Office
2010-11-13 15:49:19 ----D---- C:\ProgramData\Microsoft Help
2010-11-13 15:49:12 ----RHD---- C:\MSOCache
2010-11-13 11:20:17 ----D---- C:\Users\User123\AppData\Roaming\Stardock
2010-11-11 21:13:20 ----D---- C:\Program Files\Oldgames
2010-11-11 16:07:27 ----D---- C:\Users\User123\AppData\Roaming\Adobe-BackupByPhotoshopCS4Portable
2010-11-10 14:48:06 ----D---- C:\Program Files\Common Files\InstallShield
2010-11-06 10:52:05 ----D---- C:\ProgramData\P4G
2010-11-06 10:52:04 ----D---- C:\Program Files\Power4Gear eXtreme
2010-11-06 10:52:04 ----D---- C:\Program Files\P4G
2010-11-06 10:43:37 ----D---- C:\Program Files\ATK Hotkey
2010-11-05 15:45:16 ----D---- C:\Program Files\ATKOSD2
2010-11-05 15:45:12 ----D---- C:\Users\User123\AppData\Roaming\InstallShield
2010-11-05 15:44:41 ----D---- C:\Program Files\Microsoft WSE
2010-11-05 15:44:13 ----A---- C:\Windows\system32\d3dx9_31.dll
2010-11-05 15:35:53 ----D---- C:\Program Files\DAEMON Tools Lite
2010-11-05 14:47:23 ----A---- C:\Windows\system32\TURegOpt.exe
2010-11-05 14:47:20 ----A---- C:\Windows\system32\uxtuneup.dll
2010-11-05 14:47:20 ----A---- C:\Windows\system32\authuitu.dll
2010-11-05 14:47:00 ----D---- C:\Users\User123\AppData\Roaming\TuneUp Software
2010-11-05 14:46:47 ----D---- C:\Program Files\TuneUp Utilities 2011
2010-11-05 14:45:59 ----D---- C:\ProgramData\TuneUp Software
2010-11-05 14:45:26 ----SHD---- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-11-05 13:31:43 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-05 13:31:26 ----D---- C:\Users\User123\AppData\Roaming\ICQ
2010-11-05 13:26:31 ----A---- C:\Windows\system32\drivers\sptd.sys
2010-11-05 13:25:36 ----D---- C:\Users\User123\AppData\Roaming\DAEMON Tools Lite
2010-11-05 13:23:40 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-11-05 13:21:32 ----D---- C:\ProgramData\ICQ
2010-11-05 13:14:04 ----D---- C:\ProgramData\Adobe-BackupByPhotoshopCS4Portable
2010-11-05 13:13:51 ----D---- C:\Program Files\Common Files\Adobe-BackupByPhotoshopCS4Portable
2010-11-05 13:13:51 ----D---- C:\Program Files\Adobe
2010-11-05 13:08:17 ----D---- C:\Users\User123\AppData\Roaming\WinRAR
2010-11-05 13:07:07 ----D---- C:\Program Files\WinRAR
2010-11-05 12:37:29 ----D---- C:\Program Files\Microsoft.NET
2010-11-05 12:35:27 ----RD---- C:\Napáliť
2010-11-05 11:18:11 ----D---- C:\Windows\system32\appmgmt
2010-11-05 11:00:30 ----D---- C:\Users\User123\AppData\Roaming\skypePM
2010-11-05 10:59:23 ----D---- C:\Users\User123\AppData\Roaming\Skype
2010-11-05 10:59:20 ----D---- C:\ProgramData\Skype
2010-11-05 10:28:29 ----D---- C:\Windows\system32\Wat
2010-11-04 20:49:51 ----D---- C:\Users\User123\AppData\Roaming\Macromedia
2010-11-04 20:46:57 ----D---- C:\Windows\system32\Macromed
2010-11-04 20:20:38 ----D---- C:\Users\User123\AppData\Roaming\Mozilla
2010-11-04 20:19:48 ----D---- C:\Program Files\Mozilla Firefox
2010-11-04 20:09:11 ----D---- C:\Users\User123\AppData\Roaming\ESET
2010-11-04 20:07:42 ----D---- C:\ProgramData\ESET
2010-11-04 20:07:42 ----D---- C:\Program Files\ESET
2010-11-04 20:06:07 ----SHD---- C:\Windows\Installer
2010-11-04 19:00:53 ----D---- C:\Windows\system32\Lang
2010-11-04 19:00:53 ----A---- C:\Windows\system32\TVWizudlg.exe
2010-11-04 19:00:53 ----A---- C:\Windows\system32\igfxtvcx.dll
2010-11-04 19:00:52 ----HD---- C:\Program Files\Intel
2010-11-04 18:56:48 ----A---- C:\Windows\system32\msv1_0.dll
2010-11-04 18:55:11 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-11-04 18:55:11 ----A---- C:\Windows\system32\PresentationHost.exe
2010-11-04 18:55:11 ----A---- C:\Windows\system32\netfxperf.dll
2010-11-04 18:55:11 ----A---- C:\Windows\system32\mscoree.dll
2010-11-04 18:55:11 ----A---- C:\Windows\system32\dfshim.dll
2010-11-04 18:51:22 ----A---- C:\Windows\system32\browserchoice.exe
2010-11-04 18:51:07 ----N---- C:\Windows\system32\MpSigStub.exe
2010-11-04 18:50:16 ----A---- C:\Windows\system32\MRT.exe
2010-11-04 18:50:08 ----D---- C:\Windows\system32\x64
2010-11-04 18:50:08 ----A---- C:\Windows\system32\igxpun.exe
2010-11-04 18:49:38 ----A---- C:\Windows\system32\drivers\sffp_sd.sys
2010-11-04 18:49:38 ----A---- C:\Windows\system32\drivers\sdbus.sys
2010-11-04 18:49:31 ----A---- C:\Windows\system32\drivers\ks.sys
2010-11-04 18:48:47 ----A---- C:\Windows\system32\lsasrv.dll
2010-11-04 18:48:47 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2010-11-04 18:48:46 ----A---- C:\Windows\system32\wmp.dll
2010-11-04 18:48:45 ----A---- C:\Windows\system32\wmploc.DLL
2010-11-04 18:48:43 ----A---- C:\Windows\system32\mshtml.dll
2010-11-04 18:48:42 ----A---- C:\Windows\system32\iertutil.dll
2010-11-04 18:48:42 ----A---- C:\Windows\system32\ieframe.dll
2010-11-04 18:48:41 ----A---- C:\Windows\system32\wininet.dll
2010-11-04 18:48:41 ----A---- C:\Windows\system32\urlmon.dll
2010-11-04 18:48:41 ----A---- C:\Windows\system32\mstime.dll
2010-11-04 18:48:41 ----A---- C:\Windows\system32\mshtmled.dll
2010-11-04 18:48:41 ----A---- C:\Windows\system32\msfeedssync.exe
2010-11-04 18:48:41 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-11-04 18:48:41 ----A---- C:\Windows\system32\msfeeds.dll
2010-11-04 18:48:41 ----A---- C:\Windows\system32\licmgr10.dll
2010-11-04 18:48:41 ----A---- C:\Windows\system32\jsproxy.dll
2010-11-04 18:48:41 ----A---- C:\Windows\system32\ieui.dll
2010-11-04 18:48:41 ----A---- C:\Windows\system32\iepeers.dll
2010-11-04 18:48:41 ----A---- C:\Windows\system32\iedkcs32.dll
2010-11-04 18:48:36 ----A---- C:\Windows\system32\msasn1.dll
2010-11-04 18:48:35 ----A---- C:\Windows\system32\psisdecd.dll
2010-11-04 18:48:35 ----A---- C:\Windows\system32\msdri.dll
2010-11-04 18:48:35 ----A---- C:\Windows\system32\CPFilters.dll
2010-11-04 18:48:34 ----A---- C:\Windows\system32\spoolsv.exe
2010-11-04 18:48:34 ----A---- C:\Windows\system32\schannel.dll
2010-11-04 18:48:33 ----A---- C:\Windows\system32\winlogon.exe
2010-11-04 18:48:33 ----A---- C:\Windows\explorer.exe
2010-11-04 18:48:32 ----A---- C:\Windows\system32\ole32.dll
2010-11-04 18:48:31 ----A---- C:\Windows\system32\tzres.dll
2010-11-04 18:48:30 ----A---- C:\Windows\system32\ir32_32.dll
2010-11-04 18:48:30 ----A---- C:\Windows\system32\iccvid.dll
2010-11-04 18:48:29 ----A---- C:\Windows\system32\t2embed.dll
2010-11-04 18:48:29 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-11-04 18:48:28 ----A---- C:\Windows\system32\rtutils.dll
2010-11-04 18:48:28 ----A---- C:\Windows\system32\drivers\fvevol.sys
2010-11-04 18:48:27 ----A---- C:\Windows\system32\inetcomm.dll
2010-11-04 18:48:26 ----A---- C:\Windows\system32\ntdll.dll
2010-11-04 18:48:25 ----A---- C:\Windows\system32\shell32.dll
2010-11-04 18:48:24 ----A---- C:\Windows\system32\msxml3.dll
2010-11-04 18:48:22 ----A---- C:\Windows\system32\win32k.sys
2010-11-04 18:48:20 ----A---- C:\Windows\system32\winresume.exe
2010-11-04 18:48:20 ----A---- C:\Windows\system32\winload.exe
2010-11-04 18:48:20 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2010-11-04 18:48:20 ----A---- C:\Windows\system32\CertEnroll.dll
2010-11-04 18:48:17 ----A---- C:\Windows\system32\mfc40u.dll
2010-11-04 18:48:17 ----A---- C:\Windows\system32\mfc40.dll
2010-11-04 18:48:16 ----A---- C:\Windows\system32\comctl32.dll
2010-11-04 18:48:16 ----A---- C:\Windows\system32\asycfilt.dll
2010-11-04 18:48:15 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2010-11-04 18:48:14 ----A---- C:\Windows\system32\StructuredQuery.dll
2010-11-04 18:48:14 ----A---- C:\Windows\system32\jscript.dll
2010-11-04 18:48:13 ----A---- C:\Windows\system32\srvsvc.dll
2010-11-04 18:48:13 ----A---- C:\Windows\system32\kernel32.dll
2010-11-04 18:48:13 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-11-04 18:48:13 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-11-04 18:48:13 ----A---- C:\Windows\system32\drivers\srv.sys
2010-11-04 18:48:12 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-11-04 18:48:12 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-11-04 18:48:12 ----A---- C:\Windows\system32\secproc_isv.dll
2010-11-04 18:48:12 ----A---- C:\Windows\system32\secproc.dll
2010-11-04 18:48:12 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-11-04 18:48:12 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-11-04 18:48:12 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-11-04 18:48:12 ----A---- C:\Windows\system32\RMActivate.exe
2010-11-04 18:48:12 ----A---- C:\Windows\system32\apphelp.dll
2010-11-04 18:48:11 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-11-04 18:48:11 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-11-04 18:48:10 ----A---- C:\Windows\system32\tsbyuv.dll
2010-11-04 18:48:10 ----A---- C:\Windows\system32\quartz.dll
2010-11-04 18:48:10 ----A---- C:\Windows\system32\msyuv.dll
2010-11-04 18:48:10 ----A---- C:\Windows\system32\msvidc32.dll
2010-11-04 18:48:10 ----A---- C:\Windows\system32\msrle32.dll
2010-11-04 18:48:10 ----A---- C:\Windows\system32\mciavi32.dll
2010-11-04 18:48:10 ----A---- C:\Windows\system32\iyuv_32.dll
2010-11-04 18:48:10 ----A---- C:\Windows\system32\avifil32.dll
2010-11-04 18:48:09 ----A---- C:\Windows\system32\wmpmde.dll
2010-11-04 18:46:39 ----A---- C:\Windows\system32\vbscript.dll
2010-11-04 18:46:03 ----A---- C:\Windows\system32\fontsub.dll
2010-11-04 18:46:03 ----A---- C:\Windows\system32\atmlib.dll
2010-11-04 18:46:03 ----A---- C:\Windows\system32\atmfd.dll
2010-11-04 18:45:45 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2010-11-04 18:45:45 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2010-11-04 18:45:45 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2010-11-04 18:43:00 ----A---- C:\Windows\system32\wintrust.dll
2010-11-04 18:42:36 ----A---- C:\Windows\system32\cabview.dll
2010-11-04 18:32:57 ----A---- C:\Windows\system32\DreamScene.dll
2010-11-04 18:11:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-04 18:07:27 ----D---- C:\Users\User123\AppData\Roaming\Identities
2010-11-04 18:07:15 ----SD---- C:\Users\User123\AppData\Roaming\Microsoft
2010-11-04 18:07:15 ----D---- C:\Users\User123\AppData\Roaming\Media Center Programs
2010-11-04 18:07:03 ----SHD---- C:\Recovery
2010-11-04 18:03:13 ----D---- C:\Windows\SoftwareDistribution
2010-11-04 18:00:25 ----D---- C:\Windows\Prefetch
2010-11-04 18:00:05 ----ASH---- C:\pagefile.sys
2010-11-04 18:00:02 ----SHD---- C:\System Volume Information
2010-11-04 18:00:02 ----ASH---- C:\hiberfil.sys
2010-11-04 17:59:16 ----D---- C:\Windows\Panther

======List of files/folders modified in the last 2 months======

2010-12-12 16:25:41 ----D---- C:\Windows\Temp
2010-12-12 16:25:19 ----RD---- C:\Program Files
2010-12-12 15:04:44 ----D---- C:\Windows\system32\config
2010-12-12 14:07:12 ----D---- C:\Windows\tracing
2010-12-11 19:33:33 ----HD---- C:\ProgramData
2010-12-09 18:44:53 ----D---- C:\Windows\System32
2010-12-09 06:22:39 ----D---- C:\Windows\inf
2010-12-05 20:55:38 ----D---- C:\Windows\Help
2010-12-05 20:02:48 ----D---- C:\Windows\system32\NDF
2010-12-03 15:13:58 ----D---- C:\Windows\winsxs
2010-12-03 15:13:56 ----HD---- C:\Windows
2010-12-01 16:08:04 ----D---- C:\Windows\system32\LogFiles
2010-12-01 16:06:05 ----SD---- C:\ProgramData\Microsoft
2010-12-01 16:04:28 ----D---- C:\Windows\system32\drivers
2010-12-01 16:04:26 ----D---- C:\Windows\system32\catroot
2010-12-01 16:04:25 ----D---- C:\Windows\system32\DriverStore
2010-12-01 16:00:49 ----RHD---- C:\Users
2010-11-27 09:25:20 ----HD---- C:\Program Files\Internet Explorer
2010-11-23 17:59:53 ----D---- C:\Windows\system32\wdi
2010-11-21 21:09:08 ----RSD---- C:\Windows\assembly
2010-11-21 21:08:37 ----RSD---- C:\Windows\Fonts
2010-11-21 21:08:33 ----D---- C:\Program Files\Common Files\microsoft shared
2010-11-20 20:19:12 ----D---- C:\Windows\system32\Tasks
2010-11-16 16:01:37 ----D---- C:\Windows\system32\drivers\UMDF
2010-11-15 18:38:39 ----D---- C:\Windows\system32\catroot2
2010-11-15 18:37:12 ----HD---- C:\Program Files\Common Files
2010-11-14 16:16:56 ----D---- C:\Windows\Logs
2010-11-13 21:34:24 ----D---- C:\Windows\Microsoft.NET
2010-11-13 15:52:32 ----D---- C:\Windows\system32\wbem
2010-11-13 15:51:52 ----D---- C:\Windows\ShellNew
2010-11-13 15:50:10 ----A---- C:\Windows\win.ini
2010-11-13 15:50:07 ----D---- C:\Program Files\Common Files\System
2010-11-05 14:00:25 ----D---- C:\Windows\Downloaded Program Files
2010-11-05 12:37:33 ----D---- C:\Windows\system32\en-US
2010-11-04 19:54:25 ----D---- C:\Windows\rescache
2010-11-04 18:58:21 ----D---- C:\Windows\system32\migration
2010-11-04 18:58:20 ----HD---- C:\Program Files\Windows Mail
2010-11-04 18:58:20 ----D---- C:\Windows\system32\sk-SK
2010-11-04 18:58:20 ----D---- C:\Windows\system32\Boot
2010-11-04 18:58:20 ----D---- C:\Windows\ehome
2010-11-04 18:58:19 ----HD---- C:\Program Files\Windows Media Player
2010-11-04 18:58:19 ----D---- C:\Windows\AppPatch
2010-11-04 18:50:18 ----D---- C:\Windows\debug
2010-11-04 18:48:54 ----D---- C:\Windows\system32\restore
2010-11-04 18:42:13 ----D---- C:\Windows\system32\drivers\etc
2010-11-04 18:14:46 ----D---- C:\Windows\system32\CodeIntegrity
2010-11-04 18:07:26 ----SHD---- C:\$Recycle.Bin
2010-11-04 18:07:03 ----D---- C:\Windows\system32\Recovery
2010-11-04 18:03:12 ----D---- C:\Windows\system32\sysprep
2010-11-04 18:00:58 ----D---- C:\Windows\CSC
2010-10-25 10:07:48 ----A---- C:\Windows\system32\dgdersvc.exe
2010-10-25 10:07:48 ----A---- C:\Windows\system32\dgderapi.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-11-05 691696]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2003-12-18 147192]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-10-05 1221632]
R3 connctfyMP;connctfyMP; C:\Windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
R3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2010-10-25 18120]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2009-07-13 43008]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 84992]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-07-13 1068032]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2003-09-19 45056]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 aj60r27c;aj60r27c; C:\Windows\system32\drivers\aj60r27c.sys []
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 connctfy;Connectify Service; C:\Windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2010-01-20 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2010-01-20 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2010-01-20 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver; C:\Windows\system32\DRIVERS\ss_bserd.sys [2010-01-20 100224]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-02 94208]
R2 Connectify;Connectify; C:\Program Files\Connectify\Connectifyd.exe [2010-09-28 892992]
R2 dgdersvc;Device Error Recovery Service; C:\Windows\system32\dgdersvc.exe [2010-10-25 95568]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-12-22 217088]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 33584]
S3 KiesAllShare;SAMSUNG KiesAllShare Service; C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe [2010-01-18 9201664]
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-05 1343400]

-----------------EOF-----------------

[Rudy]

Nic nebezpečného nevidím . Proveďte pro jistotu kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[Framer]

Veľmi pekne Vám ďakujem za odpoveď, som rád že sa "háveď" nedostala do počítača. Tu prikladám log z MBAM:

Internet Explorer 8.0.7600.16385

12. 12. 2010 20:54:21
mbam-log-2010-12-12 (20-54-21).txt

Typ kontroly: Úplná kontrola (C:\|)
Objektov kontrolovaných: 215568
Uplynutý čas: 31 min, 13 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 0

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
(Škodlivé položky neboli zistené)

[Rudy]

Log je čistý, patrně se do něj nic nepřeneslo. Nebo má vaše PC nějaký problém?