VIRY.CZ

ferenc77 píše:...PC sa zdá byť OK

V tom případě je to z mé strany vše.

Dám ešte pre istotu jeden log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by user at 2014-04-15 21:05:39
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (34%) free of 51 GB
Total RAM: 1023 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:05:46, on 15. 4. 2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\SearchIndexer.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\WINDOWS.0\system32\RunDLL32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\WINDOWS.0\system32\SearchProtocolHost.exe
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5204719224
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe

--
End of file - 5314 bytes

======Scheduled tasks folder======

C:\WINDOWS.0\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\9pmm0c8i.default

prefs.js - "browser.startup.homepage" - "www.google.sk"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.182 Plugin
"Path"=C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


C:\Program Files\Mozilla Firefox\components\
flashplayer.xpt

C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\9pmm0c8i.default\extensions\
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS.0\system32\NvCpl.dll [2013-06-21 15677728]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-09-12 5110672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru]
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-05-16 1012000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2013-03-23 1982312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS.0\RTHDCPL.EXE [2013-07-30 18665472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2007-02-13 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=schannel.dll, credssp.dll, digest.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS.0\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS.0\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.vorbis"=vorbis.acm

======List of files/folders created in the last 1 month======

2014-04-15 21:05:39 ----D---- C:\rsit
2014-04-14 21:32:48 ----SHD---- C:\RECYCLER
2014-04-14 20:25:57 ----A---- C:\WINDOWS.0\system32\drivers\MBAMSwissArmy.sys
2014-04-14 20:24:34 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2014-04-14 20:24:34 ----A---- C:\WINDOWS.0\system32\drivers\mbamchameleon.sys
2014-04-14 20:24:34 ----A---- C:\WINDOWS.0\system32\drivers\mbam.sys
2014-04-14 20:20:43 ----D---- C:\AdwCleaner
2014-04-13 20:56:18 ----A---- C:\WINDOWS.0\imsins.BAK
2014-04-13 20:56:05 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2922229$
2014-04-08 21:46:31 ----RASHD---- C:\cmdcons
2014-04-08 21:40:46 ----D---- C:\WINDOWS.0\CSC
2014-04-08 21:40:38 ----A---- C:\WINDOWS.0\ntbtlog.txt
2014-04-06 13:41:00 ----D---- C:\Documents and Settings\user\Application Data\TuneUp Software
2014-04-06 13:36:23 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TuneUp Software
2014-04-06 13:36:02 ----SHD---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-06 13:36:02 ----HD---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Common Files
2014-04-06 13:34:20 ----D---- C:\Documents and Settings\user\Application Data\Image-Line
2014-04-06 13:33:39 ----D---- C:\Documents and Settings\user\Application Data\FlowStone
2014-04-06 13:33:38 ----D---- C:\Program Files\DSPRobotics
2014-04-06 13:26:56 ----D---- C:\Program Files\Image-Line
2014-04-06 11:30:25 ----D---- C:\Documents and Settings\user\Application Data\Anvil Studio
2014-03-21 17:54:20 ----D---- C:\Documents and Settings\user\Application Data\Winamp
2014-03-20 22:47:26 ----N---- C:\WINDOWS.0\system32\spmsg.dll
2014-03-20 21:55:23 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2014-04-15 21:05:46 ----D---- C:\Program Files\trend micro
2014-04-15 20:23:59 ----D---- C:\WINDOWS.0\Prefetch
2014-04-15 20:15:19 ----D---- C:\WINDOWS.0\Temp
2014-04-15 17:34:39 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2014-04-14 22:54:25 ----D---- C:\WINDOWS.0\system32\CatRoot2
2014-04-14 21:38:23 ----D---- C:\WINDOWS.0\system32\drivers
2014-04-14 21:35:17 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2808679$
2014-04-14 21:35:13 ----D---- C:\WINDOWS.0\system32
2014-04-14 20:24:34 ----RD---- C:\Program Files
2014-04-14 20:24:34 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2014-04-14 20:17:35 ----D---- C:\WINDOWS.0
2014-04-14 20:16:42 ----SHD---- C:\System Volume Information
2014-04-14 20:16:42 ----D---- C:\WINDOWS.0\system32\Restore
2014-04-14 20:09:44 ----D---- C:\Program Files\Internet Explorer
2014-04-13 21:04:00 ----HD---- C:\WINDOWS.0\inf
2014-04-13 21:03:55 ----RSHDC---- C:\WINDOWS.0\system32\dllcache
2014-04-13 21:03:22 ----D---- C:\WINDOWS.0\ie8updates
2014-04-13 21:02:59 ----D---- C:\WINDOWS.0\system32\MRT
2014-04-13 20:59:39 ----D---- C:\WINDOWS.0\Debug
2014-04-13 20:59:28 ----A---- C:\WINDOWS.0\system32\mrt.exe
2014-04-13 20:59:16 ----SHD---- C:\WINDOWS.0\Installer
2014-04-13 20:59:15 ----SHD---- C:\Config.Msi
2014-04-13 20:59:15 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft Help
2014-04-11 15:45:06 ----A---- C:\WINDOWS.0\system32\FlashPlayerApp.exe
2014-04-08 21:46:35 ----RASH---- C:\boot.ini
2014-04-08 21:40:51 ----D---- C:\Documents and Settings
2014-04-08 20:25:53 ----A---- C:\Boot.bak
2014-04-07 22:43:40 ----SD---- C:\WINDOWS.0\Tasks
2014-04-07 20:46:26 ----D---- C:\Program Files\Common Files
2014-04-07 11:13:27 ----D---- C:\Documents and Settings\user\Application Data\vlc
2014-04-06 13:41:46 ----D---- C:\WINDOWS.0\system32\config
2014-04-06 12:59:45 ----A---- C:\WINDOWS.0\system32\PerfStringBackup.INI
2014-03-21 18:07:39 ----D---- C:\Program Files\Winamp
2014-03-20 22:48:50 ----D---- C:\Program Files\Windows Media Player
2014-03-20 22:48:50 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-03-20 22:47:27 ----D---- C:\WINDOWS.0\system32\CatRoot
2014-03-20 22:46:31 ----D---- C:\WINDOWS.0\system32\drivers\UMDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdide;amdide; C:\WINDOWS.0\system32\DRIVERS\amdide.sys [2010-06-30 11832]
R0 mv61xxmm;mv61xxmm; C:\WINDOWS.0\system32\drivers\mv61xxmm.sys [2011-09-14 13616]
R0 mv64xxmm;mv64xxmm; C:\WINDOWS.0\system32\drivers\mv64xxmm.sys [2011-09-14 5632]
R0 mvxxmm;mvxxmm; C:\WINDOWS.0\system32\drivers\mvxxmm.sys [2011-09-14 13616]
R0 PxHelp20;PxHelp20; C:\WINDOWS.0\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS.0\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 eamon;eamon; C:\WINDOWS.0\system32\DRIVERS\eamon.sys [2013-09-17 184664]
R1 ehdrv;ehdrv; C:\WINDOWS.0\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
R1 epfwtdi;epfwtdi; C:\WINDOWS.0\system32\DRIVERS\epfwtdi.sys [2013-09-17 61600]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS.0\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS.0\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 epfw;epfw; C:\WINDOWS.0\system32\DRIVERS\epfw.sys [2013-09-17 174400]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS.0\system32\DRIVERS\rspndr.sys [2011-09-14 62848]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS.0\system32\DRIVERS\Epfwndis.sys [2013-09-17 38952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS.0\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS.0\system32\drivers\RtkHDAud.sys [2013-07-30 5788672]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS.0\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2011-09-14 12160]
R3 nv;nv; C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys [2013-06-21 10973504]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS.0\system32\drivers\nvhda32.sys [2013-02-25 128672]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS.0\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ambfilt;Ambfilt; C:\WINDOWS.0\system32\drivers\Ambfilt.sys [2013-07-30 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS.0\system32\drivers\MBAMSwissArmy.sys []
S3 Monfilt;Monfilt; C:\WINDOWS.0\system32\drivers\Monfilt.sys [2013-07-30 1389056]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbscan;USB Scanner Driver; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS.0\System32\Drivers\wpdusb.sys [2009-01-30 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 exFat;exFat; C:\WINDOWS.0\system32\drivers\exFat.sys [2011-09-14 133632]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-12-18 182696]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS.0\system32\nvsvc32.exe [2013-06-21 156960]
R2 WSearch;Windows Search; C:\WINDOWS.0\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2014-04-03 857912]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-11 257712]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-20 119408]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-01-30 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS.0\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-04-03 1809720]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS.0\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-23 1259296]

-----------------EOF-----------------

Odinstaluj Mbam a pak ještě jednou zkus spustit ComboFix.

Ani tak to nejde.

ferenc77 píše:Ani tak to nejde.

Nevadí


Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Spusť skener Cure It podle TOHOTO návodu

po skončení skenu chci sem výsledky.

(Upozornění je úchylně pomalý a je zapotřebí ho sledovat občas se na něco ptá)

Dal som to sem Nezmestilo sa to sem.

Bezva, infikované jsi doufám smazal ?

No a jaký je stav PC ?

Sú zmazané. PC sa zdá byť OK. Treba ešte log z RSITu?

ferenc77 píše:Treba ešte log z RSITu?

Pokud již není žadný problém log nepotřebuji.

OK teda, tak ďakujem

Není zač a