Prosím o kontrolu logu...myš si dělá co chce.

[mandra]

Dobrý den,

prosím o kontrolu logu z NTB v práci, zbláznily se mi obě myši, i ta externí.

Děkuji

Logfile of random's system information tool 1.09 (written by random/random)
Run by HelÄŤa at 2012-06-24 13:32:27
Microsoft Windows 7 Starter Service Pack 1
System drive C: has 76 GB (74%) free of 102 GB
Total RAM: 1014 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:32:50, on 24.6.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Asus\Eee Docking\Eee Docking.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Xerox Companion Suite\MFFSUM.exe
C:\Program Files\Xerox Companion Suite\MFPrintServer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Xerox Companion Suite\MFServices.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\taskhost.exe
C:\Program Files\O2\O2CZ\EMMSN.exe
C:\Program Files\O2\Nori\Nori.exe
C:\Users\HelÄŤa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HelÄŤa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\rundll32.exe
C:\Users\HelÄŤa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HelÄŤa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Users\HelÄŤa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HelÄŤa\Downloads\RSIT.exe
C:\Program Files\trend micro\HelÄŤa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=1955&gct=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [CapsHook] AsusSender.exe C:\Program Files\ASUS\CapsHook\CapsHook.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0A30FFF-F166-497B-B41F-1A868F672FF6}: NameServer = 160.218.161.60 194.228.211.33
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\windows\system32\AsusService.exe
O23 - Service: Session Launcher Service (FUSServices) - Unknown owner - C:\windows\system32\FUSServices.exe

--
End of file - 5832 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2117519805-2901314670-1855320360-1000Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2117519805-2901314670-1855320360-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-03-02 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-28 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-03-02 1089288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotkeyMon"=AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe []
"HotkeyService"=AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotkeyService.exe []
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-04-27 9177632]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-06-10 548744]
"ASUSPRP"=C:\Program Files\ASUS\APRP\APRP.EXE [2011-04-18 2018032]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-04-20 174360]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 931200]
"CapsHook"=AsusSender.exe C:\Program Files\ASUS\CapsHook\CapsHook.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage]
C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [2011-07-29 737104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [2011-01-07 414384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\HelÄŤa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-10 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\windows\system32\igfxtray.exe [2011-04-20 142104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MFFSum_Pro_LL2]
C:\Program Files\Xerox Companion Suite\MFFSUM.exe [2010-02-11 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MFPrintServer_Pro_LL2]
C:\Program Files\Xerox Companion Suite\MFPrintServer.exe [2010-02-11 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\windows\system32\igfxpers.exe [2011-04-20 150808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperHybridEngine]
AsusSender.exe C:\Program Files\ASUS\SHE\SuperHybridEngine.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk]
C:\PROGRA~1\Asus\AsusVibe\ASUSVI~2.EXE [2012-01-12 549040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^HelÄŤa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-12-13 1198592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\SYSTEM32\igfxdev.dll [2011-04-11 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-06-24 13:28:00 ----D---- C:\rsit
2012-06-24 13:28:00 ----D---- C:\Program Files\trend micro
2012-06-23 13:08:38 ----D---- C:\windows\pss
2012-06-21 07:13:25 ----A---- C:\windows\system32\wups2.dll
2012-06-21 07:13:24 ----A---- C:\windows\system32\wucltux.dll
2012-06-21 07:13:24 ----A---- C:\windows\system32\wuauclt.exe
2012-06-21 07:13:23 ----A---- C:\windows\system32\wuaueng.dll
2012-06-21 07:13:08 ----A---- C:\windows\system32\wups.dll
2012-06-21 07:13:08 ----A---- C:\windows\system32\wudriver.dll
2012-06-21 07:13:07 ----A---- C:\windows\system32\wuapi.dll
2012-06-21 07:12:51 ----A---- C:\windows\system32\wuwebv.dll
2012-06-21 07:12:51 ----A---- C:\windows\system32\wuapp.exe
2012-06-15 11:35:52 ----A---- C:\windows\system32\mshtmled.dll
2012-06-15 11:35:51 ----A---- C:\windows\system32\iertutil.dll
2012-06-15 11:35:50 ----A---- C:\windows\system32\ieui.dll
2012-06-15 11:35:49 ----A---- C:\windows\system32\jsproxy.dll
2012-06-15 11:35:49 ----A---- C:\windows\system32\ieUnatt.exe
2012-06-15 11:35:48 ----A---- C:\windows\system32\wininet.dll
2012-06-15 11:35:47 ----A---- C:\windows\system32\jscript.dll
2012-06-15 11:35:46 ----A---- C:\windows\system32\jscript9.dll
2012-06-15 11:35:45 ----A---- C:\windows\system32\url.dll
2012-06-15 11:35:43 ----A---- C:\windows\system32\urlmon.dll
2012-06-15 11:35:38 ----A---- C:\windows\system32\mshtml.dll
2012-06-15 11:35:36 ----A---- C:\windows\system32\ieframe.dll
2012-06-14 05:42:22 ----A---- C:\windows\system32\drivers\rdpwd.sys
2012-06-14 05:41:15 ----A---- C:\windows\system32\msi.dll
2012-06-14 05:41:05 ----A---- C:\windows\system32\win32k.sys
2012-06-14 05:40:58 ----A---- C:\windows\system32\rdpcorekmts.dll
2012-06-14 05:40:57 ----A---- C:\windows\system32\rdpwsx.dll
2012-06-14 05:40:56 ----A---- C:\windows\system32\rdrmemptylst.exe
2012-06-14 05:40:49 ----A---- C:\windows\system32\profsvc.dll
2012-06-14 05:40:15 ----A---- C:\windows\system32\crypt32.dll
2012-06-14 05:40:13 ----A---- C:\windows\system32\cryptsvc.dll
2012-06-14 05:40:12 ----A---- C:\windows\system32\cryptnet.dll

======List of files/folders modified in the last 1 month======

2012-06-24 13:31:59 ----D---- C:\windows\Prefetch
2012-06-24 13:28:00 ----RD---- C:\Program Files
2012-06-24 13:26:57 ----D---- C:\windows\Temp
2012-06-24 13:05:20 ----D---- C:\windows\inf
2012-06-24 08:23:49 ----D---- C:\windows\system32\config
2012-06-23 23:10:42 ----SHD---- C:\System Volume Information
2012-06-23 13:08:38 ----D---- C:\Windows
2012-06-23 13:05:18 ----D---- C:\windows\debug
2012-06-23 12:59:13 ----D---- C:\Program Files\CCleaner
2012-06-21 16:37:07 ----D---- C:\windows\rescache
2012-06-21 09:57:31 ----D---- C:\windows\winsxs
2012-06-21 09:57:08 ----D---- C:\windows\system32\cs-CZ
2012-06-21 09:57:08 ----D---- C:\windows\System32
2012-06-21 07:13:39 ----D---- C:\windows\system32\catroot
2012-06-19 13:33:46 ----D---- C:\windows\system32\NDF
2012-06-17 11:48:07 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-06-15 13:17:12 ----RSD---- C:\windows\assembly
2012-06-15 13:17:12 ----D---- C:\windows\Microsoft.NET
2012-06-15 12:09:32 ----D---- C:\windows\system32\migration
2012-06-15 12:09:32 ----D---- C:\windows\system32\drivers
2012-06-15 12:09:32 ----D---- C:\Program Files\Internet Explorer
2012-06-15 11:53:04 ----SHD---- C:\windows\Installer
2012-06-15 11:53:03 ----SHD---- C:\Config.Msi
2012-06-15 11:43:11 ----A---- C:\windows\system32\MRT.exe
2012-06-15 11:36:19 ----D---- C:\windows\system32\catroot2
2012-06-10 09:07:07 ----D---- C:\windows\system32\wdi
2012-06-03 17:09:06 ----D---- C:\windows\Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\drivers\iaStor.sys [2010-06-08 435736]
R0 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2012-03-20 171064]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 AsIO;AsIO; C:\windows\system32\drivers\AsIO.sys [2010-06-28 11456]
R1 AsUpIO;AsUpIO; C:\windows\system32\drivers\AsUpIO.sys [2010-08-03 11832]
R1 MpKslb7a2c885;MpKslb7a2c885; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1B66F487-6D0C-4252-9A0A-EC12F1FF6DB9}\MpKslb7a2c885.sys [2012-06-24 29904]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2009-10-05 1221632]
R3 ETD;ELAN PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys [2010-07-21 102912]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102912]
R3 hwusbdev;Huawei DataCard USB PNP Device; C:\windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2011-04-11 4815872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2010-04-27 3084256]
R3 kbfiltr;Keyboard Filter; C:\windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 13880]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x86.sys [2010-08-24 68208]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;OvladaÄŤ pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;OvladaÄŤ portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 BTHUSB;OvladaÄŤ rozhranĂ­ USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 btusbflt;Bluetooth USB Filter; C:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys []
S3 btwavdt;Bluetooth AVDT; C:\windows\system32\drivers\btwavdt.sys []
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys []
S3 btwrchid;btwrchid; C:\windows\system32\drivers\btwrchid.sys []
S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 usbscan;OvladaÄŤ skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 XMLDIUSB;XML USB Device Interface; C:\windows\System32\Drivers\XMLDIUSB.sys [2010-01-30 33152]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AsusService;Asus Launcher Service; C:\windows\system32\AsusService.exe [2010-12-07 224680]
R2 FUSServices;Session Launcher Service; C:\windows\system32\FUSServices.exe [2010-02-11 10752]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 11552]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 BBSvc;Bing Bar Update Service; C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]

-----------------EOF-----------------

[Rudy]

Zdravím!

prosím o kontrolu logu z NTB v práci....

Chcete říci, že tento NB je firemní?

[mandra]

Dobrý den,

nene, není firemní, je můj. Mám jej ale u svých rodičů v jedné hospůdce, kam jim chodím pomáhat a brouzdají na něm všichni. Proto jsem si ani neuvědomila, když jsem si psala o radu, a napsala, "že jsem v práci", že jej můžete považovat za firemní.

[Rudy]

OK. Dejte log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[mandra]

předně se omlouvám za zpoždění, byla jsem mimo.

Tady je log:


ComboFix 12-07-06.01 - Helča 06.07.2012 18:47:18.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1250.420.1029.18.1014.476 [GMT 2:00]
Spuštěný z: c:\users\HelŔa\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-06 do 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 16:58 . 2012-07-06 16:58 -------- d-----w- c:\users\Helča\AppData\Local\temp
2012-07-06 16:58 . 2012-07-06 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-05 16:18 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C67A9A3-7258-4931-BD5B-C316EA138E52}\mpengine.dll
2012-07-04 16:49 . 2012-02-10 13:12 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD63E81B-E157-4C07-BCFD-ACB96DD846D7}\gapaengine.dll
2012-07-04 16:48 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-24 11:28 . 2012-06-24 15:34 -------- d-----w- C:\rsit
2012-06-24 11:28 . 2012-06-24 11:34 -------- d-----w- c:\program files\trend micro
2012-06-24 11:10 . 2012-06-24 11:21 -------- d-----w- c:\users\Helča\AppData\Local\ElevatedDiagnostics
2012-06-21 05:13 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 05:13 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 05:13 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 05:13 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 05:13 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 05:13 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 05:13 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 05:12 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 05:12 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 03:42 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 03:41 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 03:41 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 03:40 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 03:40 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 03:40 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 03:40 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 03:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 03:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 03:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 17:46 . 2012-02-10 13:12 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CA445CB-168C-4E49-AF69-159399315F7B}\gapaengine.dll
2012-06-08 14:19 . 2012-06-08 14:19 -------- d-----w- c:\users\Helča\AppData\Local\{4650C471-DACD-4506-9531-D1E34DFEEF2A}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyMon"="AsusSender.exe" [2011-03-11 34728]
"HotkeyService"="AsusSender.exe" [2011-03-11 34728]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-27 9177632]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-06-10 548744]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2011-04-18 2018032]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 174360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"CapsHook"="AsusSender.exe" [2011-03-11 34728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
backup=c:\windows\pss\AsusVibeLauncher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Helča^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 11:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage]
2011-07-29 09:43 737104 ----a-w- c:\program files\Asus\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
2011-01-06 22:16 414384 ----a-w- c:\program files\Asus\Eee Docking\Eee Docking.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-10 21:33 136176 ----atw- c:\users\Helča\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-04-19 22:39 142104 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
2011-03-11 01:06 34728 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MFFSum_Pro_LL2]
2010-02-11 03:23 24576 ----a-w- c:\program files\Xerox Companion Suite\MFFSUM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MFPrintServer_Pro_LL2]
2010-02-11 03:19 73728 ----a-w- c:\program files\Xerox Companion Suite\MFPrintServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-04-19 22:39 150808 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperHybridEngine]
2011-03-11 01:06 34728 ----a-w- c:\windows\System32\AsusSender.exe
.
R2 FUSServices;Session Launcher Service;c:\windows\system32\FUSServices.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\Drivers\XMLDIUSB.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [x]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=1955&gct=hp
mStart Page =
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-07-06 19:02:49
ComboFix-quarantined-files.txt 2012-07-06 17:02
.
Před spuštěním: Volných bajtů: 79 357 652 992
Po spuštění: Volných bajtů: 79 142 608 896
.
- - End Of File - - 3176D2E293F0AE6A472FCEA2FAFC23A1

[Rudy]

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[mandra]

Combofix pracoval dost dlouho, a během toho mi systém napsal, že soubor PEV.exe přestal pracovat a vynutí jeho ukončení. Poté mi vyskočil log, ale nešlo nic spustit. Nemohla jsem znovu spustit rezidentní ochranu ani chrome. Hláška, že klíč je neplatný, určený k smazaní. Restartovala jsem NTB, ale teď nevím, kde najdu ten log z Combofix.

[Rudy]

Měl by být v c:\comobfix.txt.

[mandra]

jj...je tam. Já jej hledala přes vyhledávání a to mi nic nenašlo


ComboFix 12-07-06.01 - Helča 06.07.2012 20:30:52.2.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1250.420.1029.18.1014.455 [GMT 2:00]
Spuštěný z: c:\users\HelŔa\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\HelŔa\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-06 do 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 18:42 . 2012-07-06 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 18:24 . 2012-07-06 18:24 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85F73F6E-EF68-4998-90D8-FFA2577CC520}\offreg.dll
2012-07-06 17:06 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85F73F6E-EF68-4998-90D8-FFA2577CC520}\mpengine.dll
2012-07-06 17:02 . 2012-07-06 18:42 -------- d-----w- c:\users\Helča\AppData\Local\temp
2012-07-04 16:49 . 2012-02-10 13:12 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD63E81B-E157-4C07-BCFD-ACB96DD846D7}\gapaengine.dll
2012-07-04 16:48 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-24 11:28 . 2012-06-24 15:34 -------- d-----w- C:\rsit
2012-06-24 11:28 . 2012-06-24 11:34 -------- d-----w- c:\program files\trend micro
2012-06-24 11:10 . 2012-06-24 11:21 -------- d-----w- c:\users\Helča\AppData\Local\ElevatedDiagnostics
2012-06-21 05:13 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 05:13 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 05:13 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 05:13 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 05:13 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 05:13 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 05:13 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 05:12 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 05:12 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 03:42 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 03:41 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 03:41 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 03:40 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 03:40 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 03:40 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 03:40 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 03:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 03:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 03:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 17:46 . 2012-02-10 13:12 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CA445CB-168C-4E49-AF69-159399315F7B}\gapaengine.dll
2012-06-08 14:19 . 2012-06-08 14:19 -------- d-----w- c:\users\Helča\AppData\Local\{4650C471-DACD-4506-9531-D1E34DFEEF2A}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyMon"="AsusSender.exe" [2011-03-11 34728]
"HotkeyService"="AsusSender.exe" [2011-03-11 34728]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-27 9177632]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-06-10 548744]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2011-04-18 2018032]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 174360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"CapsHook"="AsusSender.exe" [2011-03-11 34728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
backup=c:\windows\pss\AsusVibeLauncher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Helča^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 11:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage]
2011-07-29 09:43 737104 ----a-w- c:\program files\Asus\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
2011-01-06 22:16 414384 ----a-w- c:\program files\Asus\Eee Docking\Eee Docking.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-10 21:33 136176 ----atw- c:\users\Helča\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-04-19 22:39 142104 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
2011-03-11 01:06 34728 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MFFSum_Pro_LL2]
2010-02-11 03:23 24576 ----a-w- c:\program files\Xerox Companion Suite\MFFSUM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MFPrintServer_Pro_LL2]
2010-02-11 03:19 73728 ----a-w- c:\program files\Xerox Companion Suite\MFPrintServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-04-19 22:39 150808 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperHybridEngine]
2011-03-11 01:06 34728 ----a-w- c:\windows\System32\AsusSender.exe
.
R2 FUSServices;Session Launcher Service;c:\windows\system32\FUSServices.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\Drivers\XMLDIUSB.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [x]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=1955&gct=hp
mStart Page =
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4528)
c:\progra~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL
.
Celkový čas: 2012-07-06 20:46:33
ComboFix-quarantined-files.txt 2012-07-06 18:46
ComboFix2.txt 2012-07-06 17:02
.
Před spuštěním: Volných bajtů: 79 182 376 960
Po spuštění: Volných bajtů: 79 139 553 280
.
- - End Of File - - 0050A444E89841A834D4B3A5CC7D10D6

[Rudy]

Myslím, že máte čisto. Nastala nějaká změna?

[mandra]

Ano...je po problému.

Mé díky k vám letí i s sms-kou. Děkuji

[Rudy]

Nemáte zač a my děkujeme za podporu!

[mandra]

ještě maličkost...combofixu se zbavím tím přejmenováním na uninstall.exe ?

Nechci jej tu nechávat, ať jej někdo nespustí...

[Rudy]

Startmenu>přík. řádek>(napsat) combofix /uninstall>Enter

[mandra]

Tak nevím, co dělám špatně, ale píše mi to toto:

Systém Windows nemůže najít položku combofix/uninstall. Ujistěte se, zda je název zadán správně, a akci opakujte.