Problémy s widgety, ActiveX, přepínačem jazyků, pomalost PC

[R@ptor]

Zdravím vás. Chtěl bych poprosit o radu s zvláštním problémem. Před nedávnem mi zmizel ze systému přepínač pro výběr jazyků (nebyl na hlavním panelu). V nastavení byl přitom zapnutý. Toho jsem vyřešil přidáním jednoho klíče do registru. Mám ale i další problémy. Aplikace mi začínají vyhazovat problémy s ActiveX:



Já ale na žádný ActiveX prvek ani nesáhl (nepoužívám IE) a nic jsem neblokoval. Mimochodem v záhlaví okna je "Internet Explorer", ale v IE to není. Dalším problém se objevil při zobrazování Gadgetů plochy (Windows 7). Gadgety se zobrazí tak napůl. Zobrazí se jen jejich ovládací prvky. Nalevo můžete vidět Picture Frame widget, napravo Počasí:



K tomu všemu se mi zdá, že se PC zpomalilo. Dnes jsem udělal kompletní test Avastem Free a Super Anti Spywarem Free. Přikládám logy z hijackthis, MVAV a Combofixu:

HijackThis:

Kód: Vybrat vše

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:31:08, on 9.11.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Programs\DAEMON Tools Lite\DTLite.exe
C:\Users\Raptor\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Users\Raptor\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Program Files\Phone Remote Control\PhoneRemoteControl.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Opera\opera.exe
D:\Programs\AIMP2\AIMP2.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Users\Raptor\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programs\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BCSSync] "D:\Programs\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Nová hodnota #1] “ctfmon”=”CTFMON.EXE”
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programs\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [googletalk] C:\Users\Raptor\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Google Update] "C:\Users\Raptor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Metropolis] rundll32.exe C:\Windows\system32\sshnas21.dll,GetHandle
O4 - HKCU\..\Run: [U36VRSFLG6] C:\Users\Raptor\AppData\Local\Temp\Ktg.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O4 - Global Startup: Phone Remote Control.lnk = C:\Program Files\Phone Remote Control\PhoneRemoteControl.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programs\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E08C1B57-864B-425B-A6C1-595F9FF7FD45}: NameServer = 216.146.35.35,216.146.36.36
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10089 bytes

MWAV:

Kód: Vybrat vše

09 11 2010 22:56:01 - **********************************************************

09 11 2010 22:56:01 - eScan AntiVirus & Spyware Toolkit Utility.

09 11 2010 22:56:01 - Copyright © MicroWorld Technologies

09 11 2010 22:56:01 - **********************************************************

09 11 2010 22:56:01 - Source: C:\Users\Raptor\Desktop\mwav.exe

09 11 2010 22:56:01 - Version 12.0.73 (C:\USERS\RAPTOR\APPDATA\LOCAL\TEMP\MEXE.COM)

09 11 2010 22:56:01 - Log File: C:\Users\Raptor\AppData\Local\Temp\MWAV.LOG

09 11 2010 22:56:01 - MWAV Registered: TRUE

09 11 2010 22:56:01 - User Account: Raptor (Administrator Mode)

09 11 2010 22:56:01 - OS Type: Windows Workstation

09 11 2010 22:56:01 - OS: Windows 7 [OS Install Date: 23 Nov 2009 03:03:45]

09 11 2010 22:56:01 - Ver: Professional (Build 7600)

09 11 2010 22:56:01 - System Up Time: 3 Hours, 15 Minutes, 9 Seconds



09 11 2010 22:56:01 - Parent Process Name : C:\Users\Raptor\Desktop\mwav.exe

09 11 2010 22:56:01 - Windows Root  Folder: C:\Windows

09 11 2010 22:56:01 - Windows Sys32 Folder: C:\Windows\system32

09 11 2010 22:56:01 - DHCP NameServer: 212.111.0.10 194.213.32.237

09 11 2010 22:56:01 - Interface0 NameServer: 216.146.35.35,216.146.36.36

09 11 2010 22:56:01 - Interface0 DHCPNameServer: 212.111.0.10 194.213.32.237

09 11 2010 22:56:01 - Local Fixed Drives: c:\,d:\

09 11 2010 22:56:01 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)

09 11 2010 22:56:01 - [CREATED ZIP FILE: C:\Users\Raptor\AppData\Local\Temp\pinfect.zip]

 

09 11 2010 22:56:01 - ****** Files/Folders created/modified during last fortnight in Windows and ROOT Folder ******

09 11 2010 22:56:04 - C:\Windows\MBR.exe (89088), 08-Nov-2010 [Added C:\Windows\MBR.exe to ZIP FILE]

09 11 2010 22:56:04 - C:\Windows\NIRCMD.exe (31232), 09-Nov-2010, NirSoft, NirCmd

09 11 2010 22:56:04 - C:\Windows\SWREG.exe (161792), 09-Nov-2010, SteelWerX, SteelWerX Registry Editor

09 11 2010 22:56:04 - C:\Windows\SWSC.exe (136704), 09-Nov-2010, SteelWerX, SteelWerX Service Controller

09 11 2010 22:56:04 - C:\Windows\SWXCACLS.exe (212480), 09-Nov-2010, SteelWerX, SteelWerX Extended Configurator ACLists

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll to ZIP FILE]

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll to ZIP FILE]

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll (5120), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll to ZIP FILE]

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll to ZIP FILE]

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll to ZIP FILE]

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll to ZIP FILE]

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll (4608), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll to ZIP FILE]

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll to ZIP FILE]

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll to ZIP FILE]

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll to ZIP FILE]

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll (4608), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll (6144), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-security-lsalookup-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-security-sddl-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-service-core-l1-1-0.dll (2560), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-service-management-l1-1-0.dll (2560), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-service-management-l2-1-0.dll (2560), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:04 - C:\Windows\system32\api-ms-win-service-winsvc-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-service-winsvc-l1-1-0.dll to ZIP FILE]

09 11 2010 22:56:04 - C:\karma.htm (4160), 03-Nov-2010 [Added C:\karma.htm to ZIP FILE]

09 11 2010 22:56:04 - C:\Users\Raptor\AppData\Local\Temp\bdc.exe (91904), 09-Nov-2010, MicroWorld Tech, eScan

09 11 2010 22:56:04 - C:\Users\Raptor\AppData\Local\Temp\bdfltlib2k.dll (231944), 09-Nov-2010, MicroWorld Technologies Inc., eScan for Windows

09 11 2010 22:56:04 - C:\Users\Raptor\AppData\Local\Temp\clean.bat (11), 09-Nov-2010 [Added C:\Users\Raptor\AppData\Local\Temp\clean.bat to ZIP FILE]

09 11 2010 22:56:04 - C:\Users\Raptor\AppData\Local\Temp\encdec.dll (163848), 09-Nov-2010, MicroWorld Technologies Inc., eScan/MailScan/eConceal

09 11 2010 22:56:04 - C:\Users\Raptor\AppData\Local\Temp\erootdrv.sys (13832), 09-Nov-2010, MicroWorld Technologies Inc., eScan/MWAV

09 11 2010 22:56:04 - C:\Users\Raptor\AppData\Local\Temp\mexe.com (2525768), 09-Nov-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)

09 11 2010 22:56:04 - C:\Users\Raptor\AppData\Local\Temp\msvclnt.dll (240136), 09-Nov-2010, MicroWorld Technologies Inc., MailScan

09 11 2010 22:56:04 - C:\Users\Raptor\AppData\Local\Temp\mwavdwnl.exe (788488), 09-Nov-2010, MicroWorld Technologies Inc., eScan

09 11 2010 22:56:05 - C:\Users\Raptor\AppData\Local\Temp\MWAVSCAN.COM (2525768), 09-Nov-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)

09 11 2010 22:56:05 - C:\Users\Raptor\AppData\Local\Temp\red32.dll (10248), 09-Nov-2010, Microsoft Corporation, Microsoft® Windows® Operating System

09 11 2010 22:56:05 - C:\Users\Raptor\AppData\Local\Temp\reload.exe (159240), 09-Nov-2010, MicroWorld Technologies Inc., eScan for Windows

09 11 2010 22:56:05 - C:\Users\Raptor\AppData\Local\Temp\setpriv.exe (65544), 09-Nov-2010, MicroWorld Technologies Inc., eScan AntiVirus Toolkit Utility

09 11 2010 22:56:05 - C:\Users\Raptor\AppData\Local\Temp\unregx.exe (76808), 09-Nov-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility

09 11 2010 22:56:05 - C:\Users\Raptor\AppData\Local\Temp\ViewTCP.exe (1680904), 09-Nov-2010, MicroWorld Technologies Inc., ViewTCP

09 11 2010 22:56:05 - C:\ProgramData\..\karma.htm (4160), 03-Nov-2010 [Added C:\ProgramData\..\karma.htm to ZIP FILE]

 

09 11 2010 22:56:05 - C:\Windows\BitLockerDiscoveryVolumeContents, 14-Jul-2009 [HS] [Folder]

09 11 2010 22:56:05 - C:\Windows\ERDNT, 09-Nov-2010 [Folder]

09 11 2010 22:56:05 - C:\Windows\Fonts, 14-Jul-2009 [SR] [Folder]

09 11 2010 22:56:05 - C:\Windows\Media, 14-Jul-2009 [SR] [Folder]

09 11 2010 22:56:05 - C:\Windows\system32\GroupPolicy, 14-Jul-2009 [H] [Folder]

09 11 2010 22:56:05 - C:\Windows\system32\Microsoft, 14-Jul-2009 [S] [Folder]

09 11 2010 22:56:05 - C:\Documents and Settings, 14-Jul-2009 [HS] [Folder]

09 11 2010 22:56:05 - C:\Genius, 30-Oct-2010 [Folder]

09 11 2010 22:56:05 - C:\Qoobox, 09-Nov-2010 [Folder]

09 11 2010 22:56:05 - C:\Users\Raptor\AppData\Local\Temp\plugins, 09-Nov-2010 [Folder]

09 11 2010 22:56:05 - C:\Users\Raptor\AppData\Local\Temp\{3c8b80bd-a718-43f8-b064-24dcd53c3468}, 09-Nov-2010 [Folder]

09 11 2010 22:56:05 - C:\Users\Raptor\AppData\Roaming\Apple Computer, 04-Nov-2010 [Folder]

09 11 2010 22:56:05 - C:\Users\Raptor\AppData\Roaming\ICQ, 01-Nov-2010 [Folder]

09 11 2010 22:56:05 - C:\Users\Raptor\AppData\Roaming\InstallShield, 30-Oct-2010 [Folder]

09 11 2010 22:56:05 - C:\Users\Raptor\AppData\Roaming\Microsoft, 23-Nov-2009 [S] [Folder]

09 11 2010 22:56:05 - C:\Users\Raptor\AppData\Roaming\SPORE, 27-Oct-2010 [Folder]

09 11 2010 22:56:05 - C:\Users\Raptor\AppData\Roaming\SUPERAntiSpyware.com, 09-Nov-2010 [Folder]

09 11 2010 22:56:05 - C:\ProgramData\Apple, 04-Nov-2010 [Folder]

09 11 2010 22:56:05 - C:\ProgramData\Apple Computer, 04-Nov-2010 [Folder]

09 11 2010 22:56:05 - C:\ProgramData\Application Data, 14-Jul-2009 [HS] [Folder]

09 11 2010 22:56:05 - C:\ProgramData\Data aplikací, 23-Nov-2009 [HS] [Folder]

09 11 2010 22:56:05 - C:\ProgramData\Desktop, 14-Jul-2009 [HS] [Folder]

09 11 2010 22:56:05 - C:\ProgramData\Documents, 14-Jul-2009 [HS] [Folder]

09 11 2010 22:56:05 - C:\ProgramData\Dokumenty, 23-Nov-2009 [HS] [Folder]

09 11 2010 22:56:05 - C:\ProgramData\Microsoft, 14-Jul-2009 [S] [Folder]

09 11 2010 22:56:05 - C:\ProgramData\MicroWorld, 09-Nov-2010 [Folder]

09 11 2010 22:56:05 - C:\ProgramData\Nabídka Start, 23-Nov-2009 [HS] [Folder]

09 11 2010 22:56:05 - C:\ProgramData\Oblíbené položky, 23-Nov-2009 [HS] [Folder]

09 11 2010 22:56:05 - C:\ProgramData\Plocha, 23-Nov-2009 [HS] [Folder]

09 11 2010 22:56:05 - C:\ProgramData\Start Menu, 14-Jul-2009 [HS] [Folder]

09 11 2010 22:56:05 - C:\ProgramData\SUPERAntiSpyware.com, 09-Nov-2010 [Folder]

09 11 2010 22:56:05 - C:\ProgramData\Templates, 14-Jul-2009 [HS] [Folder]

09 11 2010 22:56:05 - C:\ProgramData\Šablony, 23-Nov-2009 [HS] [Folder]

09 11 2010 22:56:05 - C:\ProgramData\..\Documents and Settings, 14-Jul-2009 [HS] [Folder]

09 11 2010 22:56:05 - C:\ProgramData\..\Genius, 30-Oct-2010 [Folder]

09 11 2010 22:56:05 - C:\ProgramData\..\Qoobox, 09-Nov-2010 [Folder]

09 11 2010 22:56:05 - C:\Program Files\Apple Software Update, 04-Nov-2010 [Folder]

09 11 2010 22:56:05 - C:\Program Files\Bonjour, 04-Nov-2010 [Folder]

09 11 2010 22:56:05 - C:\Program Files\InstallJammer Registry, 04-Jul-2010 [H] [Folder]

09 11 2010 22:56:05 - C:\Program Files\Pure Networks, 03-Nov-2010 [Folder]

09 11 2010 22:56:05 - C:\Program Files\SUPERAntiSpyware, 09-Nov-2010 [Folder]

09 11 2010 22:56:05 - C:\Program Files\Common Files\Apple, 04-Nov-2010 [Folder]

 

09 11 2010 22:56:05 - *********************************************************************************************

 

09 11 2010 22:56:05 - Latest Date of files inside MWAV: Wed Oct 20 07:52:50 2010.

09 11 2010 22:56:05 - Plugins FileCount: 783 Sign Version: 7.34343

09 11 2010 22:56:07 - ** Create Value of "1001" in "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" : DWORD:1

09 11 2010 22:56:07 - ** Create Value of "1004" in "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" : DWORD:3

09 11 2010 22:56:07 - ** Deleted Value of "DisableCAD" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon". Its value was DWORD:1.

09 11 2010 22:56:07 - ** Changed Value of "HKEY_CLASSES_ROOT\.htm" from "FirefoxHTML" to "htmlfile"

09 11 2010 22:56:07 - ** Changed Value of "HKEY_CLASSES_ROOT\.html" from "FirefoxHTML" to "htmlfile"

09 11 2010 22:56:07 - Loading/Creating FileScan Database C:\ProgramData\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\Users\Raptor\AppData\Local\Temp\ESCANDB.LOG]

09 11 2010 22:56:09 - Loaded/Created FileScan Database...

09 11 2010 22:56:09 - Loading AV Library [DB]...

09 11 2010 22:56:35 - AV Library Loaded [DB-DIRECT].

09 11 2010 22:56:35 - MWAV doing self scanning...

09 11 2010 22:56:35 - MWAV files are clean.
09 11 2010 22:56:57 - Virus Database Date: 20 Oct 2010
09 11 2010 22:56:57 - Virus Database Count: 6359864
09 11 2010 22:57:05 - Downloading AntiVirus and Anti-Spyware Databases...
09 11 2010 22:58:42 - Update Successful...
09 11 2010 22:58:46 - Indexed Spyware Databases Successfully Created...
09 11 2010 22:58:47 - Old Sign Version: 7.34343	New Sign Version: 7.34612
09 11 2010 22:59:18 - Reload of AntiVirus Signatures successfully done.
09 11 2010 22:59:18 - Virus Database Date: 09 Nov 2010
09 11 2010 22:59:18 - Virus Database Count: 6213844
09 11 2010 23:01:01 - Downloading AntiVirus and Anti-Spyware Databases...
09 11 2010 23:01:11 - Nothing new to download.  Updates are the latest.
 
09 11 2010 23:01:52 - **********************************************************
09 11 2010 23:01:52 - eScan AntiVirus & Spyware Toolkit Utility.
09 11 2010 23:01:52 - Copyright © MicroWorld Technologies
09 11 2010 23:01:52 - 
09 11 2010 23:01:52 - Support: support@escanav.com
09 11 2010 23:01:52 - Web: http://www.escanav.com
09 11 2010 23:01:52 - **********************************************************
09 11 2010 23:01:52 - Version 12.0.73[DB] (C:\USERS\RAPTOR\APPDATA\LOCAL\TEMP\MEXE.COM)
09 11 2010 23:01:52 - Log File: C:\Users\Raptor\AppData\Local\Temp\MWAV.LOG
09 11 2010 23:01:52 - User Account: Raptor (Administrator Mode)
09 11 2010 23:01:52 - Parent Process Name : C:\Users\Raptor\Desktop\mwav.exe
09 11 2010 23:01:52 - Windows Root  Folder: C:\Windows
09 11 2010 23:01:52 - Windows Sys32 Folder: C:\Windows\system32
09 11 2010 23:01:52 - OS: Windows 7 [OS Install Date: 23 Nov 2009 03:03:45]
09 11 2010 23:01:52 - Ver: Professional (Build 7600)
09 11 2010 23:01:52 - Latest Date of files inside MWAV: Wed Oct 20 07:52:50 2010.
09 11 2010 23:01:52 - Plugins FileCount: 785 Sign Version: 7.34612
 
09 11 2010 23:02:00 - Options Selected by User:
09 11 2010 23:02:00 - Memory Check: Enabled
09 11 2010 23:02:00 - Registry Check: Enabled
09 11 2010 23:02:00 - StartUp Folder Check: Enabled
09 11 2010 23:02:00 - System Folder Check: Enabled
09 11 2010 23:02:00 - Services Check: Enabled
09 11 2010 23:02:00 - Scan Spyware: Enabled
09 11 2010 23:02:00 - Drive Check: Disabled
09 11 2010 23:02:00 - All Drive Check :Enabled
09 11 2010 23:02:00 - Folder Check: Disabled
09 11 2010 23:02:00 - SCAN: All_Files
09 11 2010 23:02:00 - MWAV Mode: Only Scan files (Do Not Clean)
 
 
09 11 2010 23:02:01 - ***** Scanning Memory Files *****
 
09 11 2010 23:04:55 - ***** Scanning Registry Files *****
09 11 2010 23:04:57 - ERROR(j)!!! Invalid Entry {42042206-2D85-11D3-8CFF-005004838597} = D:\Programs\Microsoft Office\Office14\msohevi.dll (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
09 11 2010 23:05:08 - ERROR(j)!!! Invalid Entry Nová hodnota #1 = “ctfmon”=”CTFMON.EXE” (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
 
09 11 2010 23:05:11 - ***** Scanning StartUp Folders *****
 
09 11 2010 23:06:42 - ***** Scanning Service Files *****
09 11 2010 23:06:47 - ERROR(g)!!! Invalid Entry \??\C:\Users\Raptor\AppData\Local\Temp\catchme.sys in HKLM\SYSTEM\CurrentControlSet\Services\catchme. Action Taken: No Action Taken.
09 11 2010 23:07:08 - C:\Windows\system32\Drivers\sptd.sys not Scanned. Possibly password protected...
09 11 2010 23:07:16 - ERROR(g)!!! Invalid Entry \??\C:\Users\Raptor\AppData\Local\Temp\mbr.sys in HKLM\SYSTEM\CurrentControlSet\Services\mbr. Action Taken: No Action Taken.
 
09 11 2010 23:07:16 - ***** Scanning Registry and File system for Adware/Spyware *****
09 11 2010 23:07:16 - Loading Spyware Signatures from new External Database [Name: C:\Users\Raptor\AppData\Local\Temp\spydb.avs, Size: 954548]...
09 11 2010 23:07:16 - Indexed Spyware Databases Successfully Created...
 
09 11 2010 23:07:16 - System found infected with Spyware.Borzoi Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{C915F573-4C11-4968-9080-29E611FDBE9F})! Action taken: No Action Taken.
09 11 2010 23:10:21 - System found infected with Spyware.Borzoi Spyware/Adware (HKEY_CLASSES_ROOT\typelib\{169FBBF8-0478-42A4-B386-4F5B2CF9A98B})! Action taken: No Action Taken.
09 11 2010 23:10:21 - System found infected with Spyware.Borzoi Spyware/Adware (HKEY_CLASSES_ROOT\interface\{40A9417F-F41E-40A2-BAA5-FE0ACB1CF8F8})! Action taken: No Action Taken.
09 11 2010 23:11:29 - Offending file found: C:\Users\Raptor\Desktop\PT\unins000.dat
09 11 2010 23:11:29 - System found infected with SpyDefender 2010 Spyware/Adware (unins000.dat)! Action taken: No Action Taken.
 
09 11 2010 23:11:29 - Offending file found: C:\Users\Raptor\Desktop\PT\unins000.exe
09 11 2010 23:11:29 - System found infected with User Account Control (Fake) Spyware/Adware (unins000.exe)! Action taken: No Action Taken.
 
09 11 2010 23:11:30 - Offending file found: C:\Users\Raptor\Documents\Rainmeter\Skins\Enigma\Resources\Instructions.ini
09 11 2010 23:11:30 - System found infected with My Security Engine Spyware/Adware (Instructions.ini)! Action taken: No Action Taken.
 
09 11 2010 23:11:32 - Offending file found: C:\ProgramData\Last.fm\Client\UninstWA\unins000.dat
09 11 2010 23:11:32 - System found infected with SpyDefender 2010 Spyware/Adware (unins000.dat)! Action taken: No Action Taken.
 
09 11 2010 23:11:32 - Offending file found: C:\ProgramData\Last.fm\Client\UninstWA\unins000.exe
09 11 2010 23:11:32 - System found infected with User Account Control (Fake) Spyware/Adware (unins000.exe)! Action taken: No Action Taken.
 
09 11 2010 23:11:32 - Offending file found: C:\ProgramData\Last.fm\Client\UninstWMP\unins000.dat
09 11 2010 23:11:32 - System found infected with SpyDefender 2010 Spyware/Adware (unins000.dat)! Action taken: No Action Taken.
 
09 11 2010 23:11:32 - Offending file found: C:\ProgramData\Last.fm\Client\UninstWMP\unins000.exe
09 11 2010 23:11:32 - System found infected with User Account Control (Fake) Spyware/Adware (unins000.exe)! Action taken: No Action Taken.
 
09 11 2010 23:11:36 - Offending Registry Entry found: HKCU\SOFTWARE\Wget
09 11 2010 23:11:36 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\SOFTWARE\Wget)! Action taken: No Action Taken.
 
09 11 2010 23:11:37 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
09 11 2010 23:11:37 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: No Action Taken.
 
09 11 2010 23:11:39 - Offending Registry Entry found: HKCR\eSellerateControl.365.1
09 11 2010 23:11:39 - System found infected with Spyware.Borzoi Spyware/Adware (HKCR\eSellerateControl.365.1)! Action taken: No Action Taken.
 
09 11 2010 23:11:39 - Offending Registry Entry found: HKCR\eSellerateControl.365
09 11 2010 23:11:39 - System found infected with Spyware.Borzoi Spyware/Adware (HKCR\eSellerateControl.365)! Action taken: No Action Taken.
 
09 11 2010 23:11:39 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
09 11 2010 23:11:39 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: No Action Taken.
 
09 11 2010 23:11:39 - Offending Registry Entry found: HKCU\Software\Classes\.exe
09 11 2010 23:11:39 - System found infected with XP AntiMalware Spyware/Adware (HKCU\Software\Classes\.exe)! Action taken: No Action Taken.
 
09 11 2010 23:11:39 - Offending Registry Entry found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
09 11 2010 23:11:39 - System found infected with Orifice2K.plugin Trojan (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run)! Action taken: No Action Taken.
 
 
09 11 2010 23:11:39 - ***** Scanning System32 Folders *****
09 11 2010 23:11:42 - Scanning File C:\Windows\NIRCMD.exe
09 11 2010 23:11:42 - File C:\Windows\NIRCMD.exe infected by "Malware.Win32 (ES)" Virus! Action Taken: No Action Taken.

 
 
 
10 11 2010 02:55:06 - ***** Scanning All Drives *****
10 11 2010 02:55:06 - Scanning C:\ Drive
10 11 2010 03:47:27 - C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log not Scanned. Possibly password protected...
10 11 2010 03:47:29 - C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb not Scanned. Possibly password protected...
10 11 2010 03:47:29 - C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb not Scanned. Possibly password protected...
10 11 2010 03:48:23 - C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin not Scanned. Possibly password protected...
10 11 2010 03:48:59 - C:\System Volume Information\Syscache.hve not Scanned. Possibly password protected...
10 11 2010 03:48:59 - C:\System Volume Information\Syscache.hve.LOG1 not Scanned. Possibly password protected...
10 11 2010 03:51:04 - C:\Users\Raptor\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 not Scanned. Possibly password protected...
10 11 2010 05:00:17 - C:\Users\Raptor\ntuser.dat.LOG1 not Scanned. Possibly password protected...
10 11 2010 05:09:13 - Scanning File C:\Windows\NIRCMD.exe
10 11 2010 05:09:13 - File C:\Windows\NIRCMD.exe infected by "Malware.Win32 (ES)" Virus! Action Taken: No Action Taken.

10 11 2010 05:09:32 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat not Scanned. Possibly password protected...
10 11 2010 05:09:32 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat not Scanned. Possibly password protected...
10 11 2010 05:09:34 - C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\c786e2d9d7b47da086d6ad4c55a9552922a2a887.HomeGroupClassifier\b8d3fd5d3f3f5bca4abb8b14a157007d\grouping\db.mdb not Scanned. Possibly password protected...
10 11 2010 05:09:34 - C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\c786e2d9d7b47da086d6ad4c55a9552922a2a887.HomeGroupClassifier\b8d3fd5d3f3f5bca4abb8b14a157007d\grouping\edb.log not Scanned. Possibly password protected...
10 11 2010 05:09:35 - C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\c786e2d9d7b47da086d6ad4c55a9552922a2a887.HomeGroupClassifier\b8d3fd5d3f3f5bca4abb8b14a157007d\grouping\tmp.edb not Scanned. Possibly password protected...
10 11 2010 05:09:35 - C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 not Scanned. Possibly password protected...
10 11 2010 05:09:38 - C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 not Scanned. Possibly password protected...
10 11 2010 05:10:18 - C:\Windows\System32\catroot2\edb.log not Scanned. Possibly password protected...
10 11 2010 05:10:19 - C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb not Scanned. Possibly password protected...
10 11 2010 05:10:19 - C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb not Scanned. Possibly password protected...
10 11 2010 05:10:27 - C:\Windows\System32\config\DEFAULT not Scanned. Possibly password protected...
10 11 2010 05:10:27 - C:\Windows\System32\config\DEFAULT.LOG1 not Scanned. Possibly password protected...
10 11 2010 05:10:27 - C:\Windows\System32\config\RegBack\DEFAULT not Scanned. Possibly password protected...
10 11 2010 05:10:27 - C:\Windows\System32\config\RegBack\SAM not Scanned. Possibly password protected...
10 11 2010 05:10:27 - C:\Windows\System32\config\RegBack\SECURITY not Scanned. Possibly password protected...
10 11 2010 05:10:27 - C:\Windows\System32\config\RegBack\SOFTWARE not Scanned. Possibly password protected...
10 11 2010 05:10:27 - C:\Windows\System32\config\RegBack\SYSTEM not Scanned. Possibly password protected...
10 11 2010 05:10:27 - C:\Windows\System32\config\SAM not Scanned. Possibly password protected...
10 11 2010 05:10:27 - C:\Windows\System32\config\SAM.LOG1 not Scanned. Possibly password protected...
10 11 2010 05:10:27 - C:\Windows\System32\config\SECURITY not Scanned. Possibly password protected...
10 11 2010 05:10:27 - C:\Windows\System32\config\SECURITY.LOG1 not Scanned. Possibly password protected...
10 11 2010 05:10:27 - C:\Windows\System32\config\SOFTWARE not Scanned. Possibly password protected...
10 11 2010 05:10:27 - C:\Windows\System32\config\SOFTWARE.LOG1 not Scanned. Possibly password protected...
10 11 2010 05:10:27 - C:\Windows\System32\config\SYSTEM not Scanned. Possibly password protected...
10 11 2010 05:10:27 - C:\Windows\System32\config\SYSTEM.LOG1 not Scanned. Possibly password protected...
10 11 2010 05:16:48 - C:\Windows\System32\drivers\sptd.sys not Scanned. Possibly password protected...
10 11 2010 05:24:48 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl not Scanned. Possibly password protected...
10 11 2010 05:24:48 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl not Scanned. Possibly password protected...
10 11 2010 05:24:48 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl not Scanned. Possibly password protected...
10 11 2010 05:24:49 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl not Scanned. Possibly password protected...
10 11 2010 05:24:49 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl not Scanned. Possibly password protected...
10 11 2010 06:08:03 - ScanFile took 6.25 Secs [C:\xampp\htdocs\old\forumno2\bigdump\4.zip]...
 
10 11 2010 06:38:07 - Scanning D:\ Drive
 
10 11 2010 07:46:47 - ***** Checking for specific ITW Viruses *****
 
10 11 2010 07:46:47 - ***** Scanning complete. *****
 
10 11 2010 07:46:47 - Total Objects Scanned: 296201
10 11 2010 07:46:47 - Total Critical Objects: 20
10 11 2010 07:46:48 - Total Disinfected Objects: 0
10 11 2010 07:46:48 - Total Objects Renamed: 0
10 11 2010 07:46:48 - Total Deleted Objects: 0
10 11 2010 07:46:48 - Total Errors: 4
10 11 2010 07:46:48 - Time Elapsed: 05:05:33
10 11 2010 07:46:48 - Virus Database Date: 09 Nov 2010
10 11 2010 07:46:48 - Virus Database Count: 6213844
 
10 11 2010 07:46:48 - Scan Completed.

ComboFix (z disku C:)

Kód: Vybrat vše

ComboFix 10-11-09.01 - Raptor 09.11.2010  21:00:19.1.1 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1250.420.1029.18.1536.803 [GMT 1:00]
Spuštěný z: c:\users\Raptor\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

(((((((((((((((((((((((((   Soubory vytvořené od 2010-10-09 do 2010-11-09  )))))))))))))))))))))))))))))))
.

2010-11-09 20:23 . 2010-11-09 20:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-11-09 00:12 . 2010-11-09 00:12	--------	d-----w-	c:\users\Raptor\AppData\Roaming\SUPERAntiSpyware.com
2010-11-09 00:12 . 2010-11-09 00:12	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2010-11-09 00:11 . 2010-11-09 00:12	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-11-04 09:53 . 2010-11-04 09:53	--------	d-----w-	c:\users\Raptor\AppData\Roaming\Apple Computer
2010-11-04 09:53 . 2010-11-04 09:53	--------	d-----w-	c:\users\Raptor\AppData\Local\Apple Computer
2010-11-04 09:45 . 2010-11-04 09:45	--------	d-----w-	c:\programdata\Apple Computer
2010-11-04 09:43 . 2010-11-04 09:43	--------	d-----w-	c:\program files\Bonjour
2010-11-04 09:42 . 2010-11-04 09:42	--------	d-----w-	c:\program files\Common Files\Apple
2010-11-04 09:37 . 2010-11-04 09:37	--------	d-----w-	c:\users\Raptor\AppData\Local\Apple
2010-11-04 09:37 . 2010-11-04 09:37	--------	d-----w-	c:\program files\Apple Software Update
2010-11-04 09:37 . 2010-11-04 09:37	--------	d-----w-	c:\programdata\Apple
2010-11-03 16:43 . 2010-11-03 16:43	--------	d-----w-	c:\program files\Pure Networks
2010-11-01 23:28 . 2010-11-01 23:31	--------	d-----w-	c:\users\Raptor\PT
2010-11-01 15:00 . 2010-11-09 00:03	--------	d-----w-	c:\users\Raptor\AppData\Roaming\ICQ
2010-11-01 15:00 . 2010-11-01 15:00	--------	d-----w-	c:\users\Raptor\AppData\Local\AOL
2010-10-30 12:15 . 2010-10-30 12:15	--------	d-----w-	C:\Genius
2010-10-30 12:14 . 2010-10-30 12:14	--------	d-----w-	c:\users\Raptor\AppData\Roaming\InstallShield
2010-10-27 14:38 . 2010-10-27 14:40	--------	d-----w-	c:\users\Raptor\AppData\Roaming\SPORE
2010-10-20 09:17 . 2008-05-13 15:23	417792	----a-w-	c:\program files\Windows Media Player\Plugins\wmp_scrobbler.dll
2010-10-20 09:17 . 2010-10-20 09:17	--------	d-----w-	c:\programdata\Last.fm
2010-10-20 09:15 . 2010-11-09 18:29	--------	d-----w-	c:\users\Raptor\AppData\Local\Last.fm
2010-10-20 09:14 . 2010-10-31 12:10	--------	d-----w-	c:\program files\Last.fm

.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-31 10:55 . 2010-01-16 01:16	165232	---ha-w-	c:\users\Raptor\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-09-20 08:32 . 2010-09-25 19:06	22856	----a-w-	c:\windows\system32\dopdfmn7.dll
2010-09-20 08:32 . 2010-09-25 19:06	19784	----a-w-	c:\windows\system32\dopdfmi7.dll
2010-09-07 15:12 . 2010-09-27 20:44	38848	----a-w-	c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-11-26 21:40	167592	----a-w-	c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-11-26 21:41	46672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-11-26 21:41	165584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-11-26 21:41	23376	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-11-26 21:40	50768	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2009-11-26 21:41	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2010-08-12 08:00 . 2010-08-31 14:19	108032	----a-w-	c:\windows\system32\ff_vfw.dll
.

((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Lite"="d:\programs\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"googletalk"="c:\users\Raptor\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Google Update"="c:\users\Raptor\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-14 136176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-25 2424560]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Nová hodnota #1"="“ctfmon”=”CTFMON.EXE”" [X]
"SoundMan"="SOUNDMAN.EXE" [2009-11-23 604704]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-26 149280]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"BCSSync"="d:\programs\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\users\Raptor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-28 110592]
DynDNS Updater Tray Icon.lnk - c:\program files\DynDNS Updater\DynTray.exe [2010-4-15 91504]
Phone Remote Control.lnk - c:\program files\Phone Remote Control\PhoneRemoteControl.exe [2009-6-6 565064]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-6-13 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scheduler for OEM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scheduler for OEM.lnk
backup=c:\windows\pss\Scheduler for OEM.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Card Remote Control Device Monitor]
2005-07-20 10:00	352256	----a-r-	c:\windows\713xRMTMon.exe

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-27 691696]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 713xTVCard;SAA7134 TV Card;c:\windows\system32\DRIVERS\SAA713x.sys [2005-09-05 279552]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [2010-04-16 103800]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2005-09-05 25984]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Obsah adresáře 'Naplánované úlohy'

2010-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1486165228-746174794-2085408233-1000Core.job
- c:\users\Raptor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-14 09:23]

2010-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1486165228-746174794-2085408233-1000UA.job
- c:\users\Raptor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-14 09:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\programs\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
TCP: {E08C1B57-864B-425B-A6C1-595F9FF7FD45} = 216.146.35.35,216.146.36.36
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Raptor\AppData\Roaming\Mozilla\Firefox\Profiles\w86ks2de.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Raptor\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\programs\MICROS~1\Office14\NPAUTHZ.DLL
.
.
------- Asociace souborů -------
.
txtfile="d:\programs\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Metropolis - c:\windows\system32\sshnas21.dll
MSConfigStartUp-Seznam Postak - c:\users\Raptor\AppData\Local\Seznam.cz\postak.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(484)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'Explorer.exe'(5848)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2010-11-09  21:50:55
ComboFix-quarantined-files.txt  2010-11-09 20:50

Před spuštěním: 1 201 377 280
Po spuštění: 1 250 975 744

- - End Of File - - A54206B111CEB8C4CAB837C37E8D6109

Mám i log ComboFixu z disku D, ale nevleze se mi do příspěvku, takže na požádání přiložím. Mimochodem ten CTFMON v registru, na který upozorňuje ComboFix a tuším že i MWAV jsem vytvořil já právě kvůli zobrazení přepínače jazyků. Snad tam něco uvidíte a vyřeší to moje problémy. Já mám také pár tipů, ale nejsem si jistý a tak to nechám na profesionálích. Předem děkuji, za každou radu.

[Rudy]

CoimboFix bych rád viděl. Rozdělte ho na více částí.

[R@ptor]

Log ComboFixu z Disku C (spuštěný z plochy) je v prvním příspěvku. Přikládám tedy i log Combofixu z Dčka.

Kód: Vybrat vše

ComboFix 10-11-09.01 - Raptor 09.11.2010  21:57:58.2.1 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1250.420.1029.18.1536.881 [GMT 1:00]
Spuštěný z: D:\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

(((((((((((((((((((((((((   Soubory vytvořené od 2010-10-09 do 2010-11-09  )))))))))))))))))))))))))))))))
.

2010-11-09 21:21 . 2010-11-09 21:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-11-09 00:12 . 2010-11-09 00:12	--------	d-----w-	c:\users\Raptor\AppData\Roaming\SUPERAntiSpyware.com
2010-11-09 00:12 . 2010-11-09 00:12	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2010-11-09 00:11 . 2010-11-09 00:12	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-11-04 09:53 . 2010-11-04 09:53	--------	d-----w-	c:\users\Raptor\AppData\Roaming\Apple Computer
2010-11-04 09:53 . 2010-11-04 09:53	--------	d-----w-	c:\users\Raptor\AppData\Local\Apple Computer
2010-11-04 09:45 . 2010-11-04 09:45	--------	d-----w-	c:\programdata\Apple Computer
2010-11-04 09:43 . 2010-11-04 09:43	--------	d-----w-	c:\program files\Bonjour
2010-11-04 09:42 . 2010-11-04 09:42	--------	d-----w-	c:\program files\Common Files\Apple
2010-11-04 09:37 . 2010-11-04 09:37	--------	d-----w-	c:\users\Raptor\AppData\Local\Apple
2010-11-04 09:37 . 2010-11-04 09:37	--------	d-----w-	c:\program files\Apple Software Update
2010-11-04 09:37 . 2010-11-04 09:37	--------	d-----w-	c:\programdata\Apple
2010-11-03 16:43 . 2010-11-03 16:43	--------	d-----w-	c:\program files\Pure Networks
2010-11-01 23:28 . 2010-11-01 23:31	--------	d-----w-	c:\users\Raptor\PT
2010-11-01 15:00 . 2010-11-09 00:03	--------	d-----w-	c:\users\Raptor\AppData\Roaming\ICQ
2010-11-01 15:00 . 2010-11-01 15:00	--------	d-----w-	c:\users\Raptor\AppData\Local\AOL
2010-10-30 12:15 . 2010-10-30 12:15	--------	d-----w-	C:\Genius
2010-10-30 12:14 . 2010-10-30 12:14	--------	d-----w-	c:\users\Raptor\AppData\Roaming\InstallShield
2010-10-27 14:38 . 2010-10-27 14:40	--------	d-----w-	c:\users\Raptor\AppData\Roaming\SPORE
2010-10-20 09:17 . 2008-05-13 15:23	417792	----a-w-	c:\program files\Windows Media Player\Plugins\wmp_scrobbler.dll
2010-10-20 09:17 . 2010-10-20 09:17	--------	d-----w-	c:\programdata\Last.fm
2010-10-20 09:15 . 2010-11-09 18:29	--------	d-----w-	c:\users\Raptor\AppData\Local\Last.fm
2010-10-20 09:14 . 2010-10-31 12:10	--------	d-----w-	c:\program files\Last.fm

.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-31 10:55 . 2010-01-16 01:16	165232	---ha-w-	c:\users\Raptor\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-09-20 08:32 . 2010-09-25 19:06	22856	----a-w-	c:\windows\system32\dopdfmn7.dll
2010-09-20 08:32 . 2010-09-25 19:06	19784	----a-w-	c:\windows\system32\dopdfmi7.dll
2010-09-07 15:12 . 2010-09-27 20:44	38848	----a-w-	c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-11-26 21:40	167592	----a-w-	c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-11-26 21:41	46672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-11-26 21:41	165584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-11-26 21:41	23376	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-11-26 21:40	50768	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2009-11-26 21:41	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2010-08-12 08:00 . 2010-08-31 14:19	108032	----a-w-	c:\windows\system32\ff_vfw.dll
.

((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Lite"="d:\programs\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"googletalk"="c:\users\Raptor\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Google Update"="c:\users\Raptor\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-14 136176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-25 2424560]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Nová hodnota #1"="“ctfmon”=”CTFMON.EXE”" [X]
"SoundMan"="SOUNDMAN.EXE" [2009-11-23 604704]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-26 149280]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"BCSSync"="d:\programs\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\users\Raptor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-28 110592]
DynDNS Updater Tray Icon.lnk - c:\program files\DynDNS Updater\DynTray.exe [2010-4-15 91504]
Phone Remote Control.lnk - c:\program files\Phone Remote Control\PhoneRemoteControl.exe [2009-6-6 565064]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-6-13 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scheduler for OEM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scheduler for OEM.lnk
backup=c:\windows\pss\Scheduler for OEM.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Card Remote Control Device Monitor]
2005-07-20 10:00	352256	----a-r-	c:\windows\713xRMTMon.exe

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-27 691696]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 713xTVCard;SAA7134 TV Card;c:\windows\system32\DRIVERS\SAA713x.sys [2005-09-05 279552]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [2010-04-16 103800]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2005-09-05 25984]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Obsah adresáře 'Naplánované úlohy'

2010-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1486165228-746174794-2085408233-1000Core.job
- c:\users\Raptor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-14 09:23]

2010-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1486165228-746174794-2085408233-1000UA.job
- c:\users\Raptor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-14 09:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\programs\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
TCP: {E08C1B57-864B-425B-A6C1-595F9FF7FD45} = 216.146.35.35,216.146.36.36
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Raptor\AppData\Roaming\Mozilla\Firefox\Profiles\w86ks2de.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
.
.
------- Asociace souborů -------
.
txtfile="d:\programs\PSPad editor\PSPad.exe" "%1"
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(484)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'Explorer.exe'(4936)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2010-11-09  22:48:39
ComboFix-quarantined-files.txt  2010-11-09 21:48
ComboFix2.txt  2010-11-09 20:51

Před spuštěním: 1 311 715 328
Po spuštění: 1 247 797 248

- - End Of File - - 9F876EA9F86E9743820BD038AF0BA00C

V podstatě tak žádné velké rozdíly nejsou. Ostatní logy jsou v pořádku? Mě třeba bije do očí toto v logu MWAVu:

Kód: Vybrat vše

09 11 2010 23:11:29 - System found infected with SpyDefender 2010 Spyware/Adware (unins000.dat)! Action taken: No Action Taken.

09 11 2010 23:11:29 - Offending file found: C:\Users\Raptor\Desktop\PT\unins000.exe
09 11 2010 23:11:29 - System found infected with User Account Control (Fake) Spyware/Adware (unins000.exe)! Action taken: No Action Taken.

09 11 2010 23:11:30 - Offending file found: C:\Users\Raptor\Documents\Rainmeter\Skins\Enigma\Resources\Instructions.ini
09 11 2010 23:11:30 - System found infected with My Security Engine Spyware/Adware (Instructions.ini)! Action taken: No Action Taken.

09 11 2010 23:11:32 - Offending file found: C:\ProgramData\Last.fm\Client\UninstWA\unins000.dat
09 11 2010 23:11:32 - System found infected with SpyDefender 2010 Spyware/Adware (unins000.dat)! Action taken: No Action Taken.

09 11 2010 23:11:32 - Offending file found: C:\ProgramData\Last.fm\Client\UninstWA\unins000.exe
09 11 2010 23:11:32 - System found infected with User Account Control (Fake) Spyware/Adware (unins000.exe)! Action taken: No Action Taken.

09 11 2010 23:11:32 - Offending file found: C:\ProgramData\Last.fm\Client\UninstWMP\unins000.dat
09 11 2010 23:11:32 - System found infected with SpyDefender 2010 Spyware/Adware (unins000.dat)! Action taken: No Action Taken.

09 11 2010 23:11:32 - Offending file found: C:\ProgramData\Last.fm\Client\UninstWMP\unins000.exe
09 11 2010 23:11:32 - System found infected with User Account Control (Fake) Spyware/Adware (unins000.exe)! Action taken: No Action Taken.

09 11 2010 23:11:36 - Offending Registry Entry found: HKCU\SOFTWARE\Wget
09 11 2010 23:11:36 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\SOFTWARE\Wget)! Action taken: No Action Taken.

09 11 2010 23:11:37 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
09 11 2010 23:11:37 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: No Action Taken.

09 11 2010 23:11:39 - Offending Registry Entry found: HKCR\eSellerateControl.365.1
09 11 2010 23:11:39 - System found infected with Spyware.Borzoi Spyware/Adware (HKCR\eSellerateControl.365.1)! Action taken: No Action Taken.

09 11 2010 23:11:39 - Offending Registry Entry found: HKCR\eSellerateControl.365
09 11 2010 23:11:39 - System found infected with Spyware.Borzoi Spyware/Adware (HKCR\eSellerateControl.365)! Action taken: No Action Taken.

09 11 2010 23:11:39 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
09 11 2010 23:11:39 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: No Action Taken.

09 11 2010 23:11:39 - Offending Registry Entry found: HKCU\Software\Classes\.exe
09 11 2010 23:11:39 - System found infected with XP AntiMalware Spyware/Adware (HKCU\Software\Classes\.exe)! Action taken: No Action Taken.

09 11 2010 23:11:39 - Offending Registry Entry found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
09 11 2010 23:11:39 - System found infected with Orifice2K.plugin Trojan (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run)! Action taken: No Action Taken.

[Rudy]

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Driver::
Akamai

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[R@ptor]

Taaaakže. Vytvořil jsem script, hodil o ComboFixu a nechal ho pracovat. Restartoval si systém, ale ten předtím hodil hlášku ve smyslu, že v registru chybí klíč Boot\Device\HardDriveVolume1 a jestli ho má doplnit. Klikl jsem na ano a po restartu mi ComboFix vytvořil tento log:

Kód: Vybrat vše

ComboFix 10-11-09.01 - Raptor 11.11.2010  23:12:11.3.1 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1250.420.1029.18.1536.978 [GMT 1:00]
Spuštěný z: c:\users\Raptor\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Raptor\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
 * Vytvořen nový Bod Obnovení
.

(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Ovladače/Služby   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Akamai


(((((((((((((((((((((((((   Soubory vytvořené od 2010-10-11 do 2010-11-11  )))))))))))))))))))))))))))))))
.

2010-11-11 22:42 . 2010-11-11 22:42	--------	d-----w-	C:\Device
2010-11-11 22:38 . 2010-11-11 22:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-11-11 00:00 . 2010-11-11 00:00	--------	d-----w-	c:\program files\Mobiola Screen Capture for S60
2010-11-10 15:57 . 2008-08-26 09:26	18816	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys
2010-11-10 15:56 . 2010-11-10 15:56	--------	d-----w-	c:\program files\PC Connectivity Solution
2010-11-10 15:52 . 2010-11-10 15:52	--------	d-----w-	c:\programdata\NokiaInstallerCache
2010-11-10 15:23 . 2010-11-10 15:23	--------	d-----w-	c:\program files\Common Files\Java
2010-11-10 15:22 . 2010-09-15 03:50	472808	----a-w-	c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-10 15:22 . 2010-09-15 03:50	472808	----a-w-	c:\windows\system32\deployJava1.dll
2010-11-09 21:58 . 2010-11-09 21:58	--------	d---a-w-	c:\windows\VDLL.DLL
2010-11-09 21:58 . 2010-11-09 21:58	--------	d---a-w-	c:\windows\system32\runouce.exe
2010-11-09 21:58 . 2010-11-09 21:58	--------	d---a-w-	c:\windows\rundll16.exe
2010-11-09 21:58 . 2010-11-09 21:58	--------	d---a-w-	c:\windows\RUNDL132.EXE
2010-11-09 21:58 . 2010-11-09 21:58	--------	d---a-w-	c:\windows\logo1_.exe
2010-11-09 21:58 . 2010-11-09 21:58	--------	d---a-w-	c:\windows\logo_1.exe
2010-11-09 21:56 . 2010-11-09 21:56	632064	----a-w-	c:\windows\system32\msvcr80.dll
2010-11-09 21:56 . 2010-11-09 21:56	554240	----a-w-	c:\windows\system32\msvcp80.dll
2010-11-09 21:56 . 2010-11-09 21:56	34048	----a-w-	c:\windows\system32\eEmpty.exe
2010-11-09 21:56 . 2010-11-09 21:56	--------	d-----w-	c:\program files\Common Files\MicroWorld
2010-11-09 21:56 . 2010-11-09 21:56	--------	d-----w-	c:\programdata\MicroWorld
2010-11-09 00:12 . 2010-11-09 00:12	--------	d-----w-	c:\users\Raptor\AppData\Roaming\SUPERAntiSpyware.com
2010-11-09 00:12 . 2010-11-09 00:12	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2010-11-09 00:11 . 2010-11-09 00:12	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-11-04 09:53 . 2010-11-04 09:53	--------	d-----w-	c:\users\Raptor\AppData\Roaming\Apple Computer
2010-11-04 09:53 . 2010-11-04 09:53	--------	d-----w-	c:\users\Raptor\AppData\Local\Apple Computer
2010-11-04 09:45 . 2010-11-04 09:45	--------	d-----w-	c:\programdata\Apple Computer
2010-11-04 09:43 . 2010-11-04 09:43	--------	d-----w-	c:\program files\Bonjour
2010-11-04 09:42 . 2010-11-04 09:42	--------	d-----w-	c:\program files\Common Files\Apple
2010-11-04 09:37 . 2010-11-04 09:37	--------	d-----w-	c:\users\Raptor\AppData\Local\Apple
2010-11-04 09:37 . 2010-11-04 09:37	--------	d-----w-	c:\program files\Apple Software Update
2010-11-04 09:37 . 2010-11-04 09:37	--------	d-----w-	c:\programdata\Apple
2010-11-03 16:43 . 2010-11-03 16:43	--------	d-----w-	c:\program files\Pure Networks
2010-11-01 23:28 . 2010-11-01 23:31	--------	d-----w-	c:\users\Raptor\PT
2010-11-01 15:00 . 2010-11-09 00:03	--------	d-----w-	c:\users\Raptor\AppData\Roaming\ICQ
2010-11-01 15:00 . 2010-11-01 15:00	--------	d-----w-	c:\users\Raptor\AppData\Local\AOL
2010-10-30 12:15 . 2010-10-30 12:15	--------	d-----w-	C:\Genius
2010-10-30 12:14 . 2010-10-30 12:14	--------	d-----w-	c:\users\Raptor\AppData\Roaming\InstallShield
2010-10-27 14:38 . 2010-10-27 14:40	--------	d-----w-	c:\users\Raptor\AppData\Roaming\SPORE
2010-10-20 09:17 . 2008-05-13 15:23	417792	----a-w-	c:\program files\Windows Media Player\Plugins\wmp_scrobbler.dll
2010-10-20 09:17 . 2010-10-20 09:17	--------	d-----w-	c:\programdata\Last.fm
2010-10-20 09:15 . 2010-11-09 18:29	--------	d-----w-	c:\users\Raptor\AppData\Local\Last.fm
2010-10-20 09:14 . 2010-10-31 12:10	--------	d-----w-	c:\program files\Last.fm

.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-09 22:10 . 2010-11-09 22:07	12715930	----a-w-	c:\windows\REGBK00.ZIP
2010-10-31 10:55 . 2010-01-16 01:16	165232	---ha-w-	c:\users\Raptor\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-09-20 08:32 . 2010-09-25 19:06	22856	----a-w-	c:\windows\system32\dopdfmn7.dll
2010-09-20 08:32 . 2010-09-25 19:06	19784	----a-w-	c:\windows\system32\dopdfmi7.dll
2010-09-07 15:12 . 2010-09-27 20:44	38848	----a-w-	c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-11-26 21:40	167592	----a-w-	c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-11-26 21:41	46672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-11-26 21:41	165584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-11-26 21:41	23376	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-11-26 21:40	50768	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2009-11-26 21:41	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
.

((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Lite"="d:\programs\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"googletalk"="c:\users\Raptor\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Google Update"="c:\users\Raptor\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-14 136176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-25 2424560]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nová hodnota #1"="“ctfmon”=”CTFMON.EXE”" [X]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SoundMan"="SOUNDMAN.EXE" [2009-11-23 604704]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"BCSSync"="d:\programs\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\users\Raptor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-28 110592]
DynDNS Updater Tray Icon.lnk - c:\program files\DynDNS Updater\DynTray.exe [2010-4-15 91504]
Phone Remote Control.lnk - c:\program files\Phone Remote Control\PhoneRemoteControl.exe [2009-6-6 565064]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-6-13 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scheduler for OEM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scheduler for OEM.lnk
backup=c:\windows\pss\Scheduler for OEM.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Card Remote Control Device Monitor]
2005-07-20 10:00	352256	----a-r-	c:\windows\713xRMTMon.exe

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-27 691696]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 713xTVCard;SAA7134 TV Card;c:\windows\system32\DRIVERS\SAA713x.sys [2005-09-05 279552]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [2010-04-16 103800]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2005-09-05 25984]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Obsah adresáře 'Naplánované úlohy'

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1486165228-746174794-2085408233-1000Core.job
- c:\users\Raptor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-14 09:23]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1486165228-746174794-2085408233-1000UA.job
- c:\users\Raptor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-14 09:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\programs\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
TCP: {E08C1B57-864B-425B-A6C1-595F9FF7FD45} = 216.146.35.35,216.146.36.36
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Raptor\AppData\Roaming\Mozilla\Firefox\Profiles\w86ks2de.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Raptor\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\programs\MICROS~1\Office14\NPAUTHZ.DLL
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 

CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR 

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8516F1F8]<< 
_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x8516f008; MOV EAX, 0x889bafee; CALL EAX;  }
1 nt!IofCallDriver[0x83066EE0] -> \Device\Harddisk0\DR0[0x85F87030]
3 CLASSPNP[0x8926E59E] -> nt!IofCallDriver[0x83066EE0] -> [0x85E6E900]
5 ACPI[0x88AD33B2] -> nt!IofCallDriver[0x83066EE0] -> \Device\Ide\IdeDeviceP0T0L0-0[0x85E60030]
\Driver\atapi[0x85E5E1D8] -> IRP_MJ_CREATE -> 0x8516F1F8
kernel: MBR read successfully
_asm { JMP 0x4a;  }
user != kernel MBR !!! 
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(500)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'Explorer.exe'(1708)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
d:\programs\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Celkový čas: 2010-11-12  00:00:15 - počítač byl restartován
ComboFix-quarantined-files.txt  2010-11-11 23:00
ComboFix2.txt  2010-11-09 21:48
ComboFix3.txt  2010-11-09 20:51

Před spuštěním: 2 009 796 608
Po spuštění: 2 164 887 552

- - End Of File - - 9C209C19DD5447414D3908574A994AE1

[Rudy]

Smazáno. Stáhněte ještě MBR: http://www2.gmer.net/mbr/mbr.exe a uložte ho na plochu. Pak start>spustit>(napsat) mbr.exe -f >OK . Utilitu nechte pracovat a pak dejte log.

[R@ptor]

MBR log:

Kód: Vybrat vše

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD800BB-00DKA0 rev.77.07W77 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Není to kratší, než by mělo? A co log z MWAV a ten kousek, co jsem posílal? Pokud je to všechno ok, tak asi bude chyba někde jinde, než jsempředpokládal. Chyba s ActiveX přetrvává a widgety stále nepracují.

[Rudy]

Asi takto. Po virové stránce je váš PC čistý. Problém bude nejspíše v samotném systému. Zkuste jeho obnovu k datu, kdy korektně fungoval.

[R@ptor]

To jsem zkoušel hned jako první možnost, ale nepomohla, tak jsem psal sem. Nevadí, vyřešil jsem to odinstalací Windowsácké služby podpory widgetů a nainstalováním Yahoo! Widgets Děkuji za pomoc

[Rudy]

Nemáte zač!