V PC je pravděpodobně havěť

[Kolcek93]

PC se poslední dobou chová nějak divně - například věčně vyhazuje hlášku "Nastavení zabezpečení internetu zabránilo spuštění jednoho nebo více souborů". Do nastavení jsem se díval(je možné, že jsem něco přehlídl - nastavení sedmiček je pro mě děsně nepřehledné), ale tam by problém být neměl. Stejná hláška vyskočila i při scanu RSITčkem. Tady přikládám log, co jsem dostal

Logfile of random's system information tool 1.08 (written by random/random)
Run by Marek at 2011-03-19 14:44:14
Microsoft Windows 7 Ultimate
System drive C: has 12 GB (11%) free of 117 GB
Total RAM: 4096 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:58:12, on 20.10.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Windows\nvsvc32.exe
C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe
C:\Users\Public\S-3685-5437-5687\winsrvn.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Marek\Desktop\hijackthis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Marek\AppData\Local\Temp\1680918.exe
C:\Program Files\trend micro\Marek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe
O4 - HKCU\..\Run: [WindowsDriverControl] C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe
O4 - HKCU\..\Run: [MSNUpdateServices] C:\Users\Public\S-3685-5437-5687\winsrvn.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6598 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"taskhost.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Users\Public\S-3685-5437-5687\msnlive.exe"
"C:\Users\Public\D-2785-7947-8747\wincdsvn.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe"
C:\Windows\nvsvc32.exe
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k secsvcs
taskeng.exe {45DA2EBC-CBC3-49EA-AF36-9271C8B4937C}
C:\Users\Marek\AppData\Local\Temp\Kwx.exe
"C:\Program Files (x86)\Opera\opera.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 492 65536 520
"C:\Users\Marek\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2008-12-11 6952480]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2008-12-11 1833504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files (x86)\steam\steam.exe [2010-11-17 1242448]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"NVIDIA driver monitor"=C:\Windows\nvsvc32.exe [2010-10-04 58880]
"WindowsDriverControl"=C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe [2010-10-10 225280]
"MSNUpdateServices"=C:\Users\Public\S-3685-5437-5687\msnlive.exe [2010-10-26 196608]
"KOO9RV9K4Z"=C:\Users\Marek\AppData\Local\Temp\Kwx.exe [2010-10-20 237568]
"WinMSDNControl"=C:\Users\Public\D-2785-7947-8747\wincdsvn.exe [2010-10-24 92724]
"ICQ"=C:\Program Files (x86)\ICQ7.4\ICQ.exe [2011-01-27 119608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2006-11-17 77824]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-03-02 98304]
"NVIDIA driver monitor"=C:\Windows\nvsvc32.exe [2010-10-04 58880]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\Marek\AppData\Local\Opera\Opera\temporary_downloads\P1753577.JPG-www.facebook.exe"="C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe"="C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe:*:Enabled:WindowsDriverControl"
"C:\Users\Public\S-3685-5437-5687\winsrvn.exe"="C:\Users\Public\S-3685-5437-5687\winsrvn.exe:*:Enabled:MSNUpdateServices"
"C:\Users\Public\D-2785-7947-8747\wincdsvn.exe"="C:\Users\Public\D-2785-7947-8747\wincdsvn.exe:*:Enabled:WinMSDNControl"
"C:\Users\Public\S-3685-5437-5687\minsfot.exe"="C:\Users\Public\S-3685-5437-5687\minsfot.exe:*:Enabled:MSNUpdateServices"
"C:\Users\Public\S-3685-5437-5687\msnlive.exe"="C:\Users\Public\S-3685-5437-5687\msnlive.exe:*:Enabled:MSNUpdateServices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-03-17 08:54:14 ----A---- C:\Windows\ntbtlog.txt
2011-03-16 19:32:20 ----D---- C:\Program Files (x86)\League of Legends
2011-03-16 19:31:41 ----A---- C:\LeagueofLegends.exe
2011-03-16 19:23:38 ----D---- C:\Program Files\League of Legends

======List of files/folders modified in the last 1 months======

2011-03-19 14:44:16 ----D---- C:\Program Files\trend micro
2011-03-19 14:42:40 ----D---- C:\Windows\system32\Tasks
2011-03-19 14:42:39 ----D---- C:\Windows\Tasks
2011-03-19 14:42:25 ----D---- C:\Windows
2011-03-19 14:36:44 ----D---- C:\Windows\Temp
2011-03-19 13:34:32 ----D---- C:\Program Files (x86)\Steam
2011-03-19 13:31:25 ----D---- C:\Windows\Minidump
2011-03-19 13:31:19 ----SHD---- C:\System Volume Information
2011-03-17 11:11:01 ----D---- C:\Windows\SysWOW64
2011-03-17 08:42:27 ----D---- C:\ProgramData\PMB Files
2011-03-17 08:31:39 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-03-16 20:18:59 ----D---- C:\Users\Marek\AppData\Roaming\Skype
2011-03-16 19:32:57 ----RD---- C:\Program Files (x86)
2011-03-16 19:23:47 ----RD---- C:\Program Files
2011-03-16 16:09:47 ----D---- C:\Users\Marek\AppData\Roaming\skypePM
2011-03-15 08:30:11 ----D---- C:\Users\Marek\AppData\Roaming\ICQ
2011-03-13 08:08:27 ----D---- C:\Windows\Prefetch
2011-03-08 17:18:38 ----D---- C:\Program Files (x86)\Warcraft III
2011-03-06 14:37:40 ----D---- C:\Program Files (x86)\ICQ7.4
2011-03-01 19:31:18 ----D---- C:\Windows\System32
2011-03-01 19:31:18 ----D---- C:\Windows\inf
2011-03-01 19:31:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-26 10:42:43 ----D---- C:\Program Files (x86)\The KMPlayer
2011-02-26 07:36:25 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2008-08-18 170528]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-04 834544]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 134024]
R2 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x64.sys [2009-03-27 19432]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 142776]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-05-14 165960]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 116736]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2008-12-11 1577120]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx64.sys [2007-11-18 1484448]
S3 a4sxcwyo;a4sxcwyo; C:\Windows\system32\drivers\a4sxcwyo.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-03-03 6402560]
S3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-05-14 33608]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-08-31 23080]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-03-03 202752]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2009-09-01 66872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-09-12 841984]
S2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-03-03 407336]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-09-12 506624]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1255736]
S4 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2009-05-14 731840]

-----------------EOF-----------------


Momentálně mi běží MBAM a už jsem ručně odstraňoval cca 5 soubor Kpupae*.exe, co mi ležely ve složce windows, kde místo * bylo nějaké písmeno (a, b, c, ...). Podle VT.com se totiž jednalo o virus.

[vyosek]

Zdravim a pekny den preji

Mate tam celou zoo i s babkou pokladni

Nechte dobehnout MBAM, pak sem dejte log pred mazanim

[Kolcek93]

Zprávu jsem četl až teď - po mazání. Tady je MBAM log
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3688
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.3.2011 17:47:42
mbam-log-2011-03-19 (17-47-42).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 690348
Uplynulý čas: 3 hour(s), 58 minute(s), 15 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


Tak nějak jsem tušil, že tu bude havěti trochu víc. Jdu na restart a přihodím nový log z RSIT

[vyosek]

Novy RSIT zatim neni treba, MBAM toho moc nenasel, pustime tam CFko

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Kolcek93]

Log z RSIT
Logfile of random's system information tool 1.08 (written by random/random)
Run by Marek at 2011-03-19 17:54:01
Microsoft Windows 7 Ultimate
System drive C: has 12 GB (11%) free of 117 GB
Total RAM: 4096 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:58:12, on 20.10.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Windows\nvsvc32.exe
C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe
C:\Users\Public\S-3685-5437-5687\winsrvn.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Marek\Desktop\hijackthis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Marek\AppData\Local\Temp\1680918.exe
C:\Program Files\trend micro\Marek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe
O4 - HKCU\..\Run: [WindowsDriverControl] C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe
O4 - HKCU\..\Run: [MSNUpdateServices] C:\Users\Public\S-3685-5437-5687\winsrvn.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6598 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"taskhost.exe"
taskeng.exe {1C4FB0BF-3FA5-4CAB-BA72-36B03A2EC561}
C:\Users\Marek\AppData\Local\Temp\Kwx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
C:\Windows\nvsvc32.exe
"C:\Users\Public\S-3685-5437-5687\msnlive.exe"
"C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Public\D-2785-7947-8747\wincdsvn.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Marek\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

======Scheduled tasks folder======

C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2008-12-11 6952480]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2008-12-11 1833504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files (x86)\steam\steam.exe [2010-11-17 1242448]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"NVIDIA driver monitor"=C:\Windows\nvsvc32.exe [2010-10-04 58880]
"WindowsDriverControl"=C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe [2010-10-10 225280]
"MSNUpdateServices"=C:\Users\Public\S-3685-5437-5687\msnlive.exe [2010-10-26 196608]
"KOO9RV9K4Z"=C:\Users\Marek\AppData\Local\Temp\Kwx.exe [2010-10-20 237568]
"WinMSDNControl"=C:\Users\Public\D-2785-7947-8747\wincdsvn.exe [2010-10-24 92724]
"ICQ"=C:\Program Files (x86)\ICQ7.4\ICQ.exe [2011-01-27 119608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2006-11-17 77824]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-03-02 98304]
"NVIDIA driver monitor"=C:\Windows\nvsvc32.exe [2010-10-04 58880]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\Marek\AppData\Local\Opera\Opera\temporary_downloads\P1753577.JPG-www.facebook.exe"="C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe"="C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe:*:Enabled:WindowsDriverControl"
"C:\Users\Public\S-3685-5437-5687\winsrvn.exe"="C:\Users\Public\S-3685-5437-5687\winsrvn.exe:*:Enabled:MSNUpdateServices"
"C:\Users\Public\D-2785-7947-8747\wincdsvn.exe"="C:\Users\Public\D-2785-7947-8747\wincdsvn.exe:*:Enabled:WinMSDNControl"
"C:\Users\Public\S-3685-5437-5687\minsfot.exe"="C:\Users\Public\S-3685-5437-5687\minsfot.exe:*:Enabled:MSNUpdateServices"
"C:\Users\Public\S-3685-5437-5687\msnlive.exe"="C:\Users\Public\S-3685-5437-5687\msnlive.exe:*:Enabled:MSNUpdateServices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-03-17 08:54:14 ----A---- C:\Windows\ntbtlog.txt
2011-03-16 19:32:20 ----D---- C:\Program Files (x86)\League of Legends
2011-03-16 19:31:41 ----A---- C:\LeagueofLegends.exe
2011-03-16 19:23:38 ----D---- C:\Program Files\League of Legends

======List of files/folders modified in the last 1 months======

2011-03-19 17:54:05 ----D---- C:\Program Files\trend micro
2011-03-19 17:53:11 ----AH---- C:\Windows\SYSWOW64\winrtsnr.txt
2011-03-19 17:52:57 ----D---- C:\Windows\system32\Tasks
2011-03-19 17:52:56 ----D---- C:\Windows\Tasks
2011-03-19 17:49:43 ----D---- C:\Windows\Temp
2011-03-19 14:42:25 ----D---- C:\Windows
2011-03-19 13:34:32 ----D---- C:\Program Files (x86)\Steam
2011-03-19 13:31:25 ----D---- C:\Windows\Minidump
2011-03-19 13:31:19 ----SHD---- C:\System Volume Information
2011-03-17 11:11:01 ----D---- C:\Windows\SysWOW64
2011-03-17 08:42:27 ----D---- C:\ProgramData\PMB Files
2011-03-17 08:31:39 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-03-16 20:18:59 ----D---- C:\Users\Marek\AppData\Roaming\Skype
2011-03-16 19:32:57 ----RD---- C:\Program Files (x86)
2011-03-16 19:23:47 ----RD---- C:\Program Files
2011-03-16 16:09:47 ----D---- C:\Users\Marek\AppData\Roaming\skypePM
2011-03-15 08:30:11 ----D---- C:\Users\Marek\AppData\Roaming\ICQ
2011-03-13 08:08:27 ----D---- C:\Windows\Prefetch
2011-03-08 17:18:38 ----D---- C:\Program Files (x86)\Warcraft III
2011-03-06 14:37:40 ----D---- C:\Program Files (x86)\ICQ7.4
2011-03-01 19:31:18 ----D---- C:\Windows\System32
2011-03-01 19:31:18 ----D---- C:\Windows\inf
2011-03-01 19:31:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-26 10:42:43 ----D---- C:\Program Files (x86)\The KMPlayer
2011-02-26 07:36:25 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2008-08-18 170528]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-04 834544]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 134024]
R2 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x64.sys [2009-03-27 19432]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 142776]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-05-14 165960]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 116736]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2008-12-11 1577120]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx64.sys [2007-11-18 1484448]
S3 apz8yix2;apz8yix2; C:\Windows\system32\drivers\apz8yix2.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-03-03 6402560]
S3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-05-14 33608]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-08-31 23080]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-03-03 202752]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2009-09-01 66872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-09-12 841984]
S2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-03-03 407336]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-09-12 506624]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1255736]
S4 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2009-05-14 731840]

-----------------EOF-----------------


Jdu na CF

[vyosek]

jojo, havet tam stale je a nemalo

[Kolcek93]

Tak ComboFix se mi nepodařilo sputit. Po celou dobu jsem dostával chyby o zablokování souborů z internetu a nakonec vyhodil chybu i CF. Viz. screen
http://img826.imageshack.us/i/cfchyba.png/

[vyosek]

Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Prejmenujte ComboFix na Beruska.com a spustte

[Kolcek93]

CF před chvilkou doběhl a tady je log

ComboFix 11-03-18.05 - Marek 19.03.2011 18:13:32.1.2 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4096.3052 [GMT 1:00]
Spuštěný z: c:\users\Marek\Desktop\Beruska.com
AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\21.exe
C:\23.exe
C:\6164.exe
C:\tn.exe
c:\users\Marek\AppData\Roaming\wimknrncds.txt
c:\users\Marek\AppData\Roaming\win32appli.txt
c:\users\Public\C-76947-8457-2745
c:\users\Public\C-76947-8457-2745\wincdrsvn.exe
c:\users\Public\C-76947-8457-2745\winmsnliv.exe
c:\users\Public\S-3685-5437-5687\msnlive.exe
c:\users\tatka\AppData\Roaming\msnliveq.exe
c:\users\tatka\AppData\Roaming\msnlives.exe
c:\users\tatka\AppData\Roaming\qghumeaylnlfdxfircvs85.exe
c:\users\tatka\AppData\Roaming\wimknrncds.txt
c:\windows\mdlu.dl
c:\windows\nvsvc32.exe
c:\windows\SysWow64\arp.exe
c:\windows\SysWow64\winrtsnr.txt
c:\windows\wintybrd.png
c:\windows\wintybrdf.jpg
c:\windows\system32\arp.exe . . . . nemohl být smazán
c:\windows\system32\slwga.dll . . . . nemohl být smazán
c:\windows\system32\systemcpl.dll . . . . nemohl být smazán
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-19 do 2011-03-19 )))))))))))))))))))))))))))))))
.
.
2011-03-19 17:28 . 2011-03-19 17:28 -------- d-----w- c:\users\tatka\AppData\Local\temp
2011-03-19 17:28 . 2011-03-19 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-16 18:32 . 2011-03-16 18:33 -------- d-----w- c:\program files (x86)\League of Legends
2011-03-16 18:31 . 2011-03-16 18:31 2257408 ----a-w- C:\LeagueofLegends.exe
2011-03-16 18:23 . 2011-03-16 18:23 -------- d-----w- c:\program files\League of Legends
2011-03-01 18:30 . 2011-03-01 18:30 -------- d-----w- c:\users\tatka\AppData\Roaming\U3
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-23 09:34 . 2010-06-25 14:12 2829 ----a-w- c:\windows\War3Unin.pif
2011-01-23 09:34 . 2010-06-25 14:12 139264 ----a-w- c:\windows\War3Unin.exe
2010-03-26 13:04 . 2010-03-26 13:02 108279664 ----a-w- c:\program files (x86)\directx_aug2009_redist.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\steam\steam.exe" [2010-11-17 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WinMSDNControl"="c:\users\Public\D-2785-7947-8747\wincdsvn.exe" [2010-10-24 92724]
"ICQ"="c:\program files (x86)\ICQ7.4\ICQ.exe" [2011-03-01 119608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
.
c:\users\tatka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-9-16 384512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2009-05-14 731840]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-12-11 6952480]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-11 1833504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,48,50,00,67,74,04,49,99,70,7f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,48,50,00,67,74,04,49,99,70,7f,\
.
[HKEY_USERS\S-1-5-21-3412280854-2301416076-1472569319-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0e,b2,f9,ca,9a,ca,35,7f,34,ea,7d,ab,0f,62,12,87,dd,f9,eb,c9,ec,ae,58,
90,21,ee,bf,9c,a3,a0,9c,6b,4b,2f,41,80,ae,90,a1,9d,92,12,09,e1,c1,42,f2,3c,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-3412280854-2301416076-1472569319-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\progra~2\ICQ7.4\ICQ.exe
.
**************************************************************************
.
Celkový čas: 2011-03-19 19:03:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-19 18:03
.
Před spuštěním: Volných bajtů: 16 466 046 976
Po spuštění: Volných bajtů: 16 328 441 856
.
- - End Of File - - B8E9003B82101B645370B12E8E980F94

[Kolcek93]

Log z RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by Marek at 2011-03-19 19:14:16
Microsoft Windows 7 Ultimate
System drive C: has 15 GB (13%) free of 117 GB
Total RAM: 4096 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:14:26, on 19.3.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\Public\D-2785-7947-8747\wincdsvn.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files\trend micro\Marek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WinMSDNControl] C:\Users\Public\D-2785-7947-8747\wincdsvn.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.4\ICQ.exe" silent loginmode=4
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5854 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\sppsvc.exe
"taskhost.exe"
taskeng.exe {1A5BA06B-7B94-4D94-AB75-E6115315EF04}
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Users\Public\D-2785-7947-8747\wincdsvn.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Opera\opera.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\wuauclt.exe"
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Users\Marek\Desktop\RSITx64.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3412280854-2301416076-1472569319-10012_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3412280854-2301416076-1472569319-10012 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2008-12-11 6952480]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2008-12-11 1833504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files (x86)\steam\steam.exe [2010-11-17 1242448]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"WinMSDNControl"=C:\Users\Public\D-2785-7947-8747\wincdsvn.exe [2010-10-24 92724]
"ICQ"=C:\Program Files (x86)\ICQ7.4\ICQ.exe [2011-03-01 119608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2006-11-17 77824]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-03-02 98304]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 290304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\Marek\AppData\Local\Opera\Opera\temporary_downloads\P1753577.JPG-www.facebook.exe"="C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe"="C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe:*:Enabled:WindowsDriverControl"
"C:\Users\Public\S-3685-5437-5687\winsrvn.exe"="C:\Users\Public\S-3685-5437-5687\winsrvn.exe:*:Enabled:MSNUpdateServices"
"C:\Users\Public\D-2785-7947-8747\wincdsvn.exe"="C:\Users\Public\D-2785-7947-8747\wincdsvn.exe:*:Enabled:WinMSDNControl"
"C:\Users\Public\S-3685-5437-5687\minsfot.exe"="C:\Users\Public\S-3685-5437-5687\minsfot.exe:*:Enabled:MSNUpdateServices"
"C:\Users\Public\S-3685-5437-5687\msnlive.exe"="C:\Users\Public\S-3685-5437-5687\msnlive.exe:*:Enabled:MSNUpdateServices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-03-19 19:10:57 ----SHD---- C:\$RECYCLE.BIN
2011-03-19 19:07:11 ----A---- C:\Windows\isRS-000.tmp
2011-03-19 19:03:44 ----D---- C:\Windows\temp
2011-03-19 19:03:38 ----A---- C:\ComboFix.txt
2011-03-19 18:09:59 ----A---- C:\Windows\zip.exe
2011-03-19 18:09:59 ----A---- C:\Windows\SWSC.exe
2011-03-19 18:09:59 ----A---- C:\Windows\SWREG.exe
2011-03-19 18:09:59 ----A---- C:\Windows\sed.exe
2011-03-19 18:09:59 ----A---- C:\Windows\PEV.exe
2011-03-19 18:09:59 ----A---- C:\Windows\NIRCMD.exe
2011-03-19 18:09:59 ----A---- C:\Windows\MBR.exe
2011-03-19 18:09:59 ----A---- C:\Windows\grep.exe
2011-03-19 18:09:52 ----D---- C:\Windows\ERDNT
2011-03-19 18:09:51 ----D---- C:\Beruska
2011-03-19 18:09:32 ----D---- C:\Qoobox
2011-03-19 18:09:14 ----A---- C:\Windows\SWXCACLS.exe
2011-03-19 18:09:13 ----D---- C:\32788R22FWJFW
2011-03-17 08:54:14 ----A---- C:\Windows\ntbtlog.txt
2011-03-16 19:32:20 ----D---- C:\Program Files (x86)\League of Legends
2011-03-16 19:31:41 ----A---- C:\LeagueofLegends.exe
2011-03-16 19:23:38 ----D---- C:\Program Files\League of Legends

======List of files/folders modified in the last 1 months======

2011-03-19 19:14:21 ----D---- C:\Program Files\trend micro
2011-03-19 19:13:44 ----D---- C:\Windows\system32\config
2011-03-19 19:11:54 ----D---- C:\Program Files (x86)\Steam
2011-03-19 19:10:55 ----D---- C:\Windows
2011-03-19 19:09:49 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-19 19:07:09 ----D---- C:\Windows\SYSWOW64\drivers
2011-03-19 19:03:45 ----D---- C:\Windows\system32\drivers
2011-03-19 19:01:13 ----D---- C:\Windows\Tasks
2011-03-19 18:59:46 ----D---- C:\Windows\system32\catroot
2011-03-19 18:59:42 ----D---- C:\Windows\winsxs
2011-03-19 18:59:26 ----D---- C:\Windows\system32\catroot2
2011-03-19 18:56:23 ----A---- C:\Windows\system.ini
2011-03-19 18:54:55 ----D---- C:\Program Files (x86)\ICQ7.4
2011-03-19 18:54:44 ----D---- C:\Windows\system32\drivers\etc
2011-03-19 18:27:43 ----D---- C:\Windows\SysWOW64
2011-03-19 18:20:06 ----D---- C:\Windows\System32
2011-03-19 18:20:06 ----D---- C:\Windows\AppPatch
2011-03-19 18:20:05 ----D---- C:\Program Files\Common Files
2011-03-19 18:20:05 ----D---- C:\Program Files (x86)\Common Files
2011-03-19 17:52:57 ----D---- C:\Windows\system32\Tasks
2011-03-19 13:31:25 ----D---- C:\Windows\Minidump
2011-03-19 13:31:19 ----SHD---- C:\System Volume Information
2011-03-17 08:42:27 ----D---- C:\ProgramData\PMB Files
2011-03-17 08:31:39 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-03-16 20:18:59 ----D---- C:\Users\Marek\AppData\Roaming\Skype
2011-03-16 19:32:57 ----RD---- C:\Program Files (x86)
2011-03-16 19:23:47 ----RD---- C:\Program Files
2011-03-16 16:09:47 ----D---- C:\Users\Marek\AppData\Roaming\skypePM
2011-03-15 08:30:11 ----D---- C:\Users\Marek\AppData\Roaming\ICQ
2011-03-13 08:08:27 ----D---- C:\Windows\Prefetch
2011-03-08 17:18:38 ----D---- C:\Program Files (x86)\Warcraft III
2011-03-01 19:31:18 ----D---- C:\Windows\inf
2011-03-01 19:31:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-26 10:42:43 ----D---- C:\Program Files (x86)\The KMPlayer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2008-08-18 170528]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-04 834544]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 134024]
R2 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x64.sys [2009-03-27 19432]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 142776]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-05-14 165960]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 116736]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2008-12-11 1577120]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx64.sys [2007-11-18 1484448]
S3 ant0o54r;ant0o54r; C:\Windows\system32\drivers\ant0o54r.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-03-03 6402560]
S3 catchme;catchme; \??\C:\Beruska\catchme.sys []
S3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-05-14 33608]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-08-31 23080]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-03-03 202752]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2009-09-01 66872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-09-12 841984]
S2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-03-03 407336]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-09-12 506624]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1255736]
S4 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2009-05-14 731840]

-----------------EOF-----------------

[vyosek]

RSIT po CFku je zbytecny - jelikoz CF stopy maze, takze jej davat nemusite

Vypadato, ze mate poskozeny ESET, bude jej treba preinstalovat po dokonceni leceni

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  "C:\Users\Marek\AppData\Local\Opera\Opera\temporary_downloads\P1753577.JPG-www.facebook.exe"=-
  "C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe"=-
  "C:\Users\Public\S-3685-5437-5687\winsrvn.exe"=-
  "C:\Users\Public\D-2785-7947-8747\wincdsvn.exe"=-
  "C:\Users\Public\S-3685-5437-5687\minsfot.exe"=-
  "C:\Users\Public\S-3685-5437-5687\msnlive.exe"=-
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Steam"=-
  "DAEMON Tools Lite"=-
  "WinMSDNControl"=-
  "ICQ"=-
  
  DDS::
  uStart Page = hxxp://start.icq.com/
  
  RegLock::
  [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
  [HKEY_USERS\S-1-5-21-3412280854-2301416076-1472569319-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  [HKEY_USERS\S-1-5-21-3412280854-2301416076-1472569319-1001\Software\SecuROM\License information*]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  
  Folder::
  C:\Users\Public\D-2785-7947-8747
  C:\Users\Public\S-3685-5437-5687
  C:\Users\Public\C-76947-8457-2745
  
  File::
  C:\Users\Marek\AppData\Local\Opera\Opera\temporary_downloads\P1753577.JPG-www.facebook.exe
  c:\windows\system32\arp.exe
  c:\windows\system32\slwga.dll
  c:\windows\system32\systemcpl.dll
  C:\Windows\isRS-000.tmp
  C:\Windows\SWXCACLS.exe
  
  DirLook::
  C:\32788R22FWJFW
  
  Reboot::
  

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[brasel]

zdravim je mozne se na toto podivat dekuji moc..ComboFix 11-03-19.03 - adamek 20.03.2011 9:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.1790.893 [GMT 1:00]
Spuštěný z: c:\users\adamek\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFTBPR.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PATCH.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\2.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\2.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3TPINST.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\f3PSSavr.scr
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-20 do 2011-03-20 )))))))))))))))))))))))))))))))
.
.
2011-03-20 08:47 . 2011-03-20 08:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-18 08:03 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7392886-7E94-41F3-A31E-27C5FB52E2E3}\mpengine.dll
2011-03-16 11:32 . 2011-03-20 08:13 -------- d-----w- c:\users\adamek\AppData\Roaming\Raptr
2011-03-16 11:32 . 2011-03-16 11:33 -------- d-----w- c:\program files\Raptr
2011-03-16 11:30 . 2011-03-18 21:34 -------- d-----w- c:\users\adamek\AppData\Roaming\Azureus
2011-03-16 11:30 . 2011-03-16 11:30 -------- d-----w- c:\program files\Vuze
2011-03-16 11:29 . 2011-03-16 11:29 -------- d-----w- c:\program files\ConduitEngine
2011-03-09 08:12 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 08:12 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 08:12 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 08:12 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 08:12 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 08:12 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-04 13:29 . 2011-03-04 13:29 -------- d-----w- c:\program files\CCleaner
2011-02-27 02:01 . 2011-02-27 02:01 -------- d-----w- c:\program files\MSXML 4.0
2011-02-26 10:19 . 2010-07-04 18:07 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe
2011-02-26 10:19 . 2010-06-14 08:32 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2011-02-26 10:19 . 2010-06-14 08:32 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2011-02-26 10:18 . 2011-02-26 10:18 -------- d-----w- c:\users\adamek\AppData\Roaming\Samsung
2011-02-26 10:17 . 2011-02-26 10:17 -------- d-----w- c:\program files\MarkAny
2011-02-26 10:10 . 2011-02-26 10:10 -------- d-----w- c:\users\adamek\AppData\Local\Downloaded Installations
2011-02-26 09:53 . 2011-02-26 09:53 -------- d-----w- c:\users\adamek\{02f8a850-c82a-44d8-8e8e-20a0232b0d45}
2011-02-26 09:43 . 2011-02-26 09:50 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2011-02-26 09:42 . 2006-07-24 15:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2011-02-26 09:42 . 2011-02-26 10:15 -------- d-----w- c:\program files\Samsung
2011-02-26 09:32 . 2011-02-26 09:32 -------- d-----w- c:\programdata\Installations
2011-02-24 02:00 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-02-24 02:00 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-02-24 02:00 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-02-24 02:00 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-02-24 02:00 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-02-24 02:00 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-02-22 02:01 . 2011-02-22 02:01 -------- d-----w- c:\program files\Microsoft.NET
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 08:50 . 2010-12-22 20:33 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-02-02 16:11 . 2010-12-24 09:26 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 07:50 . 2011-02-10 08:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 05:57 . 2011-02-10 08:25 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:25 . 2011-02-10 08:26 2038784 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 14:57 . 2011-01-12 06:25 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-23 22:32 . 2010-12-23 22:32 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-22 19:49 . 2010-12-22 19:49 47672 ----a-w- c:\windows\AsScrProlog.exe
2010-12-22 19:49 . 2010-12-22 19:49 4814371 ----a-w- c:\windows\ASUS Camera ScreenSaver.exe
2010-12-22 19:49 . 2010-12-22 19:49 281144 ----a-w- c:\windows\ASUS Camera ScreenSaver Uninstaller.exe
2010-12-22 19:49 . 2010-12-22 19:49 520192 ----a-w- c:\windows\system32\Asus_Camera_ScreenSaver.scr
2010-12-22 19:25 . 2010-12-22 19:25 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-12-20 15:40 . 2011-02-10 08:25 833024 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 15:37 . 2011-02-10 08:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 14:12 . 2011-02-10 08:25 389632 ----a-w- c:\windows\system32\html.iec
2010-12-20 13:51 . 2011-02-10 08:25 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\toolbar\toolbar.dll" [2010-10-06 187672]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34AB3C4C-DA1A-4067-96F4-31452C7CFE65}"= "c:\program files\Seznam.cz\listicka.dll" [2010-10-06 1961240]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{34ab3c4c-da1a-4067-96f4-31452c7cfe65}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-10-06 488728]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2011-03-15 53160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-01-24 1208320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2010-12-22 47672]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 136176]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;c:\preload\Patch\AsProcOb.sys [x]
R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 22:26]
.
2011-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 22:26]
.
2011-03-20 c:\windows\Tasks\User_Feed_Synchronization-{2DE3358E-C368-462D-8991-54290080C410}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
FF - ProfilePath - c:\users\adamek\AppData\Roaming\Mozilla\Firefox\Profiles\cp3ktule.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-20 09:52
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\TEMP\TMP0000000B2C5C09BE3877B73B 524288 bytes
C:\ADSM_PData_0150
.
sken byl úspešně dokončen
skryté soubory: 2
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3240)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Celkový čas: 2011-03-20 09:57:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-20 08:56
.
Před spuštěním: Volných bajtů: 137 970 634 752
Po spuštění: Volných bajtů: 137 458 876 416
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - AB774549A5948404E41473693E4C3DEC

[vyosek]

Zdravim brasel a pekny den preji

Prectete si prosim pravidla fora a dulezite informace - coz jste neucinil

Zalozte si na svuj problem nove sve tema, u nas plati ze kadzy uzivatel ma na svuj problem tema, aby se nam to nepletlo

Dekuji

[Kolcek93]

Tak tady je log z ComboFixu

ComboFix 11-03-18.05 - Marek 20.03.2011 10:00:29.2.2 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4096.2916 [GMT 1:00]
Spuštěný z: c:\users\Marek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Marek\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\arp.exe . . . . nemohl být smazán
c:\windows\system32\slwga.dll . . . . nemohl být smazán
c:\windows\system32\systemcpl.dll . . . . nemohl být smazán
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-20 do 2011-03-20 )))))))))))))))))))))))))))))))
.
.
2011-03-20 09:16 . 2011-03-20 09:16 -------- d-----w- c:\users\tatka\AppData\Local\temp
2011-03-20 09:16 . 2011-03-20 09:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-19 17:09 . 2011-03-19 18:03 -------- d-----w- C:\Beruska
2011-03-16 18:32 . 2011-03-16 18:33 -------- d-----w- c:\program files (x86)\League of Legends
2011-03-16 18:31 . 2011-03-16 18:31 2257408 ----a-w- C:\LeagueofLegends.exe
2011-03-16 18:23 . 2011-03-16 18:23 -------- d-----w- c:\program files\League of Legends
2011-03-01 18:30 . 2011-03-01 18:30 -------- d-----w- c:\users\tatka\AppData\Roaming\U3
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-23 09:34 . 2010-06-25 14:12 2829 ----a-w- c:\windows\War3Unin.pif
2011-01-23 09:34 . 2010-06-25 14:12 139264 ----a-w- c:\windows\War3Unin.exe
2010-03-26 13:04 . 2010-03-26 13:02 108279664 ----a-w- c:\program files (x86)\directx_aug2009_redist.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-19_17.56.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-01 15:28 . 2011-03-19 18:24 76898 c:\windows\system32\perfc014.dat
+ 2009-09-01 14:06 . 2011-03-19 18:24 81950 c:\windows\system32\perfc00B.dat
+ 2009-09-01 15:13 . 2011-03-19 18:24 89238 c:\windows\system32\perfc008.dat
+ 2009-09-01 18:02 . 2011-03-19 18:24 79606 c:\windows\system32\perfc006.dat
+ 2009-09-01 14:37 . 2011-03-19 18:24 78786 c:\windows\system32\perfc001.dat
+ 2009-09-13 07:35 . 2010-04-29 14:39 24664 c:\windows\system32\drivers\mbam.sys
+ 2009-09-01 00:17 . 2011-03-20 10:01 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-01 00:17 . 2011-03-19 17:31 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-01 00:17 . 2011-03-20 10:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-01 00:17 . 2011-03-19 17:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-20 10:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-19 17:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-19 18:36 . 2011-03-19 18:36 42496 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\2c59f0cccb124a534f867869f9d9f1d8\System.Windows.Presentation.ni.dll
+ 2011-03-19 18:36 . 2011-03-19 18:36 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\65cf5e7a11fdde4415253d606b9f3520\System.Web.ApplicationServices.ni.dll
+ 2011-03-19 18:34 . 2011-03-19 18:34 97280 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\5e487d84301e732cd6f67fcef67f7638\System.AddIn.Contract.ni.dll
+ 2011-03-19 18:29 . 2011-03-19 18:29 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\4c681378c4b57eef9814b4533ed2287d\Microsoft.VisualC.ni.dll
+ 2011-03-19 18:27 . 2011-03-19 18:27 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\0686f5bdd6de1d31f5998b8b0cd181ed\dfsvc.ni.exe
+ 2011-03-19 18:27 . 2011-03-19 18:27 57856 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\3c4a3570a3fa74e0d8b379fe5711b712\Accessibility.ni.dll
+ 2009-09-01 17:48 . 2011-03-19 18:24 679144 c:\windows\system32\prfh0816.dat
+ 2009-09-01 17:07 . 2011-03-19 18:24 363466 c:\windows\system32\prfh0804.dat
+ 2009-09-01 15:05 . 2011-03-19 18:24 663606 c:\windows\system32\prfh0416.dat
+ 2009-09-01 17:48 . 2011-03-19 18:24 133554 c:\windows\system32\prfc0816.dat
+ 2009-09-01 17:07 . 2011-03-19 18:24 104926 c:\windows\system32\prfc0804.dat
+ 2009-09-01 15:05 . 2011-03-19 18:24 127896 c:\windows\system32\prfc0416.dat
+ 2009-09-01 18:46 . 2011-03-19 18:24 610004 c:\windows\system32\perfh01F.dat
+ 2009-09-01 16:36 . 2011-03-19 18:24 617370 c:\windows\system32\perfh01D.dat
+ 2009-09-01 15:58 . 2011-03-19 18:24 675760 c:\windows\system32\perfh019.dat
+ 2009-09-01 14:51 . 2011-03-19 18:24 689528 c:\windows\system32\perfh015.dat
+ 2009-09-01 15:28 . 2011-03-19 18:24 448388 c:\windows\system32\perfh014.dat
+ 2009-09-01 16:51 . 2011-03-19 18:24 690994 c:\windows\system32\perfh013.dat
+ 2009-09-01 18:15 . 2011-03-19 18:24 399538 c:\windows\system32\perfh012.dat
+ 2009-09-01 15:38 . 2011-03-19 18:24 388320 c:\windows\system32\perfh011.dat
+ 2009-09-01 15:47 . 2011-03-19 18:24 688910 c:\windows\system32\perfh010.dat
+ 2009-09-01 14:29 . 2011-03-19 18:24 631982 c:\windows\system32\perfh00E.dat
+ 2009-09-01 14:37 . 2011-03-19 18:24 694232 c:\windows\system32\perfh00C.dat
+ 2009-09-01 14:06 . 2011-03-19 18:24 433190 c:\windows\system32\perfh00B.dat
+ 2009-07-14 02:36 . 2011-03-19 18:24 615810 c:\windows\system32\perfh009.dat
+ 2009-09-01 15:13 . 2011-03-19 18:24 551572 c:\windows\system32\perfh008.dat
+ 2009-09-01 16:24 . 2011-03-19 18:24 643638 c:\windows\system32\perfh007.dat
+ 2009-09-01 18:02 . 2011-03-19 18:24 461974 c:\windows\system32\perfh006.dat
+ 2009-07-14 15:18 . 2011-03-19 18:24 631054 c:\windows\system32\perfh005.dat
+ 2009-09-01 14:37 . 2011-03-19 18:24 434288 c:\windows\system32\perfh001.dat
+ 2009-09-01 18:46 . 2011-03-19 18:24 121328 c:\windows\system32\perfc01F.dat
+ 2009-09-01 16:36 . 2011-03-19 18:24 123542 c:\windows\system32\perfc01D.dat
+ 2009-09-01 15:58 . 2011-03-19 18:24 132318 c:\windows\system32\perfc019.dat
+ 2009-09-01 14:51 . 2011-03-19 18:24 134642 c:\windows\system32\perfc015.dat
+ 2009-09-01 16:51 . 2011-03-19 18:24 132742 c:\windows\system32\perfc013.dat
+ 2009-09-01 18:15 . 2011-03-19 18:24 104478 c:\windows\system32\perfc012.dat
+ 2009-09-01 15:38 . 2011-03-19 18:24 106190 c:\windows\system32\perfc011.dat
+ 2009-09-01 15:47 . 2011-03-19 18:24 126946 c:\windows\system32\perfc010.dat
+ 2009-09-01 14:29 . 2011-03-19 18:24 148112 c:\windows\system32\perfc00E.dat
+ 2009-09-01 14:37 . 2011-03-19 18:24 129942 c:\windows\system32\perfc00C.dat
+ 2009-07-14 02:36 . 2011-03-19 18:24 106190 c:\windows\system32\perfc009.dat
+ 2009-09-01 16:24 . 2011-03-19 18:24 129342 c:\windows\system32\perfc007.dat
+ 2009-07-14 15:18 . 2011-03-19 18:24 121708 c:\windows\system32\perfc005.dat
- 2009-07-14 04:45 . 2010-08-13 12:10 284568 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-03-20 08:55 284568 c:\windows\system32\FNTCACHE.DAT
+ 2011-03-19 18:36 . 2011-03-19 18:36 314368 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\5178ccd7b3d99767e2c3d8196b1291b0\WindowsFormsIntegration.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\4620b40bef5e4c7d2581bb512ef2a1cc\UIAutomationTypes.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 121344 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\7b17cf871afa765d0c3b0565351a00e6\UIAutomationProvider.ni.dll
+ 2011-03-19 18:36 . 2011-03-19 18:36 637952 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\bcc4801fa80621913928a055b839a447\UIAutomationClient.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 523264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\8d1ad83293acbb09867764074a3b7c91\System.Xml.Linq.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 251904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\d40cca98159dcb0bed05eb11644581aa\System.Windows.Input.Manipulations.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 900096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\b9639000d848065d5937a98d9d37c236\System.Transactions.ni.dll
+ 2011-03-19 18:36 . 2011-03-19 18:36 275456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\c869c8e2730ad09a338aa41580c1ead6\System.ServiceProcess.ni.dll
+ 2011-03-19 18:36 . 2011-03-19 18:36 504832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\fddb0a5adf28097fc166120fe67d0cab\System.ServiceModel.Routing.ni.dll
+ 2011-03-19 18:36 . 2011-03-19 18:36 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\622c8c5fea5901983f2c635ff777409d\System.ServiceModel.Channels.ni.dll
+ 2011-03-19 18:28 . 2011-03-19 18:28 928768 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\9098bc59fa0fae5aa24e2fbb2087fd0f\System.Security.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 374272 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\add70e8e669f6613e1e9f5e537a79af6\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 976896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\6c0245c1267354f94a5c42dad13e1883\System.Runtime.Remoting.ni.dll
+ 2011-03-19 18:28 . 2011-03-19 18:28 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\29ceb21ecb5ed7ac052fc8c97b4f3420\System.Numerics.ni.dll
+ 2011-03-19 18:35 . 2011-03-19 18:35 904704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\be5929383f79c683d07e77ed71ee7f36\System.Net.ni.dll
+ 2011-03-19 18:35 . 2011-03-19 18:35 767488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\6588c7f3f652f6ab162efc8c758dd77a\System.Messaging.ni.dll
+ 2011-03-19 18:35 . 2011-03-19 18:35 509952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\2e71f654649aa9301e7e6f9ad16867f4\System.Management.Instrumentation.ni.dll
+ 2011-03-19 18:35 . 2011-03-19 18:35 520192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\0975f952a77c4626b088cb0227a0219f\System.IO.Log.ni.dll
+ 2011-03-19 18:35 . 2011-03-19 18:35 288256 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\a65974ade4a47bac689a0fc9cc2434dd\System.IdentityModel.Selectors.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 338944 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\933f119167eec93aa5b7e1bcf60680a4\System.EnterpriseServices.Wrapper.dll
+ 2011-03-19 18:28 . 2011-03-19 18:28 489984 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\63c053381739d8a3cd0864b80be6a268\System.Dynamic.ni.dll
+ 2011-03-19 18:35 . 2011-03-19 18:35 623104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\2431986836d5837e1cd8dd2efffe5d9e\System.DirectoryServices.Protocols.ni.dll
+ 2011-03-19 18:35 . 2011-03-19 18:35 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\8e3bffae30225a91017f89a603037c58\System.Device.ni.dll
+ 2011-03-19 18:34 . 2011-03-19 18:34 175104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\9cdeabaa1f485116ab1e70ac8c0ee546\System.Data.DataSetExtensions.ni.dll
+ 2011-03-19 18:34 . 2011-03-19 18:34 179712 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\2a420f35999e9f99a13ed05a4d0d5cf2\System.Configuration.Install.ni.dll
+ 2011-03-19 18:34 . 2011-03-19 18:34 252416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\35a0282e471b22edc2a8428c9c48193b\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-03-19 18:34 . 2011-03-19 18:34 997888 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\1ae364f72241a6791cc5ad736295860a\System.ComponentModel.Composition.ni.dll
+ 2011-03-19 18:34 . 2011-03-19 18:34 827392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\a10ec28b65db2a464f37365bc840ba53\System.AddIn.ni.dll
+ 2011-03-19 18:34 . 2011-03-19 18:34 537600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\bbd1960b38dcb733172b5e69989d7ae8\System.Activities.DurableInstancing.ni.dll
+ 2011-03-19 18:27 . 2011-03-19 18:27 424960 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\d20799ac98338d32319cf18637d0aae6\SMSvcHost.ni.exe
+ 2011-03-19 18:33 . 2011-03-19 18:33 182272 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\5f1db18f351bd91a2280f09e03c28e1f\SMDiagnostics.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 745472 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\e7952b2f1176fa062fe2e08050d04b81\PresentationFramework.Luna.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 330240 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\dd83a1f508f9a53939fc088c40bb4281\PresentationFramework.Classic.ni.dll
+ 2011-03-19 18:31 . 2011-03-19 18:31 553984 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\da86ba9879882d14819e308e7da96cd2\PresentationFramework.Aero.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 387072 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\0fd7de19ad1551bc4730ae19fa852729\PresentationFramework.Royale.ni.dll
+ 2011-03-19 18:29 . 2011-03-19 18:29 287232 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\f3e7c22928a6a7c3d6472f7050864198\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-03-19 18:28 . 2011-03-19 18:28 595456 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\81a901abacef7787ea138bd80f9f74ea\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-03-19 18:27 . 2011-03-19 18:27 276992 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\e95333f11e18e341aaca3b5f59ce3da4\CustomMarshalers.ni.dll
+ 2011-03-19 18:29 . 2011-03-19 18:29 5060608 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e39e7f1c810b0cc889f09d248759873c\WindowsBase.ni.dll
+ 2011-03-19 18:36 . 2011-03-19 18:36 1424896 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d8d589f7f5c84b244406fe9f1fe9763d\UIAutomationClientsideProviders.ni.dll
+ 2011-03-19 18:28 . 2011-03-19 18:28 6972928 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\30345935ad8db399dd405d9eaed95ece\System.Xml.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 2406400 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\9d719e9b660661a18a369306bcc84a99\System.Xaml.ni.dll
+ 2011-03-19 18:36 . 2011-03-19 18:36 5587456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\7d29c43838a95ed62f9bafad0c878074\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-03-19 18:36 . 2011-03-19 18:36 2220032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\474b29b38d4cd5ee30b4e3c940cf31cc\System.Web.Services.ni.dll
+ 2011-03-19 18:36 . 2011-03-19 18:36 2653696 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\8a0ceb1e14f9b3d0ae6734d89b57ee6a\System.Speech.ni.dll
+ 2011-03-19 18:36 . 2011-03-19 18:36 1885184 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\78a73a319d056b417bd058311039b4a6\System.ServiceModel.Activities.ni.dll
+ 2011-03-19 18:36 . 2011-03-19 18:36 1547776 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\1bda74a2345f4e5e00c2d4e802940164\System.ServiceModel.Discovery.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 3375616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\e318c97243c209ad6801770de04ba29b\System.Runtime.Serialization.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 1327616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\5c9555a9e8ec61d16f4dee679e4cc288\System.Runtime.DurableInstancing.ni.dll
+ 2011-03-19 18:34 . 2011-03-19 18:34 1396224 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\969916b697e88c13666b0895333a906f\System.Printing.ni.dll
+ 2011-03-19 18:35 . 2011-03-19 18:35 1438720 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\976855f9e4fdd7a7489eceaca12b756c\System.Management.ni.dll
+ 2011-03-19 18:35 . 2011-03-19 18:35 1401856 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\90dca1f71595594a472960926a108ede\System.IdentityModel.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 1051136 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\933f119167eec93aa5b7e1bcf60680a4\System.EnterpriseServices.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 2248192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\32ecd0d78b53adfc9a92d9694302cfe3\System.Drawing.ni.dll
+ 2011-03-19 18:35 . 2011-03-19 18:35 1193472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\4d0958d0f68bf260d3a393b045ec049e\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 1587200 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1e2b16c3106cb7c96ef520fe3135f5d0\System.DirectoryServices.ni.dll
+ 2011-03-19 18:34 . 2011-03-19 18:34 2353152 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\219efea4217ca24a5bb5288cc91f7650\System.Deployment.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 8485376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\e9e70b6a7652bad9c2234e3dfd4d7d7a\System.Data.ni.dll
+ 2011-03-19 18:28 . 2011-03-19 18:28 3323392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\4b3f9d0e1dbd037a12fbd1cbb2e5069a\System.Data.SqlXml.ni.dll
+ 2011-03-19 18:35 . 2011-03-19 18:35 1750016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\bac3be67a09ef8e123f473fe23a6d25d\System.Data.Services.Client.ni.dll
+ 2011-03-19 18:35 . 2011-03-19 18:35 3320832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\4b474d2a6ad855baeb55f3345a08751b\System.Data.Linq.ni.dll
+ 2011-03-19 18:28 . 2011-03-19 18:28 1247232 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\35612719b7e85cf31412570cb149452d\System.Configuration.ni.dll
+ 2011-03-19 18:34 . 2011-03-19 18:34 5633536 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\a0c954755dcf79c9fc3d1852ac22e39b\System.Activities.ni.dll
+ 2011-03-19 18:34 . 2011-03-19 18:34 4817408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\6ac7211df8e29b0eea70a47337db910b\System.Activities.Presentation.ni.dll
+ 2011-03-19 18:34 . 2011-03-19 18:34 1948160 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\00d2da93739f0be14d8d5b2078d21616\System.Activities.Core.Presentation.ni.dll
+ 2011-03-19 18:34 . 2011-03-19 18:34 3910656 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\9d991b77b296cdd8a38d20a60a67a319\ReachFramework.ni.dll
+ 2011-03-19 18:33 . 2011-03-19 18:33 1987584 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\9b015a6de82756f977e3d442ff34d071\PresentationUI.ni.dll
+ 2011-03-19 18:28 . 2011-03-19 18:28 2269696 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\bf2ccbd989cfa11ffca95c44cb1e0801\Microsoft.VisualBasic.ni.dll
+ 2011-03-19 18:28 . 2011-03-19 18:28 1831424 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\bbfc509c9148c7ff64dadf5fd0929089\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-03-19 18:28 . 2011-03-19 18:28 1612800 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\46a7345eec6a29aac09b1a83b82807de\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-03-19 18:28 . 2011-03-19 18:28 1490944 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\a4c81bd423441b8f3f4e6d100931cc6b\Microsoft.Transactions.Bridge.ni.dll
+ 2011-03-19 18:35 . 2011-03-19 18:35 3288064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\c3c51361d905d2c2d601a937f36174be\Microsoft.JScript.ni.dll
+ 2011-03-19 18:28 . 2011-03-19 18:28 1968640 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\280072df209fd3d99a8de11bc27fd48e\Microsoft.CSharp.ni.dll
+ 2009-09-11 12:05 . 2011-03-02 19:14 39946696 c:\windows\system32\MRT.exe
+ 2010-06-25 15:59 . 2010-06-25 15:59 19348992 c:\windows\assembly\temp\8GJYWZ1NBD\mscorlib.ni.dll
+ 2011-03-19 18:23 . 2011-03-19 18:23 11722240 c:\windows\assembly\NativeImages_v4.0.30319_64\System\51cda0a17dc11baf2aca18fc315180aa\System.ni.dll
+ 2011-03-19 18:34 . 2011-03-19 18:34 17046528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\b63c84f87c8a3b5d06ed5d24b2213db9\System.Windows.Forms.ni.dll
+ 2011-03-19 18:36 . 2011-03-19 18:36 24146944 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\7f2f2a7a85d864045ebcc4045f8d2cb5\System.ServiceModel.ni.dll
+ 2011-03-19 18:35 . 2011-03-19 18:35 18089472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\ff5d2246c17025c7a6d0741f525e22a2\System.Data.Entity.ni.dll
+ 2011-03-19 18:28 . 2011-03-19 18:28 10199552 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\8e8a50635d9009c19f12cc3dc5ae5778\System.Core.ni.dll
+ 2011-03-19 18:31 . 2011-03-19 18:31 22967808 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\00cba65aaefb75b447bdf9aafc43f7e0\PresentationFramework.ni.dll
+ 2011-03-19 18:29 . 2011-03-19 18:29 14810112 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\5601e7fc2f380c87465dc723cf5f87fe\PresentationCore.ni.dll
+ 2011-03-19 18:23 . 2011-03-19 18:23 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\579283232d5de98daaa319ab6dffa3cd\mscorlib.ni.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\steam\steam.exe" [2010-11-17 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ICQ"="c:\program files (x86)\ICQ7.4\ICQ.exe" [2011-03-01 119608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
.
c:\users\tatka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-9-16 384512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2009-05-14 731840]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-12-11 6952480]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-11 1833504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,48,50,00,67,74,04,49,99,70,7f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,48,50,00,67,74,04,49,99,70,7f,\
.
[HKEY_USERS\S-1-5-21-3412280854-2301416076-1472569319-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0e,b2,f9,ca,9a,ca,35,7f,34,ea,7d,ab,0f,62,12,87,dd,f9,eb,c9,ec,ae,58,
90,21,ee,bf,9c,a3,a0,9c,6b,4b,2f,41,80,ae,90,a1,9d,92,12,09,e1,c1,42,f2,3c,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-3412280854-2301416076-1472569319-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2011-03-20 11:15:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-20 10:15
ComboFix2.txt 2011-03-19 18:03
.
Před spuštěním: Volných bajtů: 15 352 049 664
Po spuštění: Volných bajtů: 14 775 291 904
.
- - End Of File - - 63FD5446E2609E5AE620C509778F7497

[vyosek]

Mrchy se nam tam drzi

Stahnete Avenger (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
• Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
• Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

• Kód: Vybrat vše

  Files to delete:
  c:\windows\system32\arp.exe
  c:\windows\system32\slwga.dll
  c:\windows\system32\systemcpl.dll

• Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
• Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
• Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
• Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt