Rsit log - pls o kontrolu

[pedro85]

log.


ComboFix 11-09-13.01 - Pedro85 . 09. 2011 15:13:14.7.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4026.2667 [GMT 2:00]
Running from: c:\users\Pedro85\Desktop\ComboFix.exe
Command switches used :: c:\users\Pedro85\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\drivers\56918403.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Pedro85\AppData\Roaming\Microsoft\Helper\helper.exe
c:\windows\system32\drivers\56918403.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_56918403
-------\Legacy_84566901
-------\Service_56918403
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2011-08-13 to 2011-09-13 )))))))))))))))))))))))))))))))
.
.
2011-09-13 13:17 . 2011-09-13 13:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-09-13 13:17 . 2011-09-13 13:17 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-09-13 13:17 . 2011-09-13 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-13 12:43 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{81C9A771-6A7D-4F78-B4EC-FA90B9B0DD9B}\mpengine.dll
2011-09-12 16:18 . 2011-09-12 16:18 -------- d-----w- c:\programdata\Kaspersky Lab
2011-09-12 12:27 . 2011-09-12 12:27 -------- d-----w- c:\users\Pedro85\AppData\Roaming\Malwarebytes
2011-09-12 12:27 . 2011-09-12 12:27 -------- d-----w- c:\programdata\Malwarebytes
2011-09-12 12:27 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-12 11:32 . 2011-09-12 11:32 -------- d-----w- C:\_OTM
2011-09-12 10:37 . 2011-09-12 10:37 -------- d-----w- C:\rsit
2011-09-08 13:20 . 2011-09-08 15:03 -------- d-----w- c:\users\Pedro85\P5JavaClientSettings
2011-09-08 07:59 . 2011-07-27 20:01 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{00C3C2E1-88C8-4EE7-B1D8-65F4913B5BEA}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 07:04 . 2011-05-28 10:39 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-12 04:10 . 2011-07-29 07:14 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-10 17:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-10 17:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-08 20:03 . 2011-08-08 20:03 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-08 19:46 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-27 20:01 . 2011-08-12 08:21 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-07-21 08:36 . 2011-07-21 08:34 20676536 ----a-w- c:\windows\REGBK00.ZIP
2011-07-21 08:25 . 2011-07-21 08:25 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2011-07-21 08:25 . 2011-07-21 08:25 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2011-07-21 08:25 . 2011-07-21 08:25 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe
2011-07-20 07:44 . 2011-07-27 20:05 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5D2B25D-1CAF-4D94-AD59-1A7485F6F17B}\mpengine.dll
2011-06-30 11:14 . 2011-06-30 11:14 184320 ----a-r- c:\users\Pedro85\AppData\Roaming\Microsoft\Installer\{57368944-F52C-4992-95A3-C556AF854961}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-13_09.22.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-10 05:13 . 2011-09-13 13:21 63492 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-13 13:21 43524 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-17 11:55 . 2011-09-13 13:21 19748 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2171934221-1264263934-1850883141-1000_UserData.bin
+ 2010-11-17 00:53 . 2011-09-13 12:15 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2010-11-17 00:53 . 2011-07-27 18:40 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2010-05-18 18:51 . 2011-09-13 12:15 2158 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-09-13 08:23 . 2011-09-13 08:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-13 13:18 . 2011-09-13 13:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-13 13:18 . 2011-09-13 13:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-13 08:23 . 2011-09-13 08:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-09-13 08:27 612194 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-09-13 12:36 612194 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-09-13 08:27 105412 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-09-13 12:36 105412 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-09-12 22:10 775674 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-09-13 13:18 775674 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-10 09:43 . 2011-09-13 13:18 6365228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2171934221-1264263934-1850883141-1000-8192.dat
- 2010-12-10 09:43 . 2011-09-11 21:52 6365228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2171934221-1264263934-1850883141-1000-8192.dat
+ 2011-05-11 18:40 . 2011-09-13 12:09 11542818 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2171934221-1264263934-1850883141-1000-12288.dat
- 2011-05-11 18:40 . 2011-09-12 11:34 11542818 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2171934221-1264263934-1850883141-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
.
c:\users\Pedro85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_56918403.lnk - c:\users\Pedro85\AppData\Local\Temp\_uninst_56918403.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-9-10 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\Drivers\AVerAF15.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cpuz135;cpuz135;c:\users\Pedro85\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [x]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-18 1436424]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-19 796192]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-04 8098848]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-08-19 496160]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 387608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 16336416]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uDefault_Search_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-combofix - c:\combofix\CF30218.3XE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Completion time: 2011-09-13 15:25:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-13 13:25
ComboFix2.txt 2011-09-13 09:25
.
Pre-Run: 35 397 107 712 bytes free
Post-Run: 35 303 784 448 bytes free
.
- - End Of File - - C3AF04A95B7D3D2790C79DB7A3715D72
Upload was successful

[vyosek]

Jak se chova PC nyni

[pedro85]

vypada to dobre

[vyosek]

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Ja jsem svuj ukol zde splnil, nyni vas tedy opet predavam do rukou kolegy, ktery s vami zacal a udelal to nejdulezitejsi

Preji pekny zbytek dne,
s pozdravem vyosek

[pedro85]

vsetko urobene

dobre diki, aj tebe prijemny zbytok dna
nech sa dari

[vyosek]

Kolega bude jeste predpokladam pokracovat, tak sem vecer jeste nakouknete

[Mc_Murphy]

Moc děkuji kolegovi vyosek za zdatnou pomoc , rozhodně jsem neudělal to nejdůležitější.


Pokud jsi odinstaloval Combofix a použil T-Cleaner, tak tu zde už jen dočistíme.

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stáhni a spusť.
• Klikni na CleanUp a potvrď YES.
• Program uklidí a restartuje PC.

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stáhni a spusť.
• Klikni na Start a potvrď OK.
• Program uklidí a restartuje PC.
• Po použití utilitu smaž.

Pokud nemáš, stáhni CCleaner z tohoto odkazu.

• Panel čistič
• Vše nech jak je, jen dej Analyzovat a poté Spustit CCleaner.

• Panel registry
• Klikni na Hledej problémy.
• Následně na Opravit problémy - zálohu registrů doporučuji udělat, oprav všechny problémy.
• Postup opakuj, dokud nebude bez problémů - většinou cca 3x.

• Panel nástroje
• Zde můžeš odinstalovat nepotřebné programy.

CCleaner doporučuji používat cca jednou za týden.

A pokud nejsou další dotazy, bylo by to z mé (naší) strany vše.

[pedro85]

vsetko urobene

- akurat TFC, nerestartoval PC

ok, diki za vsetko chalani, dobra praca, nech sa dari

good luck

[Mc_Murphy]

S tím TFC to není problém.

Není vůbec zač a rádo se stalo.

A protože tu byl kolega vyosek (on by mi neodpustil, kdybych to neudělal ), nesmím zapomenout na to, že na závěr Ti zahraje naše kapela.

[vyosek]

I za me, neni zac

Pekny zbytek vecera a jsme tu i priste