VIRY.CZ

Zdravím,

poslím log z RSITu, jestli by jste se toho mohl někdo ujmout, poslední dobou začaly vyskakovat různé chyby, které viditelně nemají na chod systému vliv, možná je to trochu pomalejší, ale chtěl bych se ujistit jestli náhodou a případně co se mi tam dostalo.

díky moc

Logfile of random's system information tool 1.06 (written by random/random)
Run by Filip at 2013-02-09 09:26:18
Microsoft® Windows Vista™ Home Premium
System drive C: has 4 GB (4%) free of 114 GB
Total RAM: 1021 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:26, on 9.2.2013
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\Downloads\RSIT.exe
C:\Program Files\trend micro\Filip.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {6F08721A-1250-3D08-000F-0CAE3C2861E4} - C:\Windows\system32\icm332.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.1.10\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.1.10\AVG Secure Search_toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AppCallBurner] C:\Program Files\CallBurner\callburner.exe
O4 - HKCU\..\Run: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2283532105V3:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [5f805e177fa7c673482c92c255460b67] "C:\Users\Filip\AppData\Roaming\System.exe" ..
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: 5f805e177fa7c673482c92c255460b67.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: vToolbarUpdater14.0.1 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11263 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\At1.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-156152648-719443402-3832461393-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-156152648-719443402-3832461393-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2012-06-11 1524056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F08721A-1250-3D08-000F-0CAE3C2861E4}]
Java(tm) Plug-In 2 SSV Helper - C:\Windows\system32\icm332.dll [2006-11-02 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-01-09 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\14.0.1.10\AVG Secure Search_toolbar.dll [2013-01-07 1883976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-01-09 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\14.0.1.10\AVG Secure Search_toolbar.dll [2013-01-07 1883976]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2012-06-11 1524056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2011-08-28 1006264]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-01-14 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-01-14 7766016]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-01-14 81920]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-12-13 421160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2013-01-07 1100616]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-12-10 2254768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"Google Update"=C:\Users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-16 133104]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe [2012-05-25 6595928]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2011-06-16 1500160]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
"AppCallBurner"=C:\Program Files\CallBurner\callburner.exe [2011-01-31 5696512]
"HP Photosmart 5510 series (NET)"=C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2012-10-17 1837672]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2012-11-10 3093624]
"5f805e177fa7c673482c92c255460b67"=C:\Users\Filip\AppData\Roaming\System.exe [2013-01-20 107520]

C:\Users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
5f805e177fa7c673482c92c255460b67.exe
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c933f6cb-fbda-11df-a544-001b241cbf49}]
shell\AutoRun\command - F:\autoplay.exe

======List of files/folders created in the last 1 months======

2013-02-09 09:10:28 ----D---- C:\Program Files\trend micro
2013-02-09 09:10:27 ----D---- C:\rsit
2013-02-06 20:20:56 ----D---- C:\Users\Filip\AppData\Roaming\Xilisoft
2013-02-06 20:15:27 ----D---- C:\ProgramData\Xilisoft
2013-02-06 20:15:26 ----D---- C:\Program Files\Xilisoft
2013-02-06 19:53:33 ----D---- C:\Users\Filip\AppData\Roaming\Mozilla
2013-01-20 21:57:54 ----A---- C:\Users\Filip\AppData\Roaming\System.exe.tmp
2013-01-20 21:57:08 ----A---- C:\Users\Filip\AppData\Roaming\System.exe
2013-01-10 20:46:17 ----A---- C:\Windows\system32\XAudio2_7.dll
2013-01-10 20:46:17 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2013-01-10 20:46:15 ----A---- C:\Windows\system32\xactengine3_7.dll
2013-01-10 20:46:13 ----A---- C:\Windows\system32\d3dcsx_43.dll
2013-01-10 20:46:13 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2013-01-10 20:46:12 ----A---- C:\Windows\system32\d3dx11_43.dll
2013-01-10 20:46:12 ----A---- C:\Windows\system32\d3dx10_43.dll
2013-01-10 20:46:11 ----A---- C:\Windows\system32\D3DX9_43.dll
2013-01-10 20:46:10 ----A---- C:\Windows\system32\XAudio2_6.dll
2013-01-10 20:46:10 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2013-01-10 20:46:10 ----A---- C:\Windows\system32\xactengine3_6.dll
2013-01-10 20:46:10 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2013-01-10 20:46:08 ----A---- C:\Windows\system32\XAudio2_5.dll
2013-01-10 20:46:07 ----A---- C:\Windows\system32\xactengine3_5.dll
2013-01-10 20:46:05 ----A---- C:\Windows\system32\d3dcsx_42.dll
2013-01-10 20:46:04 ----A---- C:\Windows\system32\d3dx11_42.dll
2013-01-10 20:46:03 ----A---- C:\Windows\system32\d3dx10_42.dll
2013-01-10 20:45:59 ----A---- C:\Windows\system32\d3dx10_41.dll
2013-01-10 20:45:59 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2013-01-10 20:45:57 ----A---- C:\Windows\system32\XAudio2_4.dll
2013-01-10 20:45:57 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2013-01-10 20:45:56 ----A---- C:\Windows\system32\xactengine3_4.dll
2013-01-10 20:45:56 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2013-01-10 20:45:55 ----A---- C:\Windows\system32\xactengine3_2.dll
2013-01-10 20:44:37 ----HD---- C:\Windows\msdownld.tmp
2013-01-10 20:44:24 ----D---- C:\Windows\system32\directx
2013-01-10 20:44:21 ----D---- C:\Program Files\OpenAL
2013-01-10 20:44:21 ----A---- C:\Windows\system32\wrap_oal.dll
2013-01-10 20:44:21 ----A---- C:\Windows\system32\OpenAL32.dll
2013-01-10 20:41:13 ----D---- C:\Program Files\Snapshot

======List of files/folders modified in the last 1 months======

2013-02-09 09:26:19 ----D---- C:\Windows\Temp
2013-02-09 09:10:28 ----RD---- C:\Program Files
2013-02-09 08:26:28 ----D---- C:\Users\Filip\AppData\Roaming\Skype
2013-02-09 05:11:26 ----D---- C:\Users\Filip\AppData\Roaming\uTorrent
2013-02-07 20:32:38 ----D---- C:\Windows\Prefetch
2013-02-06 23:21:24 ----D---- C:\Windows\system32\catroot2
2013-02-06 20:23:16 ----D---- C:\Windows\System32
2013-02-06 20:23:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-02-06 20:23:15 ----D---- C:\Windows\inf
2013-02-06 20:17:12 ----SHD---- C:\Windows\Installer
2013-02-06 20:17:11 ----D---- C:\Windows\winsxs
2013-02-06 20:15:27 ----HD---- C:\ProgramData
2013-02-06 20:08:01 ----D---- C:\Windows\Tasks
2013-02-05 22:25:04 ----SHD---- C:\System Volume Information
2013-02-03 22:11:01 ----D---- C:\Users\Filip\AppData\Roaming\ICQ
2013-01-25 00:33:47 ----D---- C:\Users\Filip\AppData\Roaming\Winamp
2013-01-24 20:16:17 ----D---- C:\Users\Filip\AppData\Roaming\Media Player Classic
2013-01-23 20:59:42 ----D---- C:\Users\Filip\AppData\Roaming\DAEMON Tools Lite
2013-01-23 20:59:10 ----D---- C:\Windows\Panther
2013-01-23 20:59:10 ----D---- C:\Windows\ModemLogs
2013-01-23 20:59:10 ----D---- C:\Windows\Logs
2013-01-23 20:59:10 ----D---- C:\Windows
2013-01-23 20:57:10 ----D---- C:\Windows\system32\Tasks
2013-01-23 20:57:05 ----D---- C:\Program Files\CCleaner
2013-01-20 11:28:50 ----D---- C:\Program Files\Warcraft III
2013-01-17 01:28:58 ----N---- C:\Windows\system32\MpSigStub.exe
2013-01-13 18:34:47 ----D---- C:\tmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [2013-01-07 31576]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 59388]
R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-01-14 4452288]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2011-08-28 82432]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2006-11-02 9216]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2010-10-05 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2010-10-05 14120]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2006-11-02 11264]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2011-12-18 92672]
S3 acouqk5u;acouqk5u; C:\Windows\system32\drivers\acouqk5u.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2009-04-30 2687512]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2006-11-02 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 16240]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2011-12-18 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 1435568]
R2 TabletServicePen;TabletServicePen; C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service; C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 416112]
R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-07 945480]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-12-13 820008]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-12-21 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-08 251400]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-06-13 655624]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

-----------------EOF-----------------

Zdravím, tohle fixni v HJT :

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.1.10\AVG Secure Search_toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.1.10\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [5f805e177fa7c673482c92c255460b67] "C:\Users\Filip\AppData\Roaming\System.exe" ..

HJT najdeš zde :

C:\Program Files\trend micro\Filip.exe

Fix znamená že spustíš HJT Obrázek

jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.

Přes Odebrat programy odinstaluj Pando Media Booster (Pando Networks)

Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém

Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

jo díky moc, provedl jsem zatím všechno výše uvedené a tady je výpis

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.02.09.08

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Filip :: FILIP-PC [administrátor]

Ochrana: Povolena

10.2.2013 0:59:24
MBAM-log-2013-02-10 (01-09-42).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 205687
Uplynulý čas: 8 minut, 3 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 8
C:\Users\Filip\AppData\Roaming\System.exe (Trojan.Ransom) -> Nebyla provedena žádná instrukce.
C:\Users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5f805e177fa7c673482c92c255460b67.exe (Trojan.Ransom) -> Nebyla provedena žádná instrukce.
C:\Windows\System32\AACW.exe (Trojan.Dropper) -> Nebyla provedena žádná instrukce.
C:\Users\Filip\Downloads\installer_garena_plus.exe (PUP.BundleInstaller.PHP) -> Nebyla provedena žádná instrukce.
C:\Users\Filip\Downloads\DC005 (1).jpg (Trojan.MSIL.Inject) -> Nebyla provedena žádná instrukce.
C:\Users\Filip\Downloads\DC005.jpg (Trojan.MSIL.Inject) -> Nebyla provedena žádná instrukce.
C:\Users\Filip\Downloads\Mtcdc-nmc_14_dc_h-dh_minus_detective.exe (Adware.DirectDownloader) -> Nebyla provedena žádná instrukce.
C:\Users\Filip\AppData\Roaming\System.exe.tmp (Stolen.Data) -> Nebyla provedena žádná instrukce.

(konec)

Vše co Mbam našel nech smazat.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

V případě nejasností je ZDE obrázkový návod.

zdravím, tak zasílám log z combofixu

ComboFix 13-02-07.02 - Filip 11.02.2013 22:18:21.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1033.18.1021.512 [GMT 1:00]
Spuštěný z: c:\users\Filip\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-11 do 2013-02-11 )))))))))))))))))))))))))))))))
.
.
2013-02-11 21:28 . 2013-02-11 21:28 -------- d-----w- c:\users\Filip\AppData\Local\temp
2013-02-11 21:28 . 2013-02-11 21:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-02-11 21:28 . 2013-02-11 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-09 23:57 . 2013-02-09 23:57 -------- d-----w- c:\users\Filip\AppData\Roaming\Malwarebytes
2013-02-09 23:57 . 2013-02-09 23:57 -------- d-----w- c:\programdata\Malwarebytes
2013-02-09 23:57 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-09 23:57 . 2013-02-09 23:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-09 08:10 . 2013-02-09 23:43 -------- d-----w- c:\program files\trend micro
2013-02-09 08:10 . 2013-02-09 08:24 -------- d-----w- C:\rsit
2013-02-06 19:21 . 2013-02-06 19:21 -------- d-----w- c:\users\Filip\AppData\Local\Xilisoft
2013-02-06 19:20 . 2013-02-06 19:20 -------- d-----w- c:\users\Filip\AppData\Roaming\Xilisoft
2013-02-06 19:15 . 2013-02-06 19:15 -------- d-----w- c:\programdata\Xilisoft
2013-02-06 19:15 . 2013-02-06 19:15 -------- d-----w- c:\program files\Xilisoft
2013-02-05 21:26 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3D111D6-7985-493B-8F47-077586E3EA3D}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-11 20:10 . 2012-09-04 14:32 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-09 21:01 . 2012-07-05 08:04 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-09 21:01 . 2012-07-05 08:04 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 00:28 . 2010-12-16 22:49 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-10 19:44 . 2013-01-10 19:44 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2013-01-10 19:44 . 2013-01-10 19:44 110592 ----a-w- c:\windows\system32\OpenAL32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-11 20:10 1920688 ----a-w- c:\program files\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll" [2013-02-11 1920688]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-14 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-14 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-14 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-11 1124016]
.
c:\users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-15 20:02 35736 ----a-w- c:\program files\adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppCallBurner]
2011-01-31 06:41 5696512 ----a-w- c:\program files\CallBurner\callburner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-10 16:29 2254768 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 21:01]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-156152648-719443402-3832461393-1000Core.job
- c:\users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-16 22:14]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-156152648-719443402-3832461393-1000UA.job
- c:\users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-16 22:14]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-11 22:28
Windows 6.0.6000 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2013-02-11 22:31:55
ComboFix-quarantined-files.txt 2013-02-11 21:31
ComboFix2.txt 2013-02-11 20:46
.
Před spuštěním: 5 195 661 312 bytes free
Po spuštění: 5 170 749 440 bytes free
.
- - End Of File - - 2D3910B67D87EF1B76A83602972F1431

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

RegLock:: 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

Tak jestli sem to udělal správně, tak tohle mi vypadlo:

ComboFix 13-02-07.02 - Filip 12.02.2013 22:56:45.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1033.18.1021.543 [GMT 1:00]
Spuštěný z: c:\users\Filip\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Filip\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-12 do 2013-02-12 )))))))))))))))))))))))))))))))
.
.
2013-02-12 22:07 . 2013-02-12 22:07 -------- d-----w- c:\users\Filip\AppData\Local\temp
2013-02-12 22:07 . 2013-02-12 22:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-02-12 22:07 . 2013-02-12 22:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-09 23:57 . 2013-02-09 23:57 -------- d-----w- c:\users\Filip\AppData\Roaming\Malwarebytes
2013-02-09 23:57 . 2013-02-09 23:57 -------- d-----w- c:\programdata\Malwarebytes
2013-02-09 23:57 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-09 23:57 . 2013-02-09 23:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-09 08:10 . 2013-02-09 23:43 -------- d-----w- c:\program files\trend micro
2013-02-09 08:10 . 2013-02-09 08:24 -------- d-----w- C:\rsit
2013-02-06 19:21 . 2013-02-06 19:21 -------- d-----w- c:\users\Filip\AppData\Local\Xilisoft
2013-02-06 19:20 . 2013-02-06 19:20 -------- d-----w- c:\users\Filip\AppData\Roaming\Xilisoft
2013-02-06 19:15 . 2013-02-06 19:15 -------- d-----w- c:\programdata\Xilisoft
2013-02-06 19:15 . 2013-02-06 19:15 -------- d-----w- c:\program files\Xilisoft
2013-02-05 21:26 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3D111D6-7985-493B-8F47-077586E3EA3D}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-11 20:10 . 2012-09-04 14:32 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-09 21:01 . 2012-07-05 08:04 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-09 21:01 . 2012-07-05 08:04 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 00:28 . 2010-12-16 22:49 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-10 19:44 . 2013-01-10 19:44 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2013-01-10 19:44 . 2013-01-10 19:44 110592 ----a-w- c:\windows\system32\OpenAL32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-11 20:10 1920688 ----a-w- c:\program files\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll" [2013-02-11 1920688]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-14 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-14 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-14 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-11 1124016]
.
c:\users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-15 20:02 35736 ----a-w- c:\program files\adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppCallBurner]
2011-01-31 06:41 5696512 ----a-w- c:\program files\CallBurner\callburner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-10 16:29 2254768 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 21:01]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-156152648-719443402-3832461393-1000Core.job
- c:\users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-16 22:14]
.
2013-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-156152648-719443402-3832461393-1000UA.job
- c:\users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-16 22:14]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-12 23:07
Windows 6.0.6000 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2013-02-12 23:09:38
ComboFix-quarantined-files.txt 2013-02-12 22:09
ComboFix2.txt 2013-02-11 21:31
ComboFix3.txt 2013-02-11 20:46
.
Před spuštěním: 6 807 265 280 bytes free
Po spuštění: 6 815 039 488 bytes free
.
- - End Of File - - F74D445A49878EF79DE25B1D45A7BA91

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.

Pak dej vědět jaký je stav PC.

Jo díky, tak jsem to odstranil přes T cleaner, ale combofix odinstlaovat nešel, napsalo to že to nenašlo uninstall. No vypadá to v pořádku, ještě ten Malwarebytes mi akorád průběžně hlásí, že zabránil odeslání nějakých dat ...

bam_kanye píše:Jo díky, tak jsem to odstranil přes T cleaner, ale combofix odinstlaovat nešel, napsalo to že to nenašlo uninstall.

Pokud si nejdříve spustil T-Cleaner tak už ComboFix byl pryč.

bam_kanye píše:No vypadá to v pořádku, ještě ten Malwarebytes mi akorád průběžně hlásí, že zabránil odeslání nějakých dat ...

Píše co za softík to odeslá ?

Myslím že to není jen jeden, protože jednou to psalo o torrentu a jednou to myslim bylo neco s chromem

Pokud je to tak nevidím v tom problém, torrent kontroluje aktualizace a prohlížeč to samé.

U torrentu stačí zakázat spouštění po startu, s prohlížečem toho ale moc neuděláš.

Jestliže tě ty hlášky trápí stopni spouštění Mbam.

VIRY.CZ

prosím o kontrolu logu Díky!

prosím o kontrolu logu Díky!

Re: prosím o kontrolu logu Díky!

Re: prosím o kontrolu logu Díky!

Re: prosím o kontrolu logu Díky!

Re: prosím o kontrolu logu Díky!

Re: prosím o kontrolu logu Díky!

Re: prosím o kontrolu logu Díky!

Re: prosím o kontrolu logu Díky!

Re: prosím o kontrolu logu Díky!

Re: prosím o kontrolu logu Díky!

Re: prosím o kontrolu logu Díky!

Re: prosím o kontrolu logu Díky!