po spusteni zmizi ikony

[ladisnb]

dobrý den
problém je v tom, že na počítači po spuštění zmizí ikony. Spustí se pouze Utorent a nejaký anticheat. Nejde spustit spráce úloh. V nouzovém režim problém není.

Log RSIT


Logfile of random's system information tool 1.09 (written by random/random)
Run by natálka at 2011-11-27 11:58:41
Microsoft Windows 7 Home Premium
System drive C: has 300 GB (65%) free of 459 GB
Total RAM: 3066 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:59:05, on 27.11.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Safe mode with network support

Running processes:
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Users\natálka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\natálka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\natálka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\rundll32.exe
C:\Users\natálka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\NOTEPAD.EXE
C:\Users\natálka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\natálka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\natálka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\natálka\Downloads\RSIT (1).exe
C:\Program Files\trend micro\natálka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2612669
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMVU.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IMVU Inc - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMVU.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMVU.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Software\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Function] C:\Users\natálka\Documents\mdatasecurity.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [WPRemoteControl] "C:\Program Files\Jerome Laban\Remote Control for Windows Phone 7\RemoteControlServer.exe" /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Recording Server Manager.lnk = C:\Program Files\Milestone\Milestone Surveillance\RecordingServerManager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Users\natálka\Desktop\Natálka\ICQ7.2\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Users\natálka\Desktop\Natálka\ICQ7.2\ICQ.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\natálka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\Bin\APSHook.dll
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 11028 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-201916092-915946208-975081743-1004Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-201916092-915946208-975081743-1004UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\natálka\AppData\Roaming\Mozilla\Firefox\Profiles\gp7jgb0z.default

prefs.js - "keyword.URL" - "http://search.babylon.com/?babsrc=SP_ss ... D=17981&q="

"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
"{6904342A-8307-11DF-A508-4AE2DFD72085}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.7]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll

C:\Program Files\Mozilla Firefox\searchplugins\
dltubecodec.gif
dltubecodec.src
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
uninstall.ini
wikipedia-cz.xml

C:\Users\natálka\AppData\Roaming\Mozilla\Firefox\Profiles\gp7jgb0z.default\extensions\
ffxtlbr@babylon.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
IMVU Inc Toolbar - C:\Program Files\IMVU_Inc\prxtbIMVU.dll [2011-01-18 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Program Files\Internet Explorer\qipsearchbar.dll [2009-07-09 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-26 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2009-07-23 98576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{90b49673-5506-483e-b92b-ca0265bd9ca8} - IMVU Inc Toolbar - C:\Program Files\IMVU_Inc\prxtbIMVU.dll [2011-01-18 175912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-07-27 288312]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-08-25 186904]
"WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-07-23 498744]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-04 98304]
"Windows Mobile Device Center"=C:\windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"acevents"=C:\Program Files\ActivIdentity\ActivClient\acevents.exe [2009-06-03 153640]
"accrdsub"=C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2009-06-03 400936]
"PTHOSTTR"=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2009-07-30 354360]
"CognizanceTS"=C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2009-07-23 24848]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2010-11-11 159472]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2009-05-18 1314816]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-30 421888]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"egui"=C:\Software\ESET\ESET Smart Security\egui.exe [2011-01-12 2219184]
"Function"=C:\Users\natálka\Documents\mdatasecurity.exe [2011-07-11 64000]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-08-31 449608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-06-17 2363392]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-06-26 639352]
"WPRemoteControl"=C:\Program Files\Jerome Laban\Remote Control for Windows Phone 7\RemoteControlServer.exe [2011-04-26 161792]
"Sony Ericsson PC Companion"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-06-29 432848]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2011-07-10 3077528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
C:\Program Files\PDF Complete\pdfsty.exe [2009-06-18 563736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2011-01-26 15026056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2009-04-03 525664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Recording Server Manager.lnk - C:\Program Files\Milestone\Milestone Surveillance\RecordingServerManager.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\HEWLET~1\IAM\Bin\APSHook.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=yv12vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.avis"=ff_acm.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-11-26 13:14:34 ----D---- C:\windows\temp
2011-11-26 13:14:33 ----A---- C:\ComboFix.txt
2011-11-26 13:14:03 ----SHD---- C:\$RECYCLE.BIN
2011-11-04 12:05:59 ----D---- C:\Config.Msi
2011-11-04 11:47:08 ----A---- C:\windows\zip.exe
2011-11-04 11:47:08 ----A---- C:\windows\SWSC.exe
2011-11-04 11:47:08 ----A---- C:\windows\SWREG.exe
2011-11-04 11:47:08 ----A---- C:\windows\sed.exe
2011-11-04 11:47:08 ----A---- C:\windows\PEV.exe
2011-11-04 11:47:08 ----A---- C:\windows\NIRCMD.exe
2011-11-04 11:47:08 ----A---- C:\windows\MBR.exe
2011-11-04 11:47:08 ----A---- C:\windows\grep.exe
2011-11-04 11:47:04 ----D---- C:\windows\ERDNT
2011-11-04 11:47:02 ----D---- C:\Qoobox
2011-11-04 11:46:47 ----R---- C:\ComboFix.exe
2011-11-04 11:35:05 ----D---- C:\Users\natálka\AppData\Roaming\Malwarebytes
2011-11-04 11:35:02 ----D---- C:\ProgramData\Malwarebytes
2011-11-04 11:34:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-11-04 11:34:59 ----A---- C:\windows\system32\drivers\mbam.sys
2011-11-04 11:34:40 ----A---- C:\mbam-setup-1.51.2.1300.exe

======List of files/folders modified in the last 1 month======

2011-11-27 11:58:43 ----D---- C:\Program Files\trend micro
2011-11-27 11:58:41 ----D---- C:\rsit
2011-11-27 11:46:38 ----A---- C:\windows\ntbtlog.txt
2011-11-27 11:45:36 ----D---- C:\Users\natálka\AppData\Roaming\uTorrent
2011-11-27 11:43:51 ----D---- C:\windows\system32\config
2011-11-27 11:43:46 ----D---- C:\ProgramData
2011-11-27 11:43:46 ----A---- C:\ProgramData\HPWALog.txt
2011-11-26 17:52:19 ----D---- C:\windows\tracing
2011-11-26 15:15:51 ----SHD---- C:\System Volume Information
2011-11-26 15:10:23 ----RSD---- C:\windows\assembly
2011-11-26 15:10:23 ----D---- C:\windows\Microsoft.NET
2011-11-26 15:06:35 ----D---- C:\windows\Prefetch
2011-11-26 15:02:07 ----D---- C:\windows\System32
2011-11-26 15:02:07 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-11-26 14:55:05 ----D---- C:\windows\system32\LogFiles
2011-11-26 14:21:13 ----D---- C:\ProgramData\PDFC
2011-11-26 14:17:51 ----D---- C:\windows\system32\drivers
2011-11-26 13:14:34 ----D---- C:\Windows
2011-11-26 13:13:21 ----A---- C:\windows\system.ini
2011-11-26 13:11:01 ----D---- C:\windows\AppPatch
2011-11-26 13:11:01 ----D---- C:\Program Files\Common Files
2011-11-26 12:38:48 ----D---- C:\windows\Performance
2011-11-26 11:45:23 ----D---- C:\Program Files\Ubisoft
2011-11-26 11:45:05 ----D---- C:\Program Files
2011-11-26 11:44:40 ----D---- C:\Program Files\Psi Ops
2011-11-26 11:44:17 ----D---- C:\Nostale(CZ)
2011-11-26 11:43:54 ----D---- C:\Program Files\Metin2
2011-11-26 11:42:31 ----D---- C:\Program Files\Common Files\BioWare
2011-11-26 11:42:28 ----D---- C:\ProgramData\BioWare
2011-11-26 11:42:13 ----D---- C:\ProgramData\Media Center Programs
2011-11-04 12:13:12 ----D---- C:\windows\system32\catroot
2011-11-04 12:13:11 ----SHD---- C:\windows\Installer
2011-11-04 12:13:06 ----D---- C:\ProgramData\Microsoft Help
2011-11-04 12:08:08 ----D---- C:\windows\system32\catroot2
2011-11-04 12:03:11 ----D---- C:\windows\system32\Tasks
2011-11-04 12:03:09 ----D---- C:\windows\Tasks
2011-11-04 11:58:30 ----D---- C:\windows\system32\drivers\etc
2011-11-04 11:40:01 ----D---- C:\windows\OEMCert

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
R0 giveio;giveio; C:\windows\system32\drivers\giveio.sys [1996-04-03 5248]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 25656]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-08-07 330264]
R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2009-07-29 109216]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-07-29 51408]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2009-07-29 12960]
R1 mfetdik;McAfee Inc. mfetdik; C:\windows\system32\drivers\mfetdik.sys [2009-05-16 55336]
R1 VWiFiFlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 33848]
R3 Epfwndis;Eset Personal Firewall; C:\windows\system32\DRIVERS\Epfwndis.sys [2010-12-21 33120]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872]
R3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit; C:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-04-18 691696]
S1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S1 mfehidk;McAfee Inc. mfehidk; C:\windows\system32\drivers\mfehidk.sys [2009-05-16 214024]
S1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2009-07-29 12528]
S1 StarOpen;StarOpen; C:\windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
S2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2010-12-21 134000]
S2 epfwwfp;epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 41336]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2009-05-18 381440]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 AtiHdmiService;ATI Service for HD Audio Codec; C:\windows\system32\drivers\AtiHdmi.sys [2009-07-24 103440]
S3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2009-08-04 4994048]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-07-01 86056]
S3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\DRIVERS\btwavdt.sys [2009-07-01 108072]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-07-01 18344]
S3 catchme;catchme; \??\C:\Users\NATLKA~1\AppData\Local\Temp\catchme.sys []
S3 EagleNT;EagleNT; \??\C:\windows\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\windows\system32\drivers\EagleXNt.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\windows\system32\DRIVERS\ggflt.sys [2011-06-26 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\windows\system32\DRIVERS\ggsemc.sys [2011-06-26 25512]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]
S3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\mbamswissarmy.sys []
S3 MfeAVFK;McAfee Inc. MfeAVFK; C:\windows\system32\drivers\MfeAVFK.sys [2009-05-16 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK; C:\windows\system32\drivers\MfeBOPK.sys [2009-05-16 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK; C:\windows\system32\drivers\MfeRKDK.sys [2009-05-16 34248]
S3 NETw1v32;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit; C:\windows\system32\DRIVERS\NETw1v32.sys [2009-07-21 5958656]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2009-07-02 1765168]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 30720]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 usb_rndisx;Adaptér USB RNDIS; C:\windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 winusb;Ovladač WinUsb; C:\windows\system32\DRIVERS\winusb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 ASBroker;Logon Session Broker; C:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ASChannel;Local Communication Channel; C:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ATService;AuthenTec Fingerprint Service; C:\Program Files\Fingerprint Sensor\AtService.exe [2009-07-29 1201400]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-30 582944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2011-02-23 125496]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
S2 HpFkCryptService;Drive Encryption Service; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-07-29 256544]
S2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-08-25 354840]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
S2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\windows\system32\svchost.exe [2009-07-14 20992]
S2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-19 35160]
S3 HP ProtectTools Service;HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-07-30 45056]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2011-01-25 791608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1343400]
S4 ac.sharedstore;ActivIdentity Shared Store Service; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S4 AEADIFilters;Andrea ADI Filters Service; C:\windows\system32\AEADISRV.EXE [2008-07-15 90112]
S4 EhttpSrv;ESET HTTP Server; C:\Software\ESET\ESET Smart Security\EHttpSrv.exe [2011-01-12 33584]
S4 ekrn;ESET Service; C:\Software\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S4 Milestone Image Import Service;Milestone Image Import Service; C:\Program Files\Milestone\Milestone Surveillance\ImageImportService.exe [2010-11-30 6340608]
S4 Milestone Image Server;Milestone Image Server; C:\Program Files\Milestone\Milestone Surveillance\ImageServer.exe [2010-11-30 7471104]
S4 Milestone Log Check Service;Milestone Log Check Service; C:\Program Files\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe [2010-11-30 368640]
S4 Milestone Recording Server;Milestone Recording Server; C:\Program Files\Milestone\Milestone Surveillance\RecordingServer.exe [2010-11-30 7155712]
S4 Milestone Service Control;Milestone Service Control; C:\Program Files\Milestone\Milestone Surveillance\VideoOS.ServiceControl.Service.exe [2010-11-30 16384]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S4 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2011-01-27 435008]
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
S4 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

[chodnik74]

Dobrý den

Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!

• Stáhneme si Combofix
• Program uložíme nejlépe na Plochu
• Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
• Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
• Spustíme Combofix.exe s administrátorským oprávněním
  U Windows XP se přihlásíme pod účtem správce
  Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,)
• Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
• Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
• Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
• Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
• Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
• (Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )

[ladisnb]

ComboFix 11-11-26.04 - natálka 27.11.2011 15:12:08.4.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3066.2506 [GMT 1:00]
Spuštěný z: c:\users\natálka\Downloads\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-27 do 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-27 14:19 . 2011-11-27 14:19 -------- d-----w- c:\users\Vanesska\AppData\Local\temp
2011-11-27 14:19 . 2011-11-27 14:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-04 11:03 . 2011-11-27 14:19 -------- d-----w- c:\users\natálka\AppData\Local\temp
2011-11-04 10:35 . 2011-11-04 10:35 -------- d-----w- c:\users\natálka\AppData\Roaming\Malwarebytes
2011-11-04 10:35 . 2011-11-04 10:35 -------- d-----w- c:\programdata\Malwarebytes
2011-11-04 10:34 . 2011-11-04 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-04 10:34 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-04 10:34 . 2011-11-04 10:32 9852544 ----a-w- C:\mbam-setup-1.51.2.1300.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:38 . 2011-05-20 15:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files\IMVU_Inc\prxtbIMVU.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
2011-01-17 23:54 175912 ----a-w- c:\program files\IMVU_Inc\prxtbIMVU.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files\IMVU_Inc\prxtbIMVU.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{90B49673-5506-483E-B92B-CA0265BD9CA8}"= "c:\program files\IMVU_Inc\prxtbIMVU.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-06-26 639352]
"WPRemoteControl"="c:\program files\Jerome Laban\Remote Control for Windows Phone 7\RemoteControlServer.exe" [2011-04-26 161792]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-06-29 432848]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-10 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-07-30 354360]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-07-23 24848]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"egui"="c:\software\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"Function"="c:\users\natálka\Documents\mdatasecurity.exe" [2011-07-11 64000]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
Recording Server Manager.lnk - c:\program files\Milestone\Milestone Surveillance\RecordingServerManager.exe [2010-11-30 193960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2009-06-18 16:07 563736 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 16:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\natálka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-18 691696]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 RsvLock;RsvLock; [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-07-29 1201400]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 41336]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-07-29 256544]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-06-26 13224]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-07-30 45056]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NETw1v32;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw1v32.sys [2009-07-20 5958656]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1343400]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 268528]
R4 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
R4 ekrn;ESET Service;c:\software\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R4 Milestone Image Import Service;Milestone Image Import Service;c:\program files\Milestone\Milestone Surveillance\ImageImportService.exe [2010-11-30 6340608]
R4 Milestone Image Server;Milestone Image Server;c:\program files\Milestone\Milestone Surveillance\ImageServer.exe [2010-11-30 7471104]
R4 Milestone Log Check Service;Milestone Log Check Service;c:\program files\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe [2010-11-30 368640]
R4 Milestone Recording Server;Milestone Recording Server;c:\program files\Milestone\Milestone Surveillance\RecordingServer.exe [2010-11-30 7155712]
R4 Milestone Service Control;Milestone Service Control;c:\program files\Milestone\Milestone Surveillance\VideoOS.ServiceControl.Service.exe [2010-11-30 16384]
R4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
R4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
R4 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc
yksvcs REG_MULTI_SZ yksvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201916092-915946208-975081743-1004Core.job
- c:\users\Vanesska\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-27 15:14]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201916092-915946208-975081743-1004UA.job
- c:\users\Vanesska\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-27 15:14]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2612669
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_CZ&c=92&bd=all&pf=cmnb
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\natálka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\natálka\AppData\Roaming\Mozilla\Firefox\Profiles\gp7jgb0z.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=8c3c6b39000000000000001e6476ec73&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17981&q=
FF - prefs.js: network.proxy.type - 4
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-11-27 15:21:37
ComboFix-quarantined-files.txt 2011-11-27 14:21
ComboFix2.txt 2011-11-26 12:14
ComboFix3.txt 2011-11-04 11:03
.
Před spuštěním: Volných bajtů: 314 089 574 400
Po spuštění: Volných bajtů: 314 013 945 856
.
- - End Of File - - 69594E0AF5D21A1E00C0B2E5781F3BA8

[chodnik74]

Otevřeme si Poznámkový blok

• (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
• Vložíme do něj následující script:

  Kód: Vybrat vše

  Collect::
  c:\users\natálka\Documents\mdatasecurity.exe
  
  RegLock::
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  
  Firefox::
  FF - ProfilePath - c:\users\natálka\AppData\Roaming\Mozilla\Firefox\Profiles\gp7jgb0z.default\
  FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss ... D=17981&q=
  FF - prefs.js: network.proxy.type - 4
  
  DDS::
  uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2612669
  uDefault_Search_URL = hxxp://search.qip.ru
  mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
  uSearchAssistant = hxxp://search.qip.ru/ie
  uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
  Trusted Zone: //about.htm/
  Trusted Zone: //Exclude.htm/
  Trusted Zone: //LanguageSelection.htm/
  Trusted Zone: //Message.htm/
  Trusted Zone: //MyAgttryCmd.htm/
  Trusted Zone: //MyAgttryNag.htm/
  Trusted Zone: //MyNotification.htm/
  Trusted Zone: //NOCLessUpdate.htm/
  Trusted Zone: //quarantine.htm/
  Trusted Zone: //ScanNow.htm/
  Trusted Zone: //strings.vbs/
  Trusted Zone: //Template.htm/
  Trusted Zone: //Update.htm/
  Trusted Zone: //VirFound.htm/
  Trusted Zone: mcafee.com\*
  Trusted Zone: mcafeeasap.com\betavscan
  Trusted Zone: mcafeeasap.com\vs
  Trusted Zone: mcafeeasap.com\www
  
  File::
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201916092-915946208-975081743-1004UA.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201916092-915946208-975081743-1004Core.job
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "uTorrent"=-
  "Pando Media Booster"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "StartCCC"=-
  "GrooveMonitor"=-
  "Zune Launcher"=-
  "QuickTime Task"=-
  "DivXUpdate"=-
  "SunJavaUpdateSched"=-
  "Function"=-
  "Malwarebytes' Anti-Malware"=-
  [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
  "Google Update"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  "SunJavaUpdateSched"=-
  
  Reboot::
  

• Soubor uložíme na disk C:\jako CFScript.txt
• Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
  
  
• Poté Combofix provede všechny operace a udělá nový log,který sem vložte

Může se stát,že po aplikaci scriptu nenaběhne Windows běžným způsobem.V tomto případě restartujte počítač a při startu mačkejte F8 a zvolte možnost Poslední známá funkční konfigurace

[ladisnb]

ComboFix 11-11-28.01 - natálka 28.11.2011 9:19.5.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3066.2533 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201916092-915946208-975081743-1004Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201916092-915946208-975081743-1004UA.job"
.
file zipped: c:\users\natálka\Documents\mdatasecurity.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\natálka\Documents\mdatasecurity.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201916092-915946208-975081743-1004Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201916092-915946208-975081743-1004UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-28 do 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-28 08:27 . 2011-11-28 08:28 -------- d-----w- c:\users\natálka\AppData\Local\temp
2011-11-28 08:27 . 2011-11-28 08:27 -------- d-----w- c:\users\Vanesska\AppData\Local\temp
2011-11-28 08:27 . 2011-11-28 08:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-04 10:35 . 2011-11-04 10:35 -------- d-----w- c:\users\natálka\AppData\Roaming\Malwarebytes
2011-11-04 10:35 . 2011-11-04 10:35 -------- d-----w- c:\programdata\Malwarebytes
2011-11-04 10:34 . 2011-11-04 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-04 10:34 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-04 10:34 . 2011-11-04 10:32 9852544 ----a-w- C:\mbam-setup-1.51.2.1300.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:38 . 2011-05-20 15:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files\IMVU_Inc\prxtbIMVU.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
2011-01-17 23:54 175912 ----a-w- c:\program files\IMVU_Inc\prxtbIMVU.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files\IMVU_Inc\prxtbIMVU.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{90B49673-5506-483E-B92B-CA0265BD9CA8}"= "c:\program files\IMVU_Inc\prxtbIMVU.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"WPRemoteControl"="c:\program files\Jerome Laban\Remote Control for Windows Phone 7\RemoteControlServer.exe" [2011-04-26 161792]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-06-29 432848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-07-30 354360]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-07-23 24848]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"egui"="c:\software\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
Recording Server Manager.lnk - c:\program files\Milestone\Milestone Surveillance\RecordingServerManager.exe [2010-11-30 193960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CFcatchme;CFcatchme;c:\users\NATLKA~1\AppData\Local\Temp\CFcatchme.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-06-26 13224]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-07-30 45056]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NETw1v32;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw1v32.sys [2009-07-20 5958656]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1343400]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 268528]
R4 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
R4 ekrn;ESET Service;c:\software\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R4 Milestone Image Import Service;Milestone Image Import Service;c:\program files\Milestone\Milestone Surveillance\ImageImportService.exe [2010-11-30 6340608]
R4 Milestone Image Server;Milestone Image Server;c:\program files\Milestone\Milestone Surveillance\ImageServer.exe [2010-11-30 7471104]
R4 Milestone Log Check Service;Milestone Log Check Service;c:\program files\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe [2010-11-30 368640]
R4 Milestone Recording Server;Milestone Recording Server;c:\program files\Milestone\Milestone Surveillance\RecordingServer.exe [2010-11-30 7155712]
R4 Milestone Service Control;Milestone Service Control;c:\program files\Milestone\Milestone Surveillance\VideoOS.ServiceControl.Service.exe [2010-11-30 16384]
R4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
R4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
R4 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-18 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S1 RsvLock;RsvLock; [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-07-29 1201400]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 41336]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-07-29 256544]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc
yksvcs REG_MULTI_SZ yksvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\natálka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\natálka\AppData\Roaming\Mozilla\Firefox\Profiles\gp7jgb0z.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1644)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2011-11-28 09:32:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-28 08:32
ComboFix2.txt 2011-11-27 14:41
ComboFix3.txt 2011-11-26 12:14
ComboFix4.txt 2011-11-04 11:03
.
Před spuštěním: Volných bajtů: 314 087 358 464
Po spuštění: Volných bajtů: 314 024 460 288
.
- - End Of File - - 3624AEE928CB9B3650EA16C541530E15

[chodnik74]

Malwarebytes' Anti-Malware

• Stáhneme,nainstalujeme a spustíme(pokud si nevíte rady jak,klikněte ZDE)
• Vybereme Úplná kontrola a klikneme na tlačítko Prohledat
• Program provede kontrolu počítače a na konci se vám objeví hláska,že bylo skenování dokončeno,tak potvrdíme tlačítkem OK
• Objeví se vám log,který mi sem vložte
• NIC NEMAZAT!!Program mívá občas falešné detekce,takže mazat budeme až po konzultaci

Jak se chová nyní PC?

[ladisnb]

Pc už normálně naběhne... docela mu trvá než naběhnou všechny programy. Log vložím zítra ted sem mimo. Zatim moc děkuji

[chodnik74]

Fajn zítra

[ladisnb]

omlouvám se za opožděnou odpověď ta práce mě jednou zabije . zde je log


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verze databáze: 8280

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1.12.2011 18:28:28
mbam-log-2011-12-01 (18-28-17).txt

Typ: Úplná kontrola (C:\|E:\|)
Kontrolované objekty: 444355
Uplynulý čas: 1 hodin, 2 minut, 24 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files\Samsung\samsung pc studio 3\Update\Copyer.exe (Adware.Kraddare) -> No action taken.
c:\program files\Samsung\samsung pc studio 3\Update\liveupdate.exe (Adware.Kraddare) -> No action taken.

[chodnik74]

Nalezené položky jsou falešné upozornění Ignorujte.. MBAM můžete odinstalovat...

Ještě dočistíme od používaných programů:

Stiskněte klávesovou kombinaci WIN+R( nebo start-spustit ),čímž se vám otevře okno pro zadání příkazu pro spuštění a zkopírujte a vložte sem následujíci text: Combofix /Uninstall a dejte enter


T-Cleaner

• Spustíme,zmáčkneme klávesu A a potvrdíme ENTER(některé antiviry mohou detekovat utilitu jako vir-jedá se o falešný poplach,proto IGNOROVAT nebo dočasně vypnout antivir )
• po použití T-Cleaner smažte

TFC

• Stáhneme a spustíme program
• Klikneme na Start a potvrdíme OK
• Program začne uklízet,poté restartuje pc
• po použití program smažte

Údržba PC:

1)Čištění dočasných složek + neplatné registry
Ccleaner

• Stáhneme a nainstalujeme program
• Spustíme program
• ČISTIČ
  Windows zde necháme vše jak je (pokud používáme IE,tak odškrkneme jeho položky) a zaškrkneme položky Start Menu zástupci a Zástupci na ploše a odškrkneme volbu Zbytky souborů v paměti
  Aplikace - necháme jak je,ale pokud používáme nějaký prohlížeč (Google chrome,Firefox,Opera..) tak odškrkneme jeho položky
  >Stiskeneme tlačítko Analyzovat a poté Spustit Cleaner
• Registry
  >Stiskneme tlačítko Hledej problémy,program začne hledat neplatné registry..podé zvolíme Opravit vybrané problémy..
  >Program se zeptá,zda chceme vytvořit zálohu registrů,zvolíme ano a uložíme si někde zálohu(kdyby byli po opravení registru s něčím problémy,tak zálohu obnovíme tak,že spustíme uloženou zálohu a potvrdíme ano),dále zvolíme Opravit všechny problémy a Zavřít
  >opakujte dokud nebude registr bez problémů
• Program používáme 1x 14dní (záleží na používání pc,můžeme i jednou týdně)

2)Defragmentace disku
Defraggler

• Stáhneme a nainstalujeme program
• Spustíme program
• Vybereme disk ( C:,D:..prostě který používáme)
• Pokud je ve sloupci Fragmentace více než 5% dejte Defragmentovat
• Proveďte se všemi používanými disky
• Provádíme 1x za měsíc

3)Aktualizace programů
FileHippo.com Update Checker

• Stáhneme a nainstalujeme program(Při instalaci odškrkneme volbu Run at Startup )
• Spustíme program
• Program vyhledá nainstalované programy v PC a zjistí dostupné aktualizace
• Poté se vám otevře internetová stránka,kde budou nabídnuté aplikace k aktualizování
  >X Updates Detected..to jsou dostupné aktualizace..
  > klikneme na zelenou šipečku a stáhneme program,poté nainstalujeme jeho aktuální verzi
  > X Beta Updates Detected..tyto aktualizace nestahujte,jedná se o betaverze,které jsou ve vývoji a jsou nestabilní
• Provádíme 1x za 14 dní nebo jednou za měsíc

Jak se chová PC + nový RSIT

[ladisnb]

počítač už nabíhá jak má. Log vložím dnes večer děkuji

[chodnik74]

Fajn zítra na ten log mrknu dobrou noc

[ladisnb]

omlouvám se že píšu až ted ale musel pracovně odjet a přítelkyně si počítač vzala... funguje bez problému jenom zvuk jí nejde ale to už snad bude detail. Díky za pomoc posílám sms

[chodnik74]

Zkuste přeinstalovat ovladače zvukovky Nemáte za co Rád jsem vám pomohl..